Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect virus


  • This topic is locked This topic is locked
15 replies to this topic

#1 Lindarita

Lindarita

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Northern California
  • Local time:12:02 AM

Posted 12 July 2012 - 04:24 PM

Hello and thanks in advance for helping. I know you are all volunteers, and I'm very grateful for your time.

A few days ago my system (Windows 7 64bit) got infected with what I guess is a Google redirect virus. I use both IE 9 and Chrome and it happens on both. When clicking a link in Google search results, IE gives me a new tab with a spam site. In Chrome, I'm taken directly to the spam site; no new tab. The spam is always somehow related to the topic that I'm searching. If I tab back to the initial Google results and click the link a second time, it always takes me to the proper landing site; no spam. This problem doesn't occur with every Google link. Some work just fine. Probably 50-75% of links that I've tried are affected.

I use AVG but it obviously didn't detect the virus. Since this happened, we (my husband mostly, who understands this far better than I do) did "Deep Care" with Advanced System Care, and ran TDSSKiller. Both programs found and removed various problems. Unfortunately, we didn't keep notes on what either program detected, but a Trojan virus of some sort was found and removed at one point. But all of this did nothing to fix the Google redirect problem. We did some looking and found this site, and are hoping you might be able to help. Again, thanks.

DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Linda at 13:57:11 on 2012-07-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6111.4369 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\itunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Apoint\Apvfb.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://www.dellnet.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.sfgate.com/
uWindow Title = Internet Explorer provided by Dell
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Avery Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Avery Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [ArcSoft] rundll32.exe "C:\Users\Linda\AppData\Local\ATI\ArcSoft\svvag.dll",CreateInstance
uRun: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
mRun: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Linda\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INTUIT~1.LNK - C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~2.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=724
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{3BAB5AC4-0DD3-4A44-A593-140DCA105662} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{3BAB5AC4-0DD3-4A44-A593-140DCA105662}\2375942554231313 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{3BAB5AC4-0DD3-4A44-A593-140DCA105662}\2375942554438363 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{3BAB5AC4-0DD3-4A44-A593-140DCA105662}\2456C6B696E6F5E4B2F5243324439334 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{3BAB5AC4-0DD3-4A44-A593-140DCA105662}\C494E44414D2651494F4F5E4564777F627B6 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{5DBFBD58-DD01-4EFB-BBA9-EB13D11E42A6} : NameServer = 206.13.28.12
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: VESWinlogon - VESWinlogon.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO-X64: Canon Easy-WebPrint EX BHO - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Avery Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB-X64: Avery Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File
mRun-x64: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
mRun-x64: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun-x64: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-7-10 913792]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-9-26 375208]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2011-9-16 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]
R2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2012-3-9 1248256]
R2 regi;regi;\??\C:\Windows\system32\drivers\regi.sys --> C:\Windows\system32\drivers\regi.sys [?]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-9-4 189984]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2009-9-8 104960]
R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2009-9-8 411496]
R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-7-22 642920]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys --> C:\Windows\system32\DRIVERS\SFEP.sys [?]
R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
R3 WSDScan;WSD Scan Support via UMB;C:\Windows\system32\DRIVERS\WSDScan.sys --> C:\Windows\system32\DRIVERS\WSDScan.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-9-8 133104]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-26 250056]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-9-8 133104]
S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-9-8 120104]
S3 SOHDBSvr;VAIO Media plus Database Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-9-8 70952]
S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-9-8 427304]
S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-9-8 75048]
S3 SOHPlMgr;VAIO Media plus Playlist Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-9-8 91432]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-9-8 468264]
S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-9-8 357672]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-9-8 110888]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-07-12 16:25:40 -------- d-----w- C:\Users\Linda\AppData\Local\{F0E8EA4D-68C5-4D3A-BABF-C6ED99249CA9}
2012-07-12 16:25:26 -------- d-----w- C:\Users\Linda\AppData\Local\{897F027A-4ADF-49D8-AC7F-FC86910513EA}
2012-07-12 04:23:50 -------- d-----w- C:\Users\Linda\AppData\Local\{987E40D3-DCC4-45D5-A095-D426492A55C9}
2012-07-11 16:02:20 -------- d-----w- C:\Users\Linda\AppData\Local\{AC94D161-39E6-4BAF-A2AB-B9DA5F0C4DA1}
2012-07-11 16:02:07 -------- d-----w- C:\Users\Linda\AppData\Local\{804468E8-428F-488E-8214-571661E0B216}
2012-07-11 04:19:11 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-11 03:53:19 -------- d-----w- C:\Program Files (x86)\Oracle
2012-07-11 03:07:07 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-07-11 03:07:07 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-07-11 03:04:51 24448 ----a-w- C:\Windows\System32\RegistryDefragBootTime.exe
2012-07-11 02:26:49 -------- d-----w- C:\ProgramData\IObit
2012-07-11 02:26:37 -------- d-----w- C:\Users\Linda\AppData\Roaming\IObit
2012-07-11 02:26:32 -------- d-----w- C:\Program Files (x86)\IObit
2012-07-11 02:10:49 -------- d-----w- C:\Users\Linda\AppData\Roaming\ParetoLogic
2012-07-11 02:10:49 -------- d-----w- C:\Users\Linda\AppData\Roaming\DriverCure
2012-07-11 02:10:34 -------- d-----w- C:\ProgramData\ParetoLogic
2012-07-10 19:11:57 -------- d-----w- C:\Users\Linda\AppData\Local\{BA8596B2-C404-4C33-B93D-8745786002E4}
2012-07-10 19:11:45 -------- d-----w- C:\Users\Linda\AppData\Local\{F8321E92-DBD6-4F73-96CF-5CF6D3FBB8C7}
2012-07-10 08:28:06 -------- d-----w- C:\Users\Linda\AppData\Local\{28339FC0-A349-44CD-A257-5A13131C7B39}
2012-07-09 17:26:48 -------- d-----w- C:\Users\Linda\AppData\Local\{E79EF840-670F-4AC7-80A4-5182E7A1C5D4}
2012-07-09 17:26:37 -------- d-----w- C:\Users\Linda\AppData\Local\{66980D9F-4449-4A48-AFB3-2E9E34D52A73}
2012-07-09 05:26:23 -------- d-----w- C:\Users\Linda\AppData\Local\{A2341385-E22C-4727-B5DF-1ACF03996C2D}
2012-07-09 05:26:11 -------- d-----w- C:\Users\Linda\AppData\Local\{CD0FBEFB-9AD7-4F16-A050-2806B15B6073}
2012-07-08 17:25:58 -------- d-----w- C:\Users\Linda\AppData\Local\{D722DBA4-7748-4F7D-99BC-086EB9D686F4}
2012-07-08 17:25:47 -------- d-----w- C:\Users\Linda\AppData\Local\{5AE34939-EF9E-4576-8391-FF342C7BF73C}
2012-07-07 23:32:04 44032 ----a-w- C:\Windows\System32\drivers\RimSerial_AMD64.sys
2012-07-07 23:31:36 -------- d-----w- C:\ProgramData\Research In Motion
2012-07-07 23:31:07 -------- d-----w- C:\Program Files (x86)\Common Files\XCPCSync.OEM
2012-07-07 15:54:12 -------- d-----w- C:\Users\Linda\AppData\Local\{C49112D1-0175-4F94-A75B-3F50DAD1FD20}
2012-07-07 15:53:56 -------- d-----w- C:\Users\Linda\AppData\Local\{71CF0966-5A54-476F-8C5D-A277EB2A6663}
2012-07-06 16:45:16 -------- d-----w- C:\Users\Linda\AppData\Local\{B2CDA87C-5858-4894-8159-5FDDAA739F08}
2012-07-06 16:44:59 -------- d-----w- C:\Users\Linda\AppData\Local\{9C9C2883-A0D6-4155-9364-D6286D5659A2}
2012-07-05 16:03:16 -------- d-----w- C:\Users\Linda\AppData\Local\{94DB91B3-7968-4F2D-97CA-5F1D87C2CE14}
2012-07-05 16:02:51 -------- d-----w- C:\Users\Linda\AppData\Local\{2454AA49-F2C2-4EE1-BF6D-0E499DA5370B}
2012-07-04 16:20:10 -------- d-----w- C:\Users\Linda\AppData\Local\{580CF9B3-9FCA-40C0-8D2E-DE74B703E9AF}
2012-07-04 16:19:46 -------- d-----w- C:\Users\Linda\AppData\Local\{B42387B4-414D-40E2-B5B6-5ACB29FAFCE3}
2012-07-03 16:21:34 -------- d-----w- C:\Users\Linda\AppData\Local\{6E8A8E7F-D2FA-4CC5-ACB9-D8CC8CAF66FD}
2012-07-03 16:21:08 -------- d-----w- C:\Users\Linda\AppData\Local\{6BE580AB-6831-4452-9A0D-F605FE548BD3}
2012-07-02 16:28:54 -------- d-----w- C:\Users\Linda\AppData\Local\{43286D43-BCD3-422D-93EC-5A136061832D}
2012-07-02 16:28:35 -------- d-----w- C:\Users\Linda\AppData\Local\{5B0FCF5B-BE00-49BD-B138-D881EBF7C208}
2012-07-01 18:31:30 -------- d-----w- C:\Users\Linda\AppData\Local\{E661F71F-E373-4FA2-B92F-76582A7EFB54}
2012-07-01 18:31:18 -------- d-----w- C:\Users\Linda\AppData\Local\{C3B266CA-0A9E-4C69-A37C-11DED276DB97}
2012-07-01 04:02:17 -------- d-----w- C:\Users\Linda\AppData\Local\{01E05594-0322-473B-9393-7F0B2DE17AE2}
2012-07-01 04:02:06 -------- d-----w- C:\Users\Linda\AppData\Local\{635E153F-ABAA-4532-94B2-6BFFAC0B6E83}
2012-06-30 16:00:46 -------- d-----w- C:\Users\Linda\AppData\Local\{B54B1613-406C-45B8-BFD9-B02916CF4E29}
2012-06-30 16:00:29 -------- d-----w- C:\Users\Linda\AppData\Local\{7B407944-F5DD-4ACE-BE59-5AE540FFFED4}
2012-06-29 16:57:45 -------- d-----w- C:\Users\Linda\AppData\Local\{23A78C86-2FFA-42F9-B575-BB5B963C1B90}
2012-06-29 16:57:32 -------- d-----w- C:\Users\Linda\AppData\Local\{C4BCF37F-5492-4621-8996-E3585826B874}
2012-06-28 16:35:25 -------- d-----w- C:\Users\Linda\AppData\Local\{AFF5A682-B89A-4B78-9EBD-0B064D8F4918}
2012-06-28 16:35:00 -------- d-----w- C:\Users\Linda\AppData\Local\{80E4F2AB-1863-47F5-8E95-540012B7D17B}
2012-06-27 17:47:55 -------- d-----w- C:\Users\Linda\AppData\Local\{7B77CC8B-E6AD-46AE-8BEA-655366AF1A3E}
2012-06-27 17:47:18 -------- d-----w- C:\Users\Linda\AppData\Local\{5974215D-E435-46BA-82D9-93732028D378}
2012-06-26 16:42:14 -------- d-----w- C:\Users\Linda\AppData\Local\{86DA3F19-7F9F-481C-B57B-9B8E315B3639}
2012-06-26 16:42:00 -------- d-----w- C:\Users\Linda\AppData\Local\{FFB2D334-C30D-4F3C-BCC5-20286997E59A}
2012-06-25 16:00:45 -------- d-----w- C:\Users\Linda\AppData\Local\{B7D2F69B-CFC4-441C-8B74-411DFBA920AF}
2012-06-25 16:00:19 -------- d-----w- C:\Users\Linda\AppData\Local\{F7E6FAEB-B639-45E3-B5F6-2A5F46E3A16E}
2012-06-24 17:56:22 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-24 17:55:51 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-24 17:54:54 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-24 17:54:54 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-24 17:54:39 -------- d-----w- C:\Users\Linda\AppData\Local\{325684BB-CCA9-4B3A-8F2F-E9C90CE8DFB0}
2012-06-24 17:54:16 -------- d-----w- C:\Users\Linda\AppData\Local\{3C5860C8-9EE6-49A7-B8F1-187C991E1360}
2012-06-23 16:10:22 -------- d-----w- C:\Users\Linda\AppData\Local\{19271D3F-6171-4B5D-836B-926557E4F851}
2012-06-23 16:10:00 -------- d-----w- C:\Users\Linda\AppData\Local\{BA788E70-B0A9-4EE9-9E12-47CE4173CE18}
2012-06-13 21:54:53 -------- d-----w- C:\Users\Linda\AppData\Local\{4533D76D-D0EA-4893-AFE0-BD5135B6D776}
2012-06-13 21:54:41 -------- d-----w- C:\Users\Linda\AppData\Local\{1118A1AA-C57A-4ED4-8DA3-9D2FBFD251E2}
2012-06-13 20:08:21 -------- d-----w- C:\Program Files\iPod
2012-06-13 20:08:20 -------- d-----w- C:\Program Files\iTunes
2012-06-13 20:07:43 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-13 20:07:43 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-13 20:07:43 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-13 20:07:35 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-06-13 20:07:30 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-06-13 20:07:28 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-06-13 20:07:28 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-06-13 20:07:25 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-13 20:07:22 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-06-13 20:07:21 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-06-13 20:06:56 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-06-13 20:06:55 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-06-13 20:06:55 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-06-13 20:06:55 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-06-13 20:06:54 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-06-13 20:06:54 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-06-13 18:01:35 -------- d-----w- C:\Users\Linda\AppData\Local\{72486B3B-0EA9-4A0F-A76B-B4217A4A0792}
2012-06-13 05:10:04 -------- d-----w- C:\Users\Linda\AppData\Local\{F91A0AD5-3ECC-4EC0-B0B5-1826AF9096F5}
2012-06-13 05:09:43 -------- d-----w- C:\Users\Linda\AppData\Local\{C8D80CE5-0E4C-4443-8E08-F3387D30D9DF}
.
==================== Find3M ====================
.
2012-07-12 17:50:10 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 17:50:10 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-11 18:53:16 87488 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2012-07-11 18:53:12 34720 ----a-w- C:\Windows\System32\LMIport.dll
2012-07-11 18:53:11 80800 ----a-w- C:\Windows\System32\LMIinit.dll
2012-07-11 03:09:50 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 03:09:20 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-07-11 03:09:20 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-07-11 03:08:38 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-07-11 03:08:38 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-07-11 03:08:37 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-07-11 03:08:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-07-11 03:08:37 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-07-11 03:08:37 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-07-11 03:08:37 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-07-11 03:08:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-07-11 03:08:36 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-07-11 03:08:36 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-23 00:51:58 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll.000.bak
2012-05-20 17:49:25 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-05-20 17:49:25 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-05-05 02:29:22 772504 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-05-05 02:29:16 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-04-19 11:50:26 28480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2012-04-19 03:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-04-19 03:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
.
============= FINISH: 13:57:56.06 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:02 AM

Posted 12 July 2012 - 05:37 PM

Hello Lindarita,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.



Do you have a USB Flash drive you can use?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 Lindarita

Lindarita
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Northern California
  • Local time:12:02 AM

Posted 12 July 2012 - 05:56 PM

Hi Fireman4it! Thanks for your offer to help. Yes, I do have a USB flash drive. I actually have several: one that's reserved for backups only; the rest to copy files.

#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:02 AM

Posted 12 July 2012 - 05:59 PM

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.[*]The tool will start to run.[*]When the tool opens click Yes to disclaimer.[*]Press Scan button.[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list][/quote]

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 Lindarita

Lindarita
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Northern California
  • Local time:12:02 AM

Posted 12 July 2012 - 08:01 PM

We downloaded Farbar to a flash drive and ran it, but under "Advanced Boot Options" there is no "System Recovery Options" (maybe there's been an update to the software?). Within Advanced Boot Options we chose "Safe Mode with Command Prompt" and followed the final part of your instructions. Below is the file that was created:

Scan result of Farbar Recovery Scan Tool Version: 11-07-2012
Ran by Linda at 12-07-2012 17:42:35
Running from D:\
Service Pack 1 (X64) OS Language: English(US)
Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNTION PROPERLY.


============ One Month Created Files and Folders ==============

2012-07-12 17:30 - 2012-07-12 17:42 - 00000000 ____D C:\FRST
2012-07-12 14:00 - 2012-07-12 14:00 - 00003641 ____A C:\Users\Linda\Desktop\Attach.zip
2012-07-12 13:59 - 2012-07-12 13:59 - 00010898 ____A C:\Users\Linda\Desktop\Attach.txt
2012-07-12 13:58 - 2012-07-12 13:58 - 00034570 ____A C:\Users\Linda\Desktop\DDS.txt
2012-07-12 13:56 - 2012-07-12 13:56 - 00001101 ____A C:\Users\Linda\Desktop\dds - Shortcut.lnk
2012-07-12 13:52 - 2012-07-12 13:52 - 00607260 ____R (Swearware) C:\Users\Linda\Downloads\dds.scr
2012-07-12 09:25 - 2012-07-12 09:25 - 00000000 ____D C:\Users\Linda\AppData\Local\{F0E8EA4D-68C5-4D3A-BABF-C6ED99249CA9}
2012-07-12 09:25 - 2012-07-12 09:25 - 00000000 ____D C:\Users\Linda\AppData\Local\{897F027A-4ADF-49D8-AC7F-FC86910513EA}
2012-07-11 21:23 - 2012-07-11 21:23 - 00000000 ____D C:\Users\Linda\AppData\Local\{987E40D3-DCC4-45D5-A095-D426492A55C9}
2012-07-11 09:02 - 2012-07-11 09:02 - 00000000 ____D C:\Users\Linda\AppData\Local\{AC94D161-39E6-4BAF-A2AB-B9DA5F0C4DA1}
2012-07-11 09:02 - 2012-07-11 09:02 - 00000000 ____D C:\Users\Linda\AppData\Local\{804468E8-428F-488E-8214-571661E0B216}
2012-07-10 21:19 - 2012-07-10 21:29 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-07-10 21:15 - 2012-07-10 21:15 - 02135640 ____A (Kaspersky Lab ZAO) C:\Users\Linda\Downloads\tdsskiller.exe
2012-07-10 20:53 - 2012-07-10 20:53 - 00000000 ____D C:\Program Files (x86)\Oracle
2012-07-10 20:52 - 2012-05-04 19:29 - 00227720 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-07-10 20:51 - 2012-07-10 20:51 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-07-10 20:51 - 2012-07-10 20:51 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-07-10 20:43 - 2012-07-12 17:36 - 00000224 ____A C:\Windows\setupact.log
2012-07-10 20:43 - 2012-07-10 20:43 - 00000000 ____A C:\Windows\setuperr.log
2012-07-10 20:42 - 2012-07-12 17:36 - 00001488 ____A C:\Windows\PFRO.log
2012-07-10 20:11 - 2012-07-10 20:11 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-10 20:11 - 2012-07-10 20:11 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-10 20:11 - 2012-07-10 20:11 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-10 20:11 - 2012-07-10 20:11 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-10 20:11 - 2012-07-10 20:11 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-10 20:11 - 2012-07-10 20:11 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-10 20:11 - 2012-07-10 20:11 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-10 20:11 - 2012-07-10 20:11 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-10 20:11 - 2012-07-10 20:11 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-10 20:11 - 2012-07-10 20:11 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-10 20:11 - 2012-07-10 20:11 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-10 20:11 - 2012-07-10 20:11 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-10 20:11 - 2012-07-10 20:11 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-10 20:11 - 2012-07-10 20:11 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-07-10 20:11 - 2012-07-10 20:11 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-10 20:10 - 2012-07-10 20:10 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-10 20:10 - 2012-07-10 20:10 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-10 20:09 - 2012-07-10 20:09 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-10 20:09 - 2012-07-10 20:09 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-10 20:09 - 2012-07-10 20:09 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-10 20:08 - 2012-07-10 20:08 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-10 20:08 - 2012-07-10 20:08 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-10 20:08 - 2012-07-10 20:08 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-10 20:08 - 2012-07-10 20:08 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-10 20:08 - 2012-07-10 20:08 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-10 20:08 - 2012-07-10 20:08 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-10 20:08 - 2012-07-10 20:08 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-10 20:08 - 2012-07-10 20:08 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-10 20:08 - 2012-07-10 20:08 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-10 20:08 - 2012-07-10 20:08 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-10 20:08 - 2012-07-10 20:08 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-10 20:08 - 2012-07-10 20:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-10 20:08 - 2012-07-10 20:08 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-10 20:08 - 2012-07-10 20:08 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-10 20:08 - 2012-07-10 20:08 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-10 20:08 - 2012-07-10 20:08 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-10 20:08 - 2012-07-10 20:08 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-10 20:08 - 2012-07-10 20:08 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-10 20:08 - 2012-07-10 20:08 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-10 20:08 - 2012-07-10 20:08 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-10 20:08 - 2012-07-10 20:08 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-10 20:08 - 2012-07-10 20:08 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-10 20:08 - 2012-07-10 20:08 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-10 20:08 - 2012-07-10 20:08 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-10 20:08 - 2012-07-10 20:08 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-10 20:08 - 2012-07-10 20:08 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-10 20:08 - 2012-07-10 20:08 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-10 20:08 - 2012-07-10 20:08 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-10 20:07 - 2012-07-10 20:07 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-07-10 20:07 - 2012-07-10 20:07 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-07-10 20:04 - 2012-05-24 10:47 - 00024448 ____A (IObit) C:\Windows\System32\RegistryDefragBootTime.exe
2012-07-10 19:26 - 2012-07-10 19:26 - 00001272 ____A C:\Users\Public\Desktop\Uninstaller.lnk
2012-07-10 19:26 - 2012-07-10 19:26 - 00001221 ____A C:\Users\Public\Desktop\Advanced SystemCare 5.lnk
2012-07-10 19:26 - 2012-07-10 19:26 - 00000000 ____D C:\Users\Linda\AppData\Roaming\IObit
2012-07-10 19:26 - 2012-07-10 19:26 - 00000000 ____D C:\Users\All Users\IObit
2012-07-10 19:26 - 2012-07-10 19:26 - 00000000 ____D C:\Program Files (x86)\IObit
2012-07-10 19:25 - 2012-07-10 19:25 - 27070144 ____A (IObit ) C:\Users\Linda\Downloads\asc-setup.exe
2012-07-10 19:10 - 2012-07-10 20:34 - 00000000 ____D C:\Users\All Users\ParetoLogic
2012-07-10 19:10 - 2012-07-10 19:10 - 00000000 ____D C:\Users\Linda\AppData\Roaming\ParetoLogic
2012-07-10 19:10 - 2012-07-10 19:10 - 00000000 ____D C:\Users\Linda\AppData\Roaming\DriverCure
2012-07-10 18:28 - 2012-07-10 18:28 - 00000679 ____A C:\Users\Linda\Documents\Linda - Shortcut.lnk
2012-07-10 13:26 - 2012-07-03 03:13 - 57442464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
2012-07-10 12:11 - 2012-07-10 12:12 - 00000000 ____D C:\Users\Linda\AppData\Local\{BA8596B2-C404-4C33-B93D-8745786002E4}
2012-07-10 12:11 - 2012-07-10 12:11 - 00000000 ____D C:\Users\Linda\AppData\Local\{F8321E92-DBD6-4F73-96CF-5CF6D3FBB8C7}
2012-07-10 01:28 - 2012-07-10 01:28 - 00000000 ____D C:\Users\Linda\AppData\Local\{28339FC0-A349-44CD-A257-5A13131C7B39}
2012-07-09 10:26 - 2012-07-09 10:26 - 00000000 ____D C:\Users\Linda\AppData\Local\{E79EF840-670F-4AC7-80A4-5182E7A1C5D4}
2012-07-09 10:26 - 2012-07-09 10:26 - 00000000 ____D C:\Users\Linda\AppData\Local\{66980D9F-4449-4A48-AFB3-2E9E34D52A73}
2012-07-08 22:26 - 2012-07-08 22:26 - 00000000 ____D C:\Users\Linda\AppData\Local\{CD0FBEFB-9AD7-4F16-A050-2806B15B6073}
2012-07-08 22:26 - 2012-07-08 22:26 - 00000000 ____D C:\Users\Linda\AppData\Local\{A2341385-E22C-4727-B5DF-1ACF03996C2D}
2012-07-08 10:25 - 2012-07-08 10:26 - 00000000 ____D C:\Users\Linda\AppData\Local\{D722DBA4-7748-4F7D-99BC-086EB9D686F4}
2012-07-08 10:25 - 2012-07-08 10:25 - 00000000 ____D C:\Users\Linda\AppData\Local\{5AE34939-EF9E-4576-8391-FF342C7BF73C}
2012-07-07 16:35 - 2012-07-07 16:35 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf
2012-07-07 16:34 - 2012-07-07 16:53 - 00000231 ____A C:\Users\Linda\AppData\Roaming\Rim.Transcoder.Exception.log
2012-07-07 16:32 - 2012-07-07 16:32 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf
2012-07-07 16:32 - 2011-07-20 14:58 - 00044032 ____A (Research in Motion Ltd) C:\Windows\System32\Drivers\RimSerial_AMD64.sys
2012-07-07 16:31 - 2012-07-07 16:31 - 00000000 ____D C:\Users\All Users\Research In Motion
2012-07-07 14:50 - 2012-07-07 14:50 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2012-07-07 08:54 - 2012-07-07 08:54 - 00000000 ____D C:\Users\Linda\AppData\Local\{C49112D1-0175-4F94-A75B-3F50DAD1FD20}
2012-07-07 08:53 - 2012-07-07 08:54 - 00000000 ____D C:\Users\Linda\AppData\Local\{71CF0966-5A54-476F-8C5D-A277EB2A6663}
2012-07-06 09:45 - 2012-07-06 09:45 - 00000000 ____D C:\Users\Linda\AppData\Local\{B2CDA87C-5858-4894-8159-5FDDAA739F08}
2012-07-06 09:44 - 2012-07-06 09:45 - 00000000 ____D C:\Users\Linda\AppData\Local\{9C9C2883-A0D6-4155-9364-D6286D5659A2}
2012-07-05 09:03 - 2012-07-05 09:03 - 00000000 ____D C:\Users\Linda\AppData\Local\{94DB91B3-7968-4F2D-97CA-5F1D87C2CE14}
2012-07-05 09:02 - 2012-07-05 09:03 - 00000000 ____D C:\Users\Linda\AppData\Local\{2454AA49-F2C2-4EE1-BF6D-0E499DA5370B}
2012-07-04 09:20 - 2012-07-04 09:20 - 00000000 ____D C:\Users\Linda\AppData\Local\{580CF9B3-9FCA-40C0-8D2E-DE74B703E9AF}
2012-07-04 09:19 - 2012-07-04 09:20 - 00000000 ____D C:\Users\Linda\AppData\Local\{B42387B4-414D-40E2-B5B6-5ACB29FAFCE3}
2012-07-03 09:21 - 2012-07-03 09:21 - 00000000 ____D C:\Users\Linda\AppData\Local\{6E8A8E7F-D2FA-4CC5-ACB9-D8CC8CAF66FD}
2012-07-03 09:21 - 2012-07-03 09:21 - 00000000 ____D C:\Users\Linda\AppData\Local\{6BE580AB-6831-4452-9A0D-F605FE548BD3}
2012-07-02 09:28 - 2012-07-02 09:29 - 00000000 ____D C:\Users\Linda\AppData\Local\{43286D43-BCD3-422D-93EC-5A136061832D}
2012-07-02 09:28 - 2012-07-02 09:28 - 00000000 ____D C:\Users\Linda\AppData\Local\{5B0FCF5B-BE00-49BD-B138-D881EBF7C208}
2012-07-01 11:31 - 2012-07-01 11:31 - 00000000 ____D C:\Users\Linda\AppData\Local\{E661F71F-E373-4FA2-B92F-76582A7EFB54}
2012-07-01 11:31 - 2012-07-01 11:31 - 00000000 ____D C:\Users\Linda\AppData\Local\{C3B266CA-0A9E-4C69-A37C-11DED276DB97}
2012-06-30 21:02 - 2012-06-30 21:02 - 00000000 ____D C:\Users\Linda\AppData\Local\{635E153F-ABAA-4532-94B2-6BFFAC0B6E83}
2012-06-30 21:02 - 2012-06-30 21:02 - 00000000 ____D C:\Users\Linda\AppData\Local\{01E05594-0322-473B-9393-7F0B2DE17AE2}
2012-06-30 09:00 - 2012-06-30 09:00 - 00000000 ____D C:\Users\Linda\AppData\Local\{B54B1613-406C-45B8-BFD9-B02916CF4E29}
2012-06-30 09:00 - 2012-06-30 09:00 - 00000000 ____D C:\Users\Linda\AppData\Local\{7B407944-F5DD-4ACE-BE59-5AE540FFFED4}
2012-06-29 09:57 - 2012-06-29 09:57 - 00000000 ____D C:\Users\Linda\AppData\Local\{C4BCF37F-5492-4621-8996-E3585826B874}
2012-06-29 09:57 - 2012-06-29 09:57 - 00000000 ____D C:\Users\Linda\AppData\Local\{23A78C86-2FFA-42F9-B575-BB5B963C1B90}
2012-06-28 09:35 - 2012-06-28 09:35 - 00000000 ____D C:\Users\Linda\AppData\Local\{AFF5A682-B89A-4B78-9EBD-0B064D8F4918}
2012-06-28 09:35 - 2012-06-28 09:35 - 00000000 ____D C:\Users\Linda\AppData\Local\{80E4F2AB-1863-47F5-8E95-540012B7D17B}
2012-06-27 10:47 - 2012-06-27 10:48 - 00000000 ____D C:\Users\Linda\AppData\Local\{7B77CC8B-E6AD-46AE-8BEA-655366AF1A3E}
2012-06-27 10:47 - 2012-06-27 10:47 - 00000000 ____D C:\Users\Linda\AppData\Local\{5974215D-E435-46BA-82D9-93732028D378}
2012-06-26 09:42 - 2012-06-26 09:42 - 00000000 ____D C:\Users\Linda\AppData\Local\{FFB2D334-C30D-4F3C-BCC5-20286997E59A}
2012-06-26 09:42 - 2012-06-26 09:42 - 00000000 ____D C:\Users\Linda\AppData\Local\{86DA3F19-7F9F-481C-B57B-9B8E315B3639}
2012-06-25 09:00 - 2012-06-25 09:00 - 00000000 ____D C:\Users\Linda\AppData\Local\{F7E6FAEB-B639-45E3-B5F6-2A5F46E3A16E}
2012-06-25 09:00 - 2012-06-25 09:00 - 00000000 ____D C:\Users\Linda\AppData\Local\{B7D2F69B-CFC4-441C-8B74-411DFBA920AF}
2012-06-24 10:56 - 2012-06-02 15:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-24 10:56 - 2012-06-02 15:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-24 10:56 - 2012-06-02 15:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-24 10:56 - 2012-06-02 15:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-24 10:55 - 2012-06-02 15:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-24 10:55 - 2012-06-02 15:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-24 10:55 - 2012-06-02 15:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-24 10:54 - 2012-06-24 10:54 - 00000000 ____D C:\Users\Linda\AppData\Local\{3C5860C8-9EE6-49A7-B8F1-187C991E1360}
2012-06-24 10:54 - 2012-06-24 10:54 - 00000000 ____D C:\Users\Linda\AppData\Local\{325684BB-CCA9-4B3A-8F2F-E9C90CE8DFB0}
2012-06-24 10:54 - 2012-06-02 15:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-24 10:54 - 2012-06-02 15:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-23 09:10 - 2012-06-23 09:10 - 00000000 ____D C:\Users\Linda\AppData\Local\{BA788E70-B0A9-4EE9-9E12-47CE4173CE18}
2012-06-23 09:10 - 2012-06-23 09:10 - 00000000 ____D C:\Users\Linda\AppData\Local\{19271D3F-6171-4B5D-836B-926557E4F851}
2012-06-13 14:54 - 2012-06-13 14:55 - 00000000 ____D C:\Users\Linda\AppData\Local\{4533D76D-D0EA-4893-AFE0-BD5135B6D776}
2012-06-13 14:54 - 2012-06-13 14:54 - 00000000 ____D C:\Users\Linda\AppData\Local\{1118A1AA-C57A-4ED4-8DA3-9D2FBFD251E2}
2012-06-13 13:08 - 2012-06-13 13:08 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-06-13 13:08 - 2012-06-13 13:08 - 00000000 ____D C:\Program Files\iTunes
2012-06-13 13:08 - 2012-06-13 13:08 - 00000000 ____D C:\Program Files\iPod
2012-06-13 13:07 - 2012-05-04 04:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-13 13:07 - 2012-05-04 03:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-13 13:07 - 2012-05-04 03:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-13 13:07 - 2012-04-30 22:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-13 13:07 - 2012-04-27 20:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-13 13:07 - 2012-04-25 22:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-13 13:07 - 2012-04-25 22:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-13 13:07 - 2012-04-25 22:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-13 13:07 - 2012-04-07 05:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-13 13:07 - 2012-04-07 04:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-06-13 13:06 - 2012-04-23 22:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-13 13:06 - 2012-04-23 22:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-13 13:06 - 2012-04-23 22:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-13 13:06 - 2012-04-23 21:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-06-13 13:06 - 2012-04-23 21:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-06-13 13:06 - 2012-04-23 21:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-06-13 11:01 - 2012-06-13 11:01 - 00000000 ____D C:\Users\Linda\AppData\Local\{72486B3B-0EA9-4A0F-A76B-B4217A4A0792}
2012-06-12 22:10 - 2012-06-12 22:10 - 00000000 ____D C:\Users\Linda\AppData\Local\{F91A0AD5-3ECC-4EC0-B0B5-1826AF9096F5}
2012-06-12 22:09 - 2012-06-12 22:10 - 00000000 ____D C:\Users\Linda\AppData\Local\{C8D80CE5-0E4C-4443-8E08-F3387D30D9DF}
2012-06-12 09:24 - 2012-06-12 09:24 - 00000000 ____D C:\Users\Linda\AppData\Local\{8D9F4AE7-AEE9-4865-A3DE-CC0CB2D3DA86}
2012-06-12 09:24 - 2012-06-12 09:24 - 00000000 ____D C:\Users\Linda\AppData\Local\{5DCCB7A1-7762-4D8F-8893-33BB249A40DF}
2012-06-12 02:04 - 2012-06-12 02:04 - 00000000 ____D C:\Users\Linda\AppData\Local\{58821338-6DA4-4176-8234-ADCBFA8AA0A9}


============ 3 Months Modified Files ========================

2012-07-12 17:38 - 2009-12-01 19:07 - 01890884 ____A C:\Windows\WindowsUpdate.log
2012-07-12 17:37 - 2009-09-08 06:01 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-12 17:36 - 2012-07-10 20:43 - 00000224 ____A C:\Windows\setupact.log
2012-07-12 17:36 - 2012-07-10 20:42 - 00001488 ____A C:\Windows\PFRO.log
2012-07-12 17:36 - 2009-07-13 22:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-12 17:30 - 2009-07-13 22:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-12 17:23 - 2009-09-08 06:01 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-12 16:50 - 2012-04-26 08:38 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-12 14:00 - 2012-07-12 14:00 - 00003641 ____A C:\Users\Linda\Desktop\Attach.zip
2012-07-12 13:59 - 2012-07-12 13:59 - 00010898 ____A C:\Users\Linda\Desktop\Attach.txt
2012-07-12 13:58 - 2012-07-12 13:58 - 00034570 ____A C:\Users\Linda\Desktop\DDS.txt
2012-07-12 13:56 - 2012-07-12 13:56 - 00001101 ____A C:\Users\Linda\Desktop\dds - Shortcut.lnk
2012-07-12 13:52 - 2012-07-12 13:52 - 00607260 ____R (Swearware) C:\Users\Linda\Downloads\dds.scr
2012-07-12 10:50 - 2012-04-26 08:38 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-12 10:50 - 2011-06-07 11:38 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-12 09:27 - 2009-09-08 06:01 - 00002340 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-07-11 11:53 - 2011-10-26 18:36 - 00087488 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIRfsClientNP.dll
2012-07-11 11:53 - 2011-10-26 18:36 - 00080800 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIinit.dll
2012-07-11 11:53 - 2011-10-26 18:36 - 00034720 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIport.dll
2012-07-10 21:40 - 2009-07-13 21:45 - 00010096 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-10 21:40 - 2009-07-13 21:45 - 00010096 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-10 21:15 - 2012-07-10 21:15 - 02135640 ____A (Kaspersky Lab ZAO) C:\Users\Linda\Downloads\tdsskiller.exe
2012-07-10 20:51 - 2012-07-10 20:51 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-07-10 20:51 - 2012-07-10 20:51 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-07-10 20:43 - 2012-07-10 20:43 - 00000000 ____A C:\Windows\setuperr.log
2012-07-10 20:31 - 2009-07-13 22:08 - 00032574 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-10 20:23 - 2009-07-13 21:45 - 00384472 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-10 20:11 - 2012-07-10 20:11 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-10 20:11 - 2012-07-10 20:11 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-10 20:11 - 2012-07-10 20:11 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-10 20:11 - 2012-07-10 20:11 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-10 20:11 - 2012-07-10 20:11 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-10 20:11 - 2012-07-10 20:11 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-10 20:11 - 2012-07-10 20:11 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-10 20:11 - 2012-07-10 20:11 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-10 20:11 - 2012-07-10 20:11 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-10 20:11 - 2012-07-10 20:11 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-10 20:11 - 2012-07-10 20:11 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-10 20:11 - 2012-07-10 20:11 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-10 20:11 - 2012-07-10 20:11 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-10 20:11 - 2012-07-10 20:11 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-07-10 20:11 - 2012-07-10 20:11 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-10 20:10 - 2012-07-10 20:10 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-10 20:10 - 2012-07-10 20:10 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-10 20:09 - 2012-07-10 20:09 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-10 20:09 - 2012-07-10 20:09 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-10 20:09 - 2012-07-10 20:09 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-10 20:08 - 2012-07-10 20:08 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-10 20:08 - 2012-07-10 20:08 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-10 20:08 - 2012-07-10 20:08 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-10 20:08 - 2012-07-10 20:08 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-10 20:08 - 2012-07-10 20:08 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-10 20:08 - 2012-07-10 20:08 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-10 20:08 - 2012-07-10 20:08 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-10 20:08 - 2012-07-10 20:08 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-10 20:08 - 2012-07-10 20:08 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-10 20:08 - 2012-07-10 20:08 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-10 20:08 - 2012-07-10 20:08 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-10 20:08 - 2012-07-10 20:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-10 20:08 - 2012-07-10 20:08 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-10 20:08 - 2012-07-10 20:08 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-10 20:08 - 2012-07-10 20:08 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-10 20:08 - 2012-07-10 20:08 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-10 20:08 - 2012-07-10 20:08 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-10 20:08 - 2012-07-10 20:08 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-10 20:08 - 2012-07-10 20:08 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-10 20:08 - 2012-07-10 20:08 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-10 20:08 - 2012-07-10 20:08 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-10 20:08 - 2012-07-10 20:08 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-10 20:08 - 2012-07-10 20:08 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-10 20:08 - 2012-07-10 20:08 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-10 20:08 - 2012-07-10 20:08 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-10 20:08 - 2012-07-10 20:08 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-10 20:08 - 2012-07-10 20:08 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-10 20:08 - 2012-07-10 20:08 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-10 20:07 - 2012-07-10 20:07 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-07-10 20:07 - 2012-07-10 20:07 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-07-10 19:26 - 2012-07-10 19:26 - 00001272 ____A C:\Users\Public\Desktop\Uninstaller.lnk
2012-07-10 19:26 - 2012-07-10 19:26 - 00001221 ____A C:\Users\Public\Desktop\Advanced SystemCare 5.lnk
2012-07-10 19:25 - 2012-07-10 19:25 - 27070144 ____A (IObit ) C:\Users\Linda\Downloads\asc-setup.exe
2012-07-10 18:28 - 2012-07-10 18:28 - 00000679 ____A C:\Users\Linda\Documents\Linda - Shortcut.lnk
2012-07-07 16:53 - 2012-07-07 16:34 - 00000231 ____A C:\Users\Linda\AppData\Roaming\Rim.Transcoder.Exception.log
2012-07-07 16:53 - 2012-04-28 09:42 - 00000462 ____A C:\Users\Linda\AppData\Roaming\Rim.DesktopHelper.Exception.log
2012-07-07 16:53 - 2010-09-20 09:37 - 00002849 ____A C:\Users\Linda\AppData\Roaming\Rim.Desktop.Exception.log
2012-07-07 16:35 - 2012-07-07 16:35 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf
2012-07-07 16:32 - 2012-07-07 16:32 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf
2012-07-07 16:32 - 2010-08-12 16:01 - 00004975 ____A C:\Users\Linda\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-07-07 16:31 - 2010-08-12 16:01 - 00002231 ____A C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk
2012-07-07 14:50 - 2012-07-07 14:50 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2012-07-07 14:50 - 2012-01-11 18:41 - 00009216 ____A C:\Users\Linda\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-07-06 09:52 - 2011-10-11 10:41 - 00000965 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2012-07-03 03:19 - 2010-01-07 10:07 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-03 03:13 - 2012-07-10 13:26 - 57442464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
2012-06-13 13:08 - 2012-06-13 13:08 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-06-02 15:19 - 2012-06-24 10:56 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 15:19 - 2012-06-24 10:56 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 15:19 - 2012-06-24 10:56 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 15:19 - 2012-06-24 10:55 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 15:19 - 2012-06-24 10:55 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 15:19 - 2012-06-24 10:54 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 15:15 - 2012-06-24 10:56 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 15:15 - 2012-06-24 10:55 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 15:15 - 2012-06-24 10:54 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-24 10:47 - 2012-07-10 20:04 - 00024448 ____A (IObit) C:\Windows\System32\RegistryDefragBootTime.exe
2012-05-22 17:51 - 2011-10-26 18:36 - 00087456 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIRfsClientNP.dll.000.bak
2012-05-20 10:49 - 2012-05-20 10:49 - 00499712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2012-05-20 10:49 - 2012-05-20 10:49 - 00348160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2012-05-20 10:49 - 2012-05-20 10:49 - 00272896 ____A (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2012-05-20 10:49 - 2012-05-20 10:49 - 00198832 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2012-05-20 10:49 - 2012-05-20 10:49 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2012-05-20 10:49 - 2012-05-20 10:49 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2012-05-16 12:44 - 2012-05-16 12:44 - 00001845 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-05-04 19:29 - 2012-07-10 20:52 - 00227720 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-05-04 19:29 - 2012-05-07 14:47 - 00772504 ____A (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2012-05-04 19:29 - 2010-05-08 09:09 - 00687504 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-05-04 09:05 - 2011-01-08 18:14 - 00000090 ____A C:\Windows\QBChanUtil_Trigger.ini
2012-05-04 04:06 - 2012-06-13 13:07 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 03:03 - 2012-06-13 13:07 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 03:03 - 2012-06-13 13:07 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-04-30 22:40 - 2012-06-13 13:07 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 20:55 - 2012-06-13 13:07 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-27 10:08 - 2012-04-27 10:08 - 06801982 ____A C:\Users\Linda\Documents\LoaderBackup-(2012-04-27).ipd
2012-04-25 22:41 - 2012-06-13 13:07 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 22:41 - 2012-06-13 13:07 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 22:34 - 2012-06-13 13:07 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-23 22:37 - 2012-06-13 13:06 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 22:37 - 2012-06-13 13:06 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 22:37 - 2012-06-13 13:06 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 21:36 - 2012-06-13 13:06 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 21:36 - 2012-06-13 13:06 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 21:36 - 2012-06-13 13:06 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-19 04:50 - 2012-04-19 04:50 - 00028480 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidsha.sys
2012-04-18 20:56 - 2012-04-18 20:56 - 00094208 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx
2012-04-18 20:56 - 2012-04-18 20:56 - 00069632 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts


ZeroAccess:
C:\Users\Linda\AppData\Local\{fb91fb6a-83be-9b99-b605-f5f9131d9af3}
C:\Users\Linda\AppData\Local\{fb91fb6a-83be-9b99-b605-f5f9131d9af3}\@
C:\Users\Linda\AppData\Local\{fb91fb6a-83be-9b99-b605-f5f9131d9af3}\L
C:\Users\Linda\AppData\Local\{fb91fb6a-83be-9b99-b605-f5f9131d9af3}\U
C:\Users\Linda\AppData\Local\{fb91fb6a-83be-9b99-b605-f5f9131d9af3}\L\00000004.@
C:\Users\Linda\AppData\Local\{fb91fb6a-83be-9b99-b605-f5f9131d9af3}\L\1afb2d56
C:\Users\Linda\AppData\Local\{fb91fb6a-83be-9b99-b605-f5f9131d9af3}\U\00000004.@
C:\Users\Linda\AppData\Local\{fb91fb6a-83be-9b99-b605-f5f9131d9af3}\U\00000008.@
C:\Users\Linda\AppData\Local\{fb91fb6a-83be-9b99-b605-f5f9131d9af3}\U\000000cb.@
C:\Users\Linda\AppData\Local\{fb91fb6a-83be-9b99-b605-f5f9131d9af3}\U\80000000.@
C:\Users\Linda\AppData\Local\{fb91fb6a-83be-9b99-b605-f5f9131d9af3}\U\80000032.@
C:\Users\Linda\AppData\Local\{fb91fb6a-83be-9b99-b605-f5f9131d9af3}\U\80000064.@

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 18%
Total physical RAM: 6111.02 MB
Available physical RAM: 4979.04 MB
Total Pagefile: 12220.24 MB
Available Pagefile: 11103.75 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:457.68 GB) (Free:391.27 GB) NTFS
2 Drive d: (LEXAR) (Removable) (Total:0.97 GB) (Free:0.97 GB) FAT

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 Online 991 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 8171 MB 1024 KB
Partition 2 Primary 100 MB 8172 MB
Partition 3 Primary 457 GB 8 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 Recovery NTFS Partition 8171 MB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 System Rese NTFS Partition 100 MB Healthy System (partition with boot components)

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 457 GB Healthy Boot

==================================================================================

Partitions of Disk 3:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 991 MB 16 KB

==================================================================================

Disk: 3
Partition 1
Type : 04
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 D LEXAR FAT Removable 991 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-08 09:51

======================= End Of Log ==========================

#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:02 AM

Posted 12 July 2012 - 08:19 PM

Hello

We don't run Frst before we boot into advanced boot options. Please read the directions carefully. From the Advanced Boot Options select Repair your Computer. You will then see the System Recovery Option Menu and from there you will see the Command Prompt option. From there you can run Frst following the directions I gave you.


Please try it again.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 Lindarita

Lindarita
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Northern California
  • Local time:12:02 AM

Posted 12 July 2012 - 09:18 PM

My apologies, Fireman4it. I misunderstood your instructions. Went back an redid it booting from the installation disk and got the Repair Your Computer option. Here are the results. Hope this is what you are looking for. Again, thanks!

Scan result of Farbar Recovery Scan Tool Version: 11-07-2012
Ran by SYSTEM at 12-07-2012 18:59:00
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7938080 2009-07-23] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-07-23] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Apoint] %ProgramFiles%\Apoint\Apoint.exe [208384 2009-08-03] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1680976 2010-10-28] (Logitech, Inc.)
HKLM\...\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon [767312 2009-09-03] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2710856 2009-11-01] (CANON INC.)
HKLM\...\Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" [57928 2011-09-16] (LogMeIn, Inc.)
HKLM-x32\...\Run: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup [80384 2009-09-02] (Sony Electronics Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" [317288 2009-05-26] (Sony Corporation)
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2587008 2012-04-05] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup [2215768 2011-09-30] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-23] (CANON INC.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot [296056 2012-05-20] (RealNetworks, Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKU\Linda\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-09-08] (Google Inc.)
HKU\Linda\...\Run: [ArcSoft] rundll32.exe "C:\Users\Linda\AppData\Local\ATI\ArcSoft\svvag.dll",CreateInstance [914944 2012-07-09] (Microsoft Corporation)
HKU\Linda\...\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart [288128 2012-05-28] (IObit)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{5DBFBD58-DD01-4EFB-BBA9-EB13D11E42A6}: [NameServer]206.13.28.12
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE (Intuit Inc.)
Startup: C:\Users\Linda\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Services (Whitelisted) ======

3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
2 AdvancedSystemCareService5; C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [913792 2012-05-26] (IObit)
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" [5160568 2012-07-04] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
2 IviRegMgr; "C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe" [112152 2007-01-04] (InterVideo)
2 LMIGuardianSvc; "C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe" [375208 2012-07-11] (LogMeIn, Inc.)
2 LMIMaint; "C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe" [147368 2012-07-11] (LogMeIn, Inc.)
2 LogMeIn; "C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe" [407424 2011-09-16] (LogMeIn, Inc.)
2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [189984 2009-07-23] (Realtek Semiconductor)
3 SOHDBSvr; "C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe" [70952 2009-07-27] (Sony Corporation)
3 SOHPlMgr; "C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe" [91432 2009-07-27] (Sony Corporation)
2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
3 Vcsw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -RunBySCM [313264 2009-07-23] (Sony Corporation)

========================== Drivers (Whitelisted) =============

3 ArcSoftKsUFilter; C:\Windows\System32\Drivers\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [289872 2012-02-22] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [383808 2012-03-19] (AVG Technologies CZ, s.r.o.)
2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [15928 2011-09-16] (LogMeIn, Inc.)
3 lmimirr; C:\Windows\System32\Drivers\lmimirr.sys [11552 2011-09-16] (LogMeIn, Inc.)
2 LMIRfsDriver; C:\Windows\System32\Drivers\LMIRfsDriver.sys [72216 2011-09-16] (LogMeIn, Inc.)
2 rimsptsk; C:\Windows\system32\DRIVERS\rimssn64.sys [86528 2009-07-31] (REDC)
2 risdptsk; C:\Windows\system32\DRIVERS\risdsn64.sys [76288 2009-07-31] (REDC)
4 LMIRfsClientNP; [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-12 16:30 - 2012-07-12 16:42 - 00000000 ____D C:\FRST
2012-07-12 13:00 - 2012-07-12 13:00 - 00003641 ____A C:\Users\Linda\Desktop\Attach.zip
2012-07-12 12:59 - 2012-07-12 12:59 - 00010898 ____A C:\Users\Linda\Desktop\Attach.txt
2012-07-12 12:58 - 2012-07-12 12:58 - 00034570 ____A C:\Users\Linda\Desktop\DDS.txt
2012-07-12 12:56 - 2012-07-12 12:56 - 00001101 ____A C:\Users\Linda\Desktop\dds - Shortcut.lnk
2012-07-12 12:52 - 2012-07-12 12:52 - 00607260 ____R (Swearware) C:\Users\Linda\Downloads\dds.scr
2012-07-12 08:25 - 2012-07-12 08:25 - 00000000 ____D C:\Users\Linda\AppData\Local\{F0E8EA4D-68C5-4D3A-BABF-C6ED99249CA9}
2012-07-12 08:25 - 2012-07-12 08:25 - 00000000 ____D C:\Users\Linda\AppData\Local\{897F027A-4ADF-49D8-AC7F-FC86910513EA}
2012-07-11 20:23 - 2012-07-11 20:23 - 00000000 ____D C:\Users\Linda\AppData\Local\{987E40D3-DCC4-45D5-A095-D426492A55C9}
2012-07-11 08:02 - 2012-07-11 08:02 - 00000000 ____D C:\Users\Linda\AppData\Local\{AC94D161-39E6-4BAF-A2AB-B9DA5F0C4DA1}
2012-07-11 08:02 - 2012-07-11 08:02 - 00000000 ____D C:\Users\Linda\AppData\Local\{804468E8-428F-488E-8214-571661E0B216}
2012-07-10 20:19 - 2012-07-10 20:29 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-07-10 20:15 - 2012-07-10 20:15 - 02135640 ____A (Kaspersky Lab ZAO) C:\Users\Linda\Downloads\tdsskiller.exe
2012-07-10 19:53 - 2012-07-10 19:53 - 00000000 ____D C:\Program Files (x86)\Oracle
2012-07-10 19:52 - 2012-05-04 18:29 - 00227720 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-07-10 19:51 - 2012-07-10 19:51 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-07-10 19:51 - 2012-07-10 19:51 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-07-10 19:43 - 2012-07-12 17:46 - 00000336 ____A C:\Windows\setupact.log
2012-07-10 19:43 - 2012-07-10 19:43 - 00000000 ____A C:\Windows\setuperr.log
2012-07-10 19:42 - 2012-07-12 16:36 - 00001488 ____A C:\Windows\PFRO.log
2012-07-10 19:11 - 2012-07-10 19:11 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-10 19:11 - 2012-07-10 19:11 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-10 19:11 - 2012-07-10 19:11 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-10 19:11 - 2012-07-10 19:11 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-10 19:11 - 2012-07-10 19:11 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-10 19:11 - 2012-07-10 19:11 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-10 19:11 - 2012-07-10 19:11 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-10 19:11 - 2012-07-10 19:11 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-10 19:11 - 2012-07-10 19:11 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-10 19:11 - 2012-07-10 19:11 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-10 19:11 - 2012-07-10 19:11 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-10 19:11 - 2012-07-10 19:11 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-10 19:11 - 2012-07-10 19:11 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-10 19:11 - 2012-07-10 19:11 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-07-10 19:11 - 2012-07-10 19:11 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-10 19:10 - 2012-07-10 19:10 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-10 19:10 - 2012-07-10 19:10 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-10 19:09 - 2012-07-10 19:09 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-10 19:09 - 2012-07-10 19:09 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-10 19:09 - 2012-07-10 19:09 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-10 19:08 - 2012-07-10 19:08 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-10 19:08 - 2012-07-10 19:08 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-10 19:08 - 2012-07-10 19:08 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-10 19:08 - 2012-07-10 19:08 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-10 19:08 - 2012-07-10 19:08 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-10 19:08 - 2012-07-10 19:08 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-10 19:08 - 2012-07-10 19:08 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-10 19:08 - 2012-07-10 19:08 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-10 19:08 - 2012-07-10 19:08 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-10 19:08 - 2012-07-10 19:08 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-10 19:08 - 2012-07-10 19:08 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-10 19:08 - 2012-07-10 19:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-10 19:08 - 2012-07-10 19:08 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-10 19:08 - 2012-07-10 19:08 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-10 19:08 - 2012-07-10 19:08 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-10 19:08 - 2012-07-10 19:08 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-10 19:08 - 2012-07-10 19:08 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-10 19:08 - 2012-07-10 19:08 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-10 19:08 - 2012-07-10 19:08 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-10 19:08 - 2012-07-10 19:08 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-10 19:08 - 2012-07-10 19:08 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-10 19:08 - 2012-07-10 19:08 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-10 19:08 - 2012-07-10 19:08 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-10 19:08 - 2012-07-10 19:08 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-10 19:08 - 2012-07-10 19:08 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-10 19:08 - 2012-07-10 19:08 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-10 19:08 - 2012-07-10 19:08 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-10 19:08 - 2012-07-10 19:08 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-10 19:07 - 2012-07-10 19:07 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-07-10 19:07 - 2012-07-10 19:07 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-07-10 19:04 - 2012-05-24 09:47 - 00024448 ____A (IObit) C:\Windows\System32\RegistryDefragBootTime.exe
2012-07-10 18:26 - 2012-07-10 18:26 - 00001272 ____A C:\Users\Public\Desktop\Uninstaller.lnk
2012-07-10 18:26 - 2012-07-10 18:26 - 00001221 ____A C:\Users\Public\Desktop\Advanced SystemCare 5.lnk
2012-07-10 18:26 - 2012-07-10 18:26 - 00000000 ____D C:\Users\Linda\AppData\Roaming\IObit
2012-07-10 18:26 - 2012-07-10 18:26 - 00000000 ____D C:\Users\All Users\IObit
2012-07-10 18:26 - 2012-07-10 18:26 - 00000000 ____D C:\Program Files (x86)\IObit
2012-07-10 18:25 - 2012-07-10 18:25 - 27070144 ____A (IObit ) C:\Users\Linda\Downloads\asc-setup.exe
2012-07-10 18:10 - 2012-07-10 19:34 - 00000000 ____D C:\Users\All Users\ParetoLogic
2012-07-10 18:10 - 2012-07-10 18:10 - 00000000 ____D C:\Users\Linda\AppData\Roaming\ParetoLogic
2012-07-10 18:10 - 2012-07-10 18:10 - 00000000 ____D C:\Users\Linda\AppData\Roaming\DriverCure
2012-07-10 17:28 - 2012-07-10 17:28 - 00000679 ____A C:\Users\Linda\Documents\Linda - Shortcut.lnk
2012-07-10 12:26 - 2012-07-03 02:13 - 57442464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
2012-07-10 11:11 - 2012-07-10 11:12 - 00000000 ____D C:\Users\Linda\AppData\Local\{BA8596B2-C404-4C33-B93D-8745786002E4}
2012-07-10 11:11 - 2012-07-10 11:11 - 00000000 ____D C:\Users\Linda\AppData\Local\{F8321E92-DBD6-4F73-96CF-5CF6D3FBB8C7}
2012-07-10 00:28 - 2012-07-10 00:28 - 00000000 ____D C:\Users\Linda\AppData\Local\{28339FC0-A349-44CD-A257-5A13131C7B39}
2012-07-09 09:26 - 2012-07-09 09:26 - 00000000 ____D C:\Users\Linda\AppData\Local\{E79EF840-670F-4AC7-80A4-5182E7A1C5D4}
2012-07-09 09:26 - 2012-07-09 09:26 - 00000000 ____D C:\Users\Linda\AppData\Local\{66980D9F-4449-4A48-AFB3-2E9E34D52A73}
2012-07-08 21:26 - 2012-07-08 21:26 - 00000000 ____D C:\Users\Linda\AppData\Local\{CD0FBEFB-9AD7-4F16-A050-2806B15B6073}
2012-07-08 21:26 - 2012-07-08 21:26 - 00000000 ____D C:\Users\Linda\AppData\Local\{A2341385-E22C-4727-B5DF-1ACF03996C2D}
2012-07-08 09:25 - 2012-07-08 09:26 - 00000000 ____D C:\Users\Linda\AppData\Local\{D722DBA4-7748-4F7D-99BC-086EB9D686F4}
2012-07-08 09:25 - 2012-07-08 09:25 - 00000000 ____D C:\Users\Linda\AppData\Local\{5AE34939-EF9E-4576-8391-FF342C7BF73C}
2012-07-07 15:35 - 2012-07-07 15:35 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf
2012-07-07 15:34 - 2012-07-07 15:53 - 00000231 ____A C:\Users\Linda\AppData\Roaming\Rim.Transcoder.Exception.log
2012-07-07 15:32 - 2012-07-07 15:32 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf
2012-07-07 15:32 - 2011-07-20 13:58 - 00044032 ____A (Research in Motion Ltd) C:\Windows\System32\Drivers\RimSerial_AMD64.sys
2012-07-07 15:31 - 2012-07-07 15:31 - 00000000 ____D C:\Users\All Users\Research In Motion
2012-07-07 13:50 - 2012-07-07 13:50 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2012-07-07 07:54 - 2012-07-07 07:54 - 00000000 ____D C:\Users\Linda\AppData\Local\{C49112D1-0175-4F94-A75B-3F50DAD1FD20}
2012-07-07 07:53 - 2012-07-07 07:54 - 00000000 ____D C:\Users\Linda\AppData\Local\{71CF0966-5A54-476F-8C5D-A277EB2A6663}
2012-07-06 08:45 - 2012-07-06 08:45 - 00000000 ____D C:\Users\Linda\AppData\Local\{B2CDA87C-5858-4894-8159-5FDDAA739F08}
2012-07-06 08:44 - 2012-07-06 08:45 - 00000000 ____D C:\Users\Linda\AppData\Local\{9C9C2883-A0D6-4155-9364-D6286D5659A2}
2012-07-05 08:03 - 2012-07-05 08:03 - 00000000 ____D C:\Users\Linda\AppData\Local\{94DB91B3-7968-4F2D-97CA-5F1D87C2CE14}
2012-07-05 08:02 - 2012-07-05 08:03 - 00000000 ____D C:\Users\Linda\AppData\Local\{2454AA49-F2C2-4EE1-BF6D-0E499DA5370B}
2012-07-04 08:20 - 2012-07-04 08:20 - 00000000 ____D C:\Users\Linda\AppData\Local\{580CF9B3-9FCA-40C0-8D2E-DE74B703E9AF}
2012-07-04 08:19 - 2012-07-04 08:20 - 00000000 ____D C:\Users\Linda\AppData\Local\{B42387B4-414D-40E2-B5B6-5ACB29FAFCE3}
2012-07-03 08:21 - 2012-07-03 08:21 - 00000000 ____D C:\Users\Linda\AppData\Local\{6E8A8E7F-D2FA-4CC5-ACB9-D8CC8CAF66FD}
2012-07-03 08:21 - 2012-07-03 08:21 - 00000000 ____D C:\Users\Linda\AppData\Local\{6BE580AB-6831-4452-9A0D-F605FE548BD3}
2012-07-02 08:28 - 2012-07-02 08:29 - 00000000 ____D C:\Users\Linda\AppData\Local\{43286D43-BCD3-422D-93EC-5A136061832D}
2012-07-02 08:28 - 2012-07-02 08:28 - 00000000 ____D C:\Users\Linda\AppData\Local\{5B0FCF5B-BE00-49BD-B138-D881EBF7C208}
2012-07-01 10:31 - 2012-07-01 10:31 - 00000000 ____D C:\Users\Linda\AppData\Local\{E661F71F-E373-4FA2-B92F-76582A7EFB54}
2012-07-01 10:31 - 2012-07-01 10:31 - 00000000 ____D C:\Users\Linda\AppData\Local\{C3B266CA-0A9E-4C69-A37C-11DED276DB97}
2012-06-30 20:02 - 2012-06-30 20:02 - 00000000 ____D C:\Users\Linda\AppData\Local\{635E153F-ABAA-4532-94B2-6BFFAC0B6E83}
2012-06-30 20:02 - 2012-06-30 20:02 - 00000000 ____D C:\Users\Linda\AppData\Local\{01E05594-0322-473B-9393-7F0B2DE17AE2}
2012-06-30 08:00 - 2012-06-30 08:00 - 00000000 ____D C:\Users\Linda\AppData\Local\{B54B1613-406C-45B8-BFD9-B02916CF4E29}
2012-06-30 08:00 - 2012-06-30 08:00 - 00000000 ____D C:\Users\Linda\AppData\Local\{7B407944-F5DD-4ACE-BE59-5AE540FFFED4}
2012-06-29 08:57 - 2012-06-29 08:57 - 00000000 ____D C:\Users\Linda\AppData\Local\{C4BCF37F-5492-4621-8996-E3585826B874}
2012-06-29 08:57 - 2012-06-29 08:57 - 00000000 ____D C:\Users\Linda\AppData\Local\{23A78C86-2FFA-42F9-B575-BB5B963C1B90}
2012-06-28 08:35 - 2012-06-28 08:35 - 00000000 ____D C:\Users\Linda\AppData\Local\{AFF5A682-B89A-4B78-9EBD-0B064D8F4918}
2012-06-28 08:35 - 2012-06-28 08:35 - 00000000 ____D C:\Users\Linda\AppData\Local\{80E4F2AB-1863-47F5-8E95-540012B7D17B}
2012-06-27 09:47 - 2012-06-27 09:48 - 00000000 ____D C:\Users\Linda\AppData\Local\{7B77CC8B-E6AD-46AE-8BEA-655366AF1A3E}
2012-06-27 09:47 - 2012-06-27 09:47 - 00000000 ____D C:\Users\Linda\AppData\Local\{5974215D-E435-46BA-82D9-93732028D378}
2012-06-26 08:42 - 2012-06-26 08:42 - 00000000 ____D C:\Users\Linda\AppData\Local\{FFB2D334-C30D-4F3C-BCC5-20286997E59A}
2012-06-26 08:42 - 2012-06-26 08:42 - 00000000 ____D C:\Users\Linda\AppData\Local\{86DA3F19-7F9F-481C-B57B-9B8E315B3639}
2012-06-25 08:00 - 2012-06-25 08:00 - 00000000 ____D C:\Users\Linda\AppData\Local\{F7E6FAEB-B639-45E3-B5F6-2A5F46E3A16E}
2012-06-25 08:00 - 2012-06-25 08:00 - 00000000 ____D C:\Users\Linda\AppData\Local\{B7D2F69B-CFC4-441C-8B74-411DFBA920AF}
2012-06-24 09:56 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-24 09:56 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-24 09:56 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-24 09:56 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-24 09:55 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-24 09:55 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-24 09:55 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-24 09:54 - 2012-06-24 09:54 - 00000000 ____D C:\Users\Linda\AppData\Local\{3C5860C8-9EE6-49A7-B8F1-187C991E1360}
2012-06-24 09:54 - 2012-06-24 09:54 - 00000000 ____D C:\Users\Linda\AppData\Local\{325684BB-CCA9-4B3A-8F2F-E9C90CE8DFB0}
2012-06-24 09:54 - 2012-06-02 14:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-24 09:54 - 2012-06-02 14:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-23 08:10 - 2012-06-23 08:10 - 00000000 ____D C:\Users\Linda\AppData\Local\{BA788E70-B0A9-4EE9-9E12-47CE4173CE18}
2012-06-23 08:10 - 2012-06-23 08:10 - 00000000 ____D C:\Users\Linda\AppData\Local\{19271D3F-6171-4B5D-836B-926557E4F851}
2012-06-13 13:54 - 2012-06-13 13:55 - 00000000 ____D C:\Users\Linda\AppData\Local\{4533D76D-D0EA-4893-AFE0-BD5135B6D776}
2012-06-13 13:54 - 2012-06-13 13:54 - 00000000 ____D C:\Users\Linda\AppData\Local\{1118A1AA-C57A-4ED4-8DA3-9D2FBFD251E2}
2012-06-13 12:08 - 2012-06-13 12:08 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-06-13 12:08 - 2012-06-13 12:08 - 00000000 ____D C:\Program Files\iTunes
2012-06-13 12:08 - 2012-06-13 12:08 - 00000000 ____D C:\Program Files\iPod
2012-06-13 12:07 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-13 12:07 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-13 12:07 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-13 12:07 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-13 12:07 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-13 12:07 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-13 12:07 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-13 12:07 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-13 12:07 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-13 12:07 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-06-13 12:06 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-13 12:06 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-13 12:06 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-13 12:06 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-06-13 12:06 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-06-13 12:06 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-06-13 10:01 - 2012-06-13 10:01 - 00000000 ____D C:\Users\Linda\AppData\Local\{72486B3B-0EA9-4A0F-A76B-B4217A4A0792}
2012-06-12 21:10 - 2012-06-12 21:10 - 00000000 ____D C:\Users\Linda\AppData\Local\{F91A0AD5-3ECC-4EC0-B0B5-1826AF9096F5}
2012-06-12 21:09 - 2012-06-12 21:10 - 00000000 ____D C:\Users\Linda\AppData\Local\{C8D80CE5-0E4C-4443-8E08-F3387D30D9DF}
2012-06-12 08:24 - 2012-06-12 08:24 - 00000000 ____D C:\Users\Linda\AppData\Local\{8D9F4AE7-AEE9-4865-A3DE-CC0CB2D3DA86}
2012-06-12 08:24 - 2012-06-12 08:24 - 00000000 ____D C:\Users\Linda\AppData\Local\{5DCCB7A1-7762-4D8F-8893-33BB249A40DF}
2012-06-12 01:04 - 2012-06-12 01:04 - 00000000 ____D C:\Users\Linda\AppData\Local\{58821338-6DA4-4176-8234-ADCBFA8AA0A9}


============ 3 Months Modified Files ========================

2012-07-12 17:50 - 2012-04-26 07:38 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-12 17:50 - 2009-12-01 18:07 - 01929375 ____A C:\Windows\WindowsUpdate.log
2012-07-12 17:50 - 2009-07-13 20:45 - 00010096 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-12 17:50 - 2009-07-13 20:45 - 00010096 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-12 17:46 - 2012-07-10 19:43 - 00000336 ____A C:\Windows\setupact.log
2012-07-12 17:46 - 2009-09-08 05:01 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-12 17:46 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-12 17:12 - 2009-09-08 05:01 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-12 16:36 - 2012-07-10 19:42 - 00001488 ____A C:\Windows\PFRO.log
2012-07-12 16:30 - 2009-07-13 21:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-12 13:00 - 2012-07-12 13:00 - 00003641 ____A C:\Users\Linda\Desktop\Attach.zip
2012-07-12 12:59 - 2012-07-12 12:59 - 00010898 ____A C:\Users\Linda\Desktop\Attach.txt
2012-07-12 12:58 - 2012-07-12 12:58 - 00034570 ____A C:\Users\Linda\Desktop\DDS.txt
2012-07-12 12:56 - 2012-07-12 12:56 - 00001101 ____A C:\Users\Linda\Desktop\dds - Shortcut.lnk
2012-07-12 12:52 - 2012-07-12 12:52 - 00607260 ____R (Swearware) C:\Users\Linda\Downloads\dds.scr
2012-07-12 09:50 - 2012-04-26 07:38 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-12 09:50 - 2011-06-07 10:38 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-12 08:27 - 2009-09-08 05:01 - 00002340 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-07-11 10:53 - 2011-10-26 17:36 - 00087488 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIRfsClientNP.dll
2012-07-11 10:53 - 2011-10-26 17:36 - 00080800 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIinit.dll
2012-07-11 10:53 - 2011-10-26 17:36 - 00034720 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIport.dll
2012-07-10 20:15 - 2012-07-10 20:15 - 02135640 ____A (Kaspersky Lab ZAO) C:\Users\Linda\Downloads\tdsskiller.exe
2012-07-10 19:51 - 2012-07-10 19:51 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-07-10 19:51 - 2012-07-10 19:51 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-07-10 19:43 - 2012-07-10 19:43 - 00000000 ____A C:\Windows\setuperr.log
2012-07-10 19:31 - 2009-07-13 21:08 - 00032574 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-10 19:23 - 2009-07-13 20:45 - 00384472 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-10 19:11 - 2012-07-10 19:11 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-10 19:11 - 2012-07-10 19:11 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-10 19:11 - 2012-07-10 19:11 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-10 19:11 - 2012-07-10 19:11 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-10 19:11 - 2012-07-10 19:11 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-10 19:11 - 2012-07-10 19:11 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-10 19:11 - 2012-07-10 19:11 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-10 19:11 - 2012-07-10 19:11 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-10 19:11 - 2012-07-10 19:11 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-10 19:11 - 2012-07-10 19:11 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-10 19:11 - 2012-07-10 19:11 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-10 19:11 - 2012-07-10 19:11 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-10 19:11 - 2012-07-10 19:11 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-10 19:11 - 2012-07-10 19:11 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-07-10 19:11 - 2012-07-10 19:11 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-10 19:10 - 2012-07-10 19:10 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-10 19:10 - 2012-07-10 19:10 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-10 19:09 - 2012-07-10 19:09 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-10 19:09 - 2012-07-10 19:09 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-10 19:09 - 2012-07-10 19:09 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-10 19:08 - 2012-07-10 19:08 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-10 19:08 - 2012-07-10 19:08 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-10 19:08 - 2012-07-10 19:08 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-10 19:08 - 2012-07-10 19:08 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-10 19:08 - 2012-07-10 19:08 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-10 19:08 - 2012-07-10 19:08 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-10 19:08 - 2012-07-10 19:08 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-10 19:08 - 2012-07-10 19:08 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-10 19:08 - 2012-07-10 19:08 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-10 19:08 - 2012-07-10 19:08 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-10 19:08 - 2012-07-10 19:08 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-10 19:08 - 2012-07-10 19:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-10 19:08 - 2012-07-10 19:08 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-10 19:08 - 2012-07-10 19:08 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-10 19:08 - 2012-07-10 19:08 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-10 19:08 - 2012-07-10 19:08 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-10 19:08 - 2012-07-10 19:08 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-10 19:08 - 2012-07-10 19:08 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-10 19:08 - 2012-07-10 19:08 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-10 19:08 - 2012-07-10 19:08 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-10 19:08 - 2012-07-10 19:08 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-10 19:08 - 2012-07-10 19:08 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-10 19:08 - 2012-07-10 19:08 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-10 19:08 - 2012-07-10 19:08 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-10 19:08 - 2012-07-10 19:08 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-10 19:08 - 2012-07-10 19:08 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-10 19:08 - 2012-07-10 19:08 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-10 19:08 - 2012-07-10 19:08 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-10 19:07 - 2012-07-10 19:07 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-07-10 19:07 - 2012-07-10 19:07 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-07-10 18:26 - 2012-07-10 18:26 - 00001272 ____A C:\Users\Public\Desktop\Uninstaller.lnk
2012-07-10 18:26 - 2012-07-10 18:26 - 00001221 ____A C:\Users\Public\Desktop\Advanced SystemCare 5.lnk
2012-07-10 18:25 - 2012-07-10 18:25 - 27070144 ____A (IObit ) C:\Users\Linda\Downloads\asc-setup.exe
2012-07-10 17:28 - 2012-07-10 17:28 - 00000679 ____A C:\Users\Linda\Documents\Linda - Shortcut.lnk
2012-07-07 15:53 - 2012-07-07 15:34 - 00000231 ____A C:\Users\Linda\AppData\Roaming\Rim.Transcoder.Exception.log
2012-07-07 15:53 - 2012-04-28 08:42 - 00000462 ____A C:\Users\Linda\AppData\Roaming\Rim.DesktopHelper.Exception.log
2012-07-07 15:53 - 2010-09-20 08:37 - 00002849 ____A C:\Users\Linda\AppData\Roaming\Rim.Desktop.Exception.log
2012-07-07 15:35 - 2012-07-07 15:35 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf
2012-07-07 15:32 - 2012-07-07 15:32 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf
2012-07-07 15:32 - 2010-08-12 15:01 - 00004975 ____A C:\Users\Linda\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-07-07 15:31 - 2010-08-12 15:01 - 00002231 ____A C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk
2012-07-07 13:50 - 2012-07-07 13:50 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2012-07-07 13:50 - 2012-01-11 17:41 - 00009216 ____A C:\Users\Linda\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-07-06 08:52 - 2011-10-11 09:41 - 00000965 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2012-07-03 02:19 - 2010-01-07 09:07 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-03 02:13 - 2012-07-10 12:26 - 57442464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
2012-06-13 12:08 - 2012-06-13 12:08 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-06-02 14:19 - 2012-06-24 09:56 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-24 09:56 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-24 09:56 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-24 09:55 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-24 09:55 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:19 - 2012-06-24 09:54 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 14:15 - 2012-06-24 09:56 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-24 09:55 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:15 - 2012-06-24 09:54 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-24 09:47 - 2012-07-10 19:04 - 00024448 ____A (IObit) C:\Windows\System32\RegistryDefragBootTime.exe
2012-05-22 16:51 - 2011-10-26 17:36 - 00087456 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIRfsClientNP.dll.000.bak
2012-05-20 09:49 - 2012-05-20 09:49 - 00499712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2012-05-20 09:49 - 2012-05-20 09:49 - 00348160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2012-05-20 09:49 - 2012-05-20 09:49 - 00272896 ____A (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2012-05-20 09:49 - 2012-05-20 09:49 - 00198832 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2012-05-20 09:49 - 2012-05-20 09:49 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2012-05-20 09:49 - 2012-05-20 09:49 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2012-05-16 11:44 - 2012-05-16 11:44 - 00001845 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-05-04 18:29 - 2012-07-10 19:52 - 00227720 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-05-04 18:29 - 2012-05-07 13:47 - 00772504 ____A (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2012-05-04 18:29 - 2010-05-08 08:09 - 00687504 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-05-04 08:05 - 2011-01-08 17:14 - 00000090 ____A C:\Windows\QBChanUtil_Trigger.ini
2012-05-04 03:06 - 2012-06-13 12:07 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-13 12:07 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-13 12:07 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-04-30 21:40 - 2012-06-13 12:07 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 19:55 - 2012-06-13 12:07 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-27 09:08 - 2012-04-27 09:08 - 06801982 ____A C:\Users\Linda\Documents\LoaderBackup-(2012-04-27).ipd
2012-04-25 21:41 - 2012-06-13 12:07 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-13 12:07 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-13 12:07 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-23 21:37 - 2012-06-13 12:06 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:37 - 2012-06-13 12:06 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:37 - 2012-06-13 12:06 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 20:36 - 2012-06-13 12:06 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:36 - 2012-06-13 12:06 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:36 - 2012-06-13 12:06 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-19 03:50 - 2012-04-19 03:50 - 00028480 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidsha.sys
2012-04-18 19:56 - 2012-04-18 19:56 - 00094208 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx
2012-04-18 19:56 - 2012-04-18 19:56 - 00069632 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts


ZeroAccess:
C:\Users\Linda\AppData\Local\{fb91fb6a-83be-9b99-b605-f5f9131d9af3}
C:\Users\Linda\AppData\Local\{fb91fb6a-83be-9b99-b605-f5f9131d9af3}\@
C:\Users\Linda\AppData\Local\{fb91fb6a-83be-9b99-b605-f5f9131d9af3}\L
C:\Users\Linda\AppData\Local\{fb91fb6a-83be-9b99-b605-f5f9131d9af3}\U
C:\Users\Linda\AppData\Local\{fb91fb6a-83be-9b99-b605-f5f9131d9af3}\L\00000004.@
C:\Users\Linda\AppData\Local\{fb91fb6a-83be-9b99-b605-f5f9131d9af3}\L\1afb2d56
C:\Users\Linda\AppData\Local\{fb91fb6a-83be-9b99-b605-f5f9131d9af3}\U\00000004.@
C:\Users\Linda\AppData\Local\{fb91fb6a-83be-9b99-b605-f5f9131d9af3}\U\00000008.@
C:\Users\Linda\AppData\Local\{fb91fb6a-83be-9b99-b605-f5f9131d9af3}\U\000000cb.@
C:\Users\Linda\AppData\Local\{fb91fb6a-83be-9b99-b605-f5f9131d9af3}\U\80000000.@
C:\Users\Linda\AppData\Local\{fb91fb6a-83be-9b99-b605-f5f9131d9af3}\U\80000032.@
C:\Users\Linda\AppData\Local\{fb91fb6a-83be-9b99-b605-f5f9131d9af3}\U\80000064.@

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 11%
Total physical RAM: 6111.02 MB
Available physical RAM: 5379.59 MB
Total Pagefile: 6109.17 MB
Available Pagefile: 5375.03 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:457.68 GB) (Free:391.2 GB) NTFS
2 Drive e: (Recovery) (Fixed) (Total:7.98 GB) (Free:0.82 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.15 GB) (Free:0 GB) UDF
4 Drive g: (LEXAR) (Removable) (Total:0.97 GB) (Free:0.97 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 991 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 8171 MB 1024 KB
Partition 2 Primary 100 MB 8172 MB
Partition 3 Primary 457 GB 8 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E Recovery NTFS Partition 8171 MB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 457 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 991 MB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 04
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G LEXAR FAT Removable 991 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-08 08:51

======================= End Of Log ==========================

#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:02 AM

Posted 13 July 2012 - 03:04 PM

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

C:\Users\Linda\AppData\Local\{fb91fb6a-83be-9b99-b605-f5f9131d9af3}

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 Lindarita

Lindarita
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Northern California
  • Local time:12:02 AM

Posted 13 July 2012 - 06:09 PM

Just ran the fix. Here's the fix log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 11-07-2012
Ran by SYSTEM at 2012-07-13 16:02:18 Run:1
Running from G:\

==============================================

C:\Users\Linda\AppData\Local\{fb91fb6a-83be-9b99-b605-f5f9131d9af3} moved successfully.

==== End of Fixlog ====

#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:02 AM

Posted 14 July 2012 - 11:08 AM

Hello,

Very good job. Now we can run some other tools to make sure nothing else is there.

1.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


2.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


Things to include in your next reply::
TdssKiller log
Combofix.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 Lindarita

Lindarita
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Northern California
  • Local time:12:02 AM

Posted 14 July 2012 - 03:09 PM

Hi Fireman4it. It worked! No more Google redirects!!! Thank you SO much!!!!

Linda

.......................................................................................
TDSSKILLER LOG:
11:43:47.0856 10204 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
11:43:48.0386 10204 ============================================================
11:43:48.0386 10204 Current date / time: 2012/07/14 11:43:48.0386
11:43:48.0386 10204 SystemInfo:
11:43:48.0386 10204
11:43:48.0386 10204 OS Version: 6.1.7601 ServicePack: 1.0
11:43:48.0386 10204 Product type: Workstation
11:43:48.0386 10204 ComputerName: LINDA-VAIO
11:43:48.0386 10204 UserName: Linda
11:43:48.0386 10204 Windows directory: C:\Windows
11:43:48.0386 10204 System windows directory: C:\Windows
11:43:48.0386 10204 Running under WOW64
11:43:48.0386 10204 Processor architecture: Intel x64
11:43:48.0386 10204 Number of processors: 2
11:43:48.0386 10204 Page size: 0x1000
11:43:48.0386 10204 Boot type: Normal boot
11:43:48.0386 10204 ============================================================
11:43:49.0416 10204 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:43:49.0431 10204 Drive \Device\Harddisk3\DR3 - Size: 0x3DF80000 (0.97 Gb), SectorSize: 0x200, Cylinders: 0x7E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:43:49.0447 10204 ============================================================
11:43:49.0447 10204 \Device\Harddisk0\DR0:
11:43:49.0447 10204 MBR partitions:
11:43:49.0447 10204 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xFF6000, BlocksNum 0x32000
11:43:49.0447 10204 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1028000, BlocksNum 0x3935D830
11:43:49.0447 10204 \Device\Harddisk3\DR3:
11:43:49.0447 10204 MBR partitions:
11:43:49.0447 10204 \Device\Harddisk3\DR3\Partition0: MBR, Type 0x4, StartLBA 0x20, BlocksNum 0x1EFBE0
11:43:49.0447 10204 ============================================================
11:43:49.0478 10204 C: <-> \Device\Harddisk0\DR0\Partition1
11:43:49.0478 10204 ============================================================
11:43:49.0478 10204 Initialize success
11:43:49.0478 10204 ============================================================
11:44:24.0439 1320 ============================================================
11:44:24.0439 1320 Scan started
11:44:24.0439 1320 Mode: Manual;
11:44:24.0439 1320 ============================================================
11:44:25.0765 1320 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
11:44:25.0780 1320 1394ohci - ok
11:44:25.0858 1320 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
11:44:25.0874 1320 ACDaemon - ok
11:44:25.0905 1320 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:44:25.0921 1320 ACPI - ok
11:44:25.0952 1320 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:44:25.0952 1320 AcpiPmi - ok
11:44:26.0061 1320 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:44:26.0061 1320 AdobeARMservice - ok
11:44:26.0202 1320 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:44:26.0202 1320 AdobeFlashPlayerUpdateSvc - ok
11:44:26.0248 1320 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
11:44:26.0264 1320 adp94xx - ok
11:44:26.0295 1320 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
11:44:26.0311 1320 adpahci - ok
11:44:26.0326 1320 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
11:44:26.0342 1320 adpu320 - ok
11:44:26.0498 1320 AdvancedSystemCareService5 (96d6cdd0b32846e8cfbe592f4f32e608) C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
11:44:26.0514 1320 AdvancedSystemCareService5 - ok
11:44:26.0529 1320 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
11:44:26.0529 1320 AeLookupSvc - ok
11:44:26.0592 1320 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
11:44:26.0592 1320 AFD - ok
11:44:26.0638 1320 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:44:26.0638 1320 agp440 - ok
11:44:26.0670 1320 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
11:44:26.0685 1320 ALG - ok
11:44:26.0701 1320 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:44:26.0701 1320 aliide - ok
11:44:26.0732 1320 AMD External Events Utility (322a2c5d390109a4e50679ab58dea870) C:\Windows\system32\atiesrxx.exe
11:44:26.0732 1320 AMD External Events Utility - ok
11:44:26.0748 1320 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:44:26.0748 1320 amdide - ok
11:44:26.0779 1320 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
11:44:26.0779 1320 AmdK8 - ok
11:44:26.0794 1320 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:44:26.0794 1320 AmdPPM - ok
11:44:26.0826 1320 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
11:44:26.0826 1320 amdsata - ok
11:44:26.0857 1320 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
11:44:26.0857 1320 amdsbs - ok
11:44:26.0872 1320 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
11:44:26.0872 1320 amdxata - ok
11:44:26.0904 1320 ApfiltrService (56bd886820c4aedf493cfcdf1ccfb004) C:\Windows\system32\DRIVERS\Apfiltr.sys
11:44:26.0919 1320 ApfiltrService - ok
11:44:26.0950 1320 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:44:26.0950 1320 AppID - ok
11:44:26.0997 1320 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
11:44:26.0997 1320 AppIDSvc - ok
11:44:27.0044 1320 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
11:44:27.0044 1320 Appinfo - ok
11:44:27.0138 1320 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:44:27.0138 1320 Apple Mobile Device - ok
11:44:27.0169 1320 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
11:44:27.0169 1320 arc - ok
11:44:27.0216 1320 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
11:44:27.0216 1320 arcsas - ok
11:44:27.0231 1320 ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
11:44:27.0231 1320 ArcSoftKsUFilter - ok
11:44:27.0247 1320 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:44:27.0247 1320 AsyncMac - ok
11:44:27.0278 1320 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:44:27.0278 1320 atapi - ok
11:44:27.0590 1320 atikmdag (de0ede41bc530f1759c6fffcb8c7a0cf) C:\Windows\system32\DRIVERS\atikmdag.sys
11:44:27.0730 1320 atikmdag - ok
11:44:27.0871 1320 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:44:27.0886 1320 AudioEndpointBuilder - ok
11:44:27.0902 1320 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:44:27.0918 1320 AudioSrv - ok
11:44:28.0230 1320 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
11:44:28.0354 1320 AVGIDSAgent - ok
11:44:28.0479 1320 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
11:44:28.0479 1320 AVGIDSDriver - ok
11:44:28.0495 1320 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
11:44:28.0495 1320 AVGIDSFilter - ok
11:44:28.0510 1320 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
11:44:28.0526 1320 AVGIDSHA - ok
11:44:28.0557 1320 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
11:44:28.0557 1320 Avgldx64 - ok
11:44:28.0604 1320 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
11:44:28.0604 1320 Avgmfx64 - ok
11:44:28.0604 1320 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
11:44:28.0604 1320 Avgrkx64 - ok
11:44:28.0635 1320 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
11:44:28.0635 1320 Avgtdia - ok
11:44:28.0729 1320 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
11:44:28.0744 1320 avgwd - ok
11:44:28.0791 1320 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
11:44:28.0791 1320 AxInstSV - ok
11:44:28.0854 1320 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
11:44:28.0869 1320 b06bdrv - ok
11:44:28.0900 1320 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:44:28.0900 1320 b57nd60a - ok
11:44:28.0978 1320 BBSvc (825f81a6f7dd073509db101f0ba6dc59) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
11:44:28.0978 1320 BBSvc - ok
11:44:29.0010 1320 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
11:44:29.0025 1320 BDESVC - ok
11:44:29.0041 1320 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:44:29.0041 1320 Beep - ok
11:44:29.0134 1320 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
11:44:29.0150 1320 BFE - ok
11:44:29.0212 1320 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
11:44:29.0228 1320 BITS - ok
11:44:29.0275 1320 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:44:29.0275 1320 blbdrive - ok
11:44:29.0368 1320 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
11:44:29.0384 1320 Bonjour Service - ok
11:44:29.0415 1320 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:44:29.0415 1320 bowser - ok
11:44:29.0446 1320 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:44:29.0446 1320 BrFiltLo - ok
11:44:29.0462 1320 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:44:29.0462 1320 BrFiltUp - ok
11:44:29.0509 1320 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
11:44:29.0509 1320 Browser - ok
11:44:29.0556 1320 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:44:29.0556 1320 Brserid - ok
11:44:29.0587 1320 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:44:29.0587 1320 BrSerWdm - ok
11:44:29.0618 1320 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:44:29.0618 1320 BrUsbMdm - ok
11:44:29.0649 1320 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:44:29.0649 1320 BrUsbSer - ok
11:44:29.0696 1320 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
11:44:29.0696 1320 BthEnum - ok
11:44:29.0727 1320 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:44:29.0727 1320 BTHMODEM - ok
11:44:29.0758 1320 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
11:44:29.0758 1320 BthPan - ok
11:44:29.0790 1320 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
11:44:29.0805 1320 BTHPORT - ok
11:44:29.0821 1320 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
11:44:29.0821 1320 bthserv - ok
11:44:29.0836 1320 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
11:44:29.0852 1320 BTHUSB - ok
11:44:29.0868 1320 btwaudio (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\Windows\system32\drivers\btwaudio.sys
11:44:29.0868 1320 btwaudio - ok
11:44:29.0883 1320 btwavdt (82dc8b7c626e526681c1bebed2bc3ff9) C:\Windows\system32\drivers\btwavdt.sys
11:44:29.0899 1320 btwavdt - ok
11:44:29.0946 1320 btwdins (d65aa164acd0f6706dbcfbbcc9731584) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
11:44:29.0961 1320 btwdins - ok
11:44:29.0977 1320 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
11:44:29.0977 1320 btwl2cap - ok
11:44:29.0992 1320 btwrchid (28e105ad3b79f440bf94780f507bf66a) C:\Windows\system32\DRIVERS\btwrchid.sys
11:44:29.0992 1320 btwrchid - ok
11:44:30.0024 1320 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:44:30.0024 1320 cdfs - ok
11:44:30.0055 1320 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
11:44:30.0070 1320 cdrom - ok
11:44:30.0102 1320 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:44:30.0102 1320 CertPropSvc - ok
11:44:30.0133 1320 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:44:30.0133 1320 circlass - ok
11:44:30.0164 1320 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:44:30.0164 1320 CLFS - ok
11:44:30.0211 1320 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:44:30.0226 1320 clr_optimization_v2.0.50727_32 - ok
11:44:30.0273 1320 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:44:30.0273 1320 clr_optimization_v2.0.50727_64 - ok
11:44:30.0367 1320 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:44:30.0367 1320 clr_optimization_v4.0.30319_32 - ok
11:44:30.0398 1320 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:44:30.0398 1320 clr_optimization_v4.0.30319_64 - ok
11:44:30.0429 1320 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:44:30.0429 1320 CmBatt - ok
11:44:30.0460 1320 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:44:30.0476 1320 cmdide - ok
11:44:30.0523 1320 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
11:44:30.0538 1320 CNG - ok
11:44:30.0554 1320 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:44:30.0554 1320 Compbatt - ok
11:44:30.0601 1320 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
11:44:30.0601 1320 CompositeBus - ok
11:44:30.0601 1320 COMSysApp - ok
11:44:30.0632 1320 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
11:44:30.0632 1320 crcdisk - ok
11:44:30.0679 1320 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
11:44:30.0694 1320 CryptSvc - ok
11:44:30.0757 1320 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:44:30.0757 1320 DcomLaunch - ok
11:44:30.0788 1320 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
11:44:30.0804 1320 defragsvc - ok
11:44:30.0835 1320 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:44:30.0835 1320 DfsC - ok
11:44:30.0882 1320 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
11:44:30.0897 1320 Dhcp - ok
11:44:30.0928 1320 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:44:30.0928 1320 discache - ok
11:44:30.0960 1320 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
11:44:30.0960 1320 Disk - ok
11:44:31.0006 1320 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
11:44:31.0022 1320 Dnscache - ok
11:44:31.0069 1320 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
11:44:31.0069 1320 dot3svc - ok
11:44:31.0131 1320 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
11:44:31.0131 1320 DPS - ok
11:44:31.0162 1320 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:44:31.0162 1320 drmkaud - ok
11:44:31.0272 1320 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:44:31.0287 1320 DXGKrnl - ok
11:44:31.0334 1320 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
11:44:31.0334 1320 EapHost - ok
11:44:31.0552 1320 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
11:44:31.0599 1320 ebdrv - ok
11:44:31.0708 1320 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
11:44:31.0708 1320 EFS - ok
11:44:31.0818 1320 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
11:44:31.0833 1320 ehRecvr - ok
11:44:31.0864 1320 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
11:44:31.0864 1320 ehSched - ok
11:44:31.0958 1320 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
11:44:31.0974 1320 elxstor - ok
11:44:32.0020 1320 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:44:32.0020 1320 ErrDev - ok
11:44:32.0098 1320 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
11:44:32.0098 1320 EventSystem - ok
11:44:32.0145 1320 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:44:32.0145 1320 exfat - ok
11:44:32.0176 1320 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:44:32.0192 1320 fastfat - ok
11:44:32.0270 1320 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
11:44:32.0286 1320 Fax - ok
11:44:32.0301 1320 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:44:32.0301 1320 fdc - ok
11:44:32.0317 1320 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
11:44:32.0317 1320 fdPHost - ok
11:44:32.0332 1320 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
11:44:32.0332 1320 FDResPub - ok
11:44:32.0364 1320 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:44:32.0364 1320 FileInfo - ok
11:44:32.0379 1320 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:44:32.0379 1320 Filetrace - ok
11:44:32.0395 1320 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:44:32.0395 1320 flpydisk - ok
11:44:32.0442 1320 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:44:32.0442 1320 FltMgr - ok
11:44:32.0551 1320 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
11:44:32.0582 1320 FontCache - ok
11:44:32.0676 1320 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:44:32.0676 1320 FontCache3.0.0.0 - ok
11:44:32.0707 1320 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:44:32.0722 1320 FsDepends - ok
11:44:32.0769 1320 fssfltr (07da62c960ddccc2d35836aeab4fc578) C:\Windows\system32\DRIVERS\fssfltr.sys
11:44:32.0769 1320 fssfltr - ok
11:44:32.0941 1320 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
11:44:32.0972 1320 fsssvc - ok
11:44:33.0081 1320 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
11:44:33.0081 1320 Fs_Rec - ok
11:44:33.0144 1320 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:44:33.0144 1320 fvevol - ok
11:44:33.0190 1320 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:44:33.0190 1320 gagp30kx - ok
11:44:33.0237 1320 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:44:33.0237 1320 GEARAspiWDM - ok
11:44:33.0331 1320 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
11:44:33.0346 1320 gpsvc - ok
11:44:33.0424 1320 gupdate (626a24ed1228580b9518c01930936df9) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:44:33.0424 1320 gupdate - ok
11:44:33.0440 1320 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:44:33.0440 1320 gupdatem - ok
11:44:33.0471 1320 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
11:44:33.0471 1320 gusvc - ok
11:44:33.0502 1320 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:44:33.0502 1320 hcw85cir - ok
11:44:33.0565 1320 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
11:44:33.0580 1320 HdAudAddService - ok
11:44:33.0627 1320 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
11:44:33.0627 1320 HDAudBus - ok
11:44:33.0643 1320 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
11:44:33.0643 1320 HidBatt - ok
11:44:33.0674 1320 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:44:33.0674 1320 HidBth - ok
11:44:33.0721 1320 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
11:44:33.0721 1320 HidIr - ok
11:44:33.0752 1320 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
11:44:33.0752 1320 hidserv - ok
11:44:33.0768 1320 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
11:44:33.0768 1320 HidUsb - ok
11:44:33.0814 1320 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
11:44:33.0814 1320 hkmsvc - ok
11:44:33.0861 1320 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
11:44:33.0877 1320 HomeGroupListener - ok
11:44:33.0924 1320 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
11:44:33.0939 1320 HomeGroupProvider - ok
11:44:33.0986 1320 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:44:33.0986 1320 HpSAMD - ok
11:44:34.0048 1320 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:44:34.0064 1320 HTTP - ok
11:44:34.0095 1320 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:44:34.0111 1320 hwpolicy - ok
11:44:34.0126 1320 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
11:44:34.0126 1320 i8042prt - ok
11:44:34.0173 1320 IAANTMON (7548066df68a8a1a56b043359f915f37) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
11:44:34.0173 1320 IAANTMON - ok
11:44:34.0220 1320 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
11:44:34.0220 1320 iaStor - ok
11:44:34.0267 1320 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
11:44:34.0282 1320 iaStorV - ok
11:44:34.0392 1320 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:44:34.0423 1320 idsvc - ok
11:44:34.0454 1320 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
11:44:34.0454 1320 iirsp - ok
11:44:34.0532 1320 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
11:44:34.0548 1320 IKEEXT - ok
11:44:34.0641 1320 IntcAzAudAddService (b16fc828ce7a76a8f1ce682e6ead2627) C:\Windows\system32\drivers\RTKVHD64.sys
11:44:34.0672 1320 IntcAzAudAddService - ok
11:44:34.0782 1320 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:44:34.0782 1320 intelide - ok
11:44:34.0813 1320 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:44:34.0813 1320 intelppm - ok
11:44:34.0844 1320 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
11:44:34.0844 1320 IPBusEnum - ok
11:44:34.0875 1320 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:44:34.0875 1320 IpFilterDriver - ok
11:44:34.0938 1320 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
11:44:34.0953 1320 iphlpsvc - ok
11:44:35.0000 1320 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:44:35.0000 1320 IPMIDRV - ok
11:44:35.0031 1320 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:44:35.0031 1320 IPNAT - ok
11:44:35.0140 1320 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
11:44:35.0156 1320 iPod Service - ok
11:44:35.0172 1320 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:44:35.0187 1320 IRENUM - ok
11:44:35.0203 1320 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:44:35.0203 1320 isapnp - ok
11:44:35.0250 1320 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:44:35.0250 1320 iScsiPrt - ok
11:44:35.0296 1320 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
11:44:35.0296 1320 IviRegMgr - ok
11:44:35.0328 1320 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
11:44:35.0328 1320 kbdclass - ok
11:44:35.0359 1320 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
11:44:35.0359 1320 kbdhid - ok
11:44:35.0406 1320 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:44:35.0406 1320 KeyIso - ok
11:44:35.0437 1320 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
11:44:35.0437 1320 KSecDD - ok
11:44:35.0468 1320 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
11:44:35.0468 1320 KSecPkg - ok
11:44:35.0499 1320 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:44:35.0499 1320 ksthunk - ok
11:44:35.0546 1320 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
11:44:35.0562 1320 KtmRm - ok
11:44:35.0624 1320 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
11:44:35.0624 1320 LanmanServer - ok
11:44:35.0686 1320 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
11:44:35.0686 1320 LanmanWorkstation - ok
11:44:35.0811 1320 LBTServ (4adc135f525d38a498f83b089228cc2d) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
11:44:35.0811 1320 LBTServ - ok
11:44:35.0842 1320 LHidFilt (24e09882ba51b9830ae029888a3aaf18) C:\Windows\system32\DRIVERS\LHidFilt.Sys
11:44:35.0842 1320 LHidFilt - ok
11:44:35.0858 1320 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:44:35.0858 1320 lltdio - ok
11:44:35.0889 1320 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
11:44:35.0889 1320 lltdsvc - ok
11:44:35.0920 1320 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
11:44:35.0920 1320 lmhosts - ok
11:44:36.0076 1320 LMIGuardianSvc (98b0fcc176dfb711b67651becb88c445) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
11:44:36.0076 1320 LMIGuardianSvc - ok
11:44:36.0123 1320 LMIInfo (0317335b15ff3bda8e10197e3434cfc0) C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
11:44:36.0123 1320 LMIInfo - ok
11:44:36.0139 1320 LMIMaint (b712511029cbd68645a90a241fd6ae43) C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
11:44:36.0139 1320 LMIMaint - ok
11:44:36.0170 1320 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
11:44:36.0170 1320 lmimirr - ok
11:44:36.0186 1320 LMIRfsClientNP - ok
11:44:36.0232 1320 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
11:44:36.0232 1320 LMIRfsDriver - ok
11:44:36.0279 1320 LMouFilt (2f94325d8c10e2b715f3d753c2422aac) C:\Windows\system32\DRIVERS\LMouFilt.Sys
11:44:36.0279 1320 LMouFilt - ok
11:44:36.0357 1320 LogMeIn (d3760bc17e1755091b7120cf32dbf56b) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
11:44:36.0357 1320 LogMeIn - ok
11:44:36.0388 1320 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:44:36.0404 1320 LSI_FC - ok
11:44:36.0420 1320 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:44:36.0420 1320 LSI_SAS - ok
11:44:36.0451 1320 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:44:36.0451 1320 LSI_SAS2 - ok
11:44:36.0466 1320 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:44:36.0482 1320 LSI_SCSI - ok
11:44:36.0498 1320 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:44:36.0498 1320 luafv - ok
11:44:36.0529 1320 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
11:44:36.0529 1320 Mcx2Svc - ok
11:44:36.0560 1320 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
11:44:36.0560 1320 megasas - ok
11:44:36.0607 1320 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
11:44:36.0607 1320 MegaSR - ok
11:44:36.0638 1320 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:44:36.0638 1320 MMCSS - ok
11:44:36.0654 1320 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:44:36.0654 1320 Modem - ok
11:44:36.0669 1320 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:44:36.0669 1320 monitor - ok
11:44:36.0716 1320 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:44:36.0716 1320 mouclass - ok
11:44:36.0763 1320 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:44:36.0763 1320 mouhid - ok
11:44:36.0810 1320 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:44:36.0810 1320 mountmgr - ok
11:44:36.0856 1320 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:44:36.0872 1320 mpio - ok
11:44:36.0903 1320 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:44:36.0903 1320 mpsdrv - ok
11:44:36.0997 1320 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
11:44:37.0012 1320 MpsSvc - ok
11:44:37.0075 1320 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:44:37.0075 1320 MRxDAV - ok
11:44:37.0122 1320 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:44:37.0137 1320 mrxsmb - ok
11:44:37.0184 1320 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:44:37.0184 1320 mrxsmb10 - ok
11:44:37.0231 1320 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:44:37.0231 1320 mrxsmb20 - ok
11:44:37.0278 1320 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:44:37.0278 1320 msahci - ok
11:44:37.0340 1320 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:44:37.0340 1320 msdsm - ok
11:44:37.0387 1320 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
11:44:37.0402 1320 MSDTC - ok
11:44:37.0449 1320 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:44:37.0449 1320 Msfs - ok
11:44:37.0465 1320 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:44:37.0465 1320 mshidkmdf - ok
11:44:37.0496 1320 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:44:37.0496 1320 msisadrv - ok
11:44:37.0527 1320 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
11:44:37.0543 1320 MSiSCSI - ok
11:44:37.0558 1320 msiserver - ok
11:44:37.0574 1320 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:44:37.0574 1320 MSKSSRV - ok
11:44:37.0590 1320 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:44:37.0590 1320 MSPCLOCK - ok
11:44:37.0605 1320 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:44:37.0605 1320 MSPQM - ok
11:44:37.0652 1320 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:44:37.0652 1320 MsRPC - ok
11:44:37.0699 1320 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
11:44:37.0699 1320 mssmbios - ok
11:44:37.0714 1320 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:44:37.0730 1320 MSTEE - ok
11:44:37.0730 1320 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:44:37.0730 1320 MTConfig - ok
11:44:37.0761 1320 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:44:37.0761 1320 Mup - ok
11:44:37.0808 1320 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
11:44:37.0808 1320 napagent - ok
11:44:37.0870 1320 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:44:37.0870 1320 NativeWifiP - ok
11:44:37.0964 1320 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
11:44:37.0980 1320 NDIS - ok
11:44:38.0026 1320 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:44:38.0026 1320 NdisCap - ok
11:44:38.0042 1320 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:44:38.0042 1320 NdisTapi - ok
11:44:38.0089 1320 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:44:38.0089 1320 Ndisuio - ok
11:44:38.0136 1320 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:44:38.0136 1320 NdisWan - ok
11:44:38.0198 1320 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:44:38.0198 1320 NDProxy - ok
11:44:38.0245 1320 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:44:38.0245 1320 NetBIOS - ok
11:44:38.0307 1320 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:44:38.0307 1320 NetBT - ok
11:44:38.0354 1320 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:44:38.0354 1320 Netlogon - ok
11:44:38.0416 1320 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
11:44:38.0416 1320 Netman - ok
11:44:38.0463 1320 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
11:44:38.0479 1320 netprofm - ok
11:44:38.0557 1320 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:44:38.0557 1320 NetTcpPortSharing - ok
11:44:38.0869 1320 netw5v64 (705283c02177809ca9fa7cc58a4f1e77) C:\Windows\system32\DRIVERS\netw5v64.sys
11:44:38.0994 1320 netw5v64 - ok
11:44:39.0118 1320 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
11:44:39.0118 1320 nfrd960 - ok
11:44:39.0181 1320 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
11:44:39.0181 1320 NlaSvc - ok
11:44:39.0212 1320 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:44:39.0212 1320 Npfs - ok
11:44:39.0243 1320 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
11:44:39.0259 1320 nsi - ok
11:44:39.0274 1320 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:44:39.0274 1320 nsiproxy - ok
11:44:39.0430 1320 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
11:44:39.0446 1320 Ntfs - ok
11:44:39.0555 1320 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:44:39.0555 1320 Null - ok
11:44:39.0618 1320 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
11:44:39.0618 1320 nvraid - ok
11:44:39.0649 1320 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
11:44:39.0649 1320 nvstor - ok
11:44:39.0664 1320 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:44:39.0664 1320 nv_agp - ok
11:44:39.0789 1320 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:44:39.0789 1320 odserv - ok
11:44:39.0836 1320 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:44:39.0836 1320 ohci1394 - ok
11:44:39.0852 1320 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:44:39.0867 1320 ose - ok
11:44:39.0914 1320 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:44:39.0914 1320 p2pimsvc - ok
11:44:39.0976 1320 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
11:44:39.0992 1320 p2psvc - ok
11:44:40.0023 1320 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:44:40.0023 1320 Parport - ok
11:44:40.0070 1320 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
11:44:40.0070 1320 partmgr - ok
11:44:40.0101 1320 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
11:44:40.0101 1320 PcaSvc - ok
11:44:40.0148 1320 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:44:40.0148 1320 pci - ok
11:44:40.0164 1320 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:44:40.0179 1320 pciide - ok
11:44:40.0210 1320 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
11:44:40.0226 1320 pcmcia - ok
11:44:40.0242 1320 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:44:40.0242 1320 pcw - ok
11:44:40.0288 1320 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:44:40.0304 1320 PEAUTH - ok
11:44:40.0382 1320 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
11:44:40.0382 1320 PerfHost - ok
11:44:40.0538 1320 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
11:44:40.0569 1320 pla - ok
11:44:40.0616 1320 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
11:44:40.0632 1320 PlugPlay - ok
11:44:40.0663 1320 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
11:44:40.0663 1320 PNRPAutoReg - ok
11:44:40.0678 1320 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:44:40.0694 1320 PNRPsvc - ok
11:44:40.0756 1320 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
11:44:40.0772 1320 PolicyAgent - ok
11:44:40.0819 1320 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
11:44:40.0819 1320 Power - ok
11:44:40.0881 1320 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:44:40.0881 1320 PptpMiniport - ok
11:44:40.0912 1320 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
11:44:40.0912 1320 Processor - ok
11:44:40.0959 1320 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
11:44:40.0975 1320 ProfSvc - ok
11:44:41.0022 1320 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:44:41.0022 1320 ProtectedStorage - ok
11:44:41.0084 1320 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:44:41.0084 1320 Psched - ok
11:44:41.0131 1320 PxHlpa64 (aed797cca02783296c68aa10d0cff8a9) C:\Windows\system32\Drivers\PxHlpa64.sys
11:44:41.0131 1320 PxHlpa64 - ok
11:44:41.0240 1320 QBCFMonitorService (5fa5863e603426b0b52762492a032dee) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
11:44:41.0240 1320 QBCFMonitorService - ok
11:44:41.0287 1320 QBFCService (6bee1814470dc12fa20c53dfc3c97ebb) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
11:44:41.0287 1320 QBFCService - ok
11:44:41.0396 1320 QBVSS (9e5e9af398d1ae13b67b623d5c695ba9) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
11:44:41.0396 1320 QBVSS - ok
11:44:41.0599 1320 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
11:44:41.0630 1320 ql2300 - ok
11:44:41.0739 1320 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
11:44:41.0739 1320 ql40xx - ok
11:44:41.0802 1320 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
11:44:41.0817 1320 QWAVE - ok
11:44:41.0848 1320 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:44:41.0848 1320 QWAVEdrv - ok
11:44:41.0864 1320 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:44:41.0864 1320 RasAcd - ok
11:44:41.0895 1320 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:44:41.0895 1320 RasAgileVpn - ok
11:44:41.0911 1320 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
11:44:41.0911 1320 RasAuto - ok
11:44:41.0958 1320 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:44:41.0958 1320 Rasl2tp - ok
11:44:42.0004 1320 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
11:44:42.0020 1320 RasMan - ok
11:44:42.0036 1320 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:44:42.0036 1320 RasPppoe - ok
11:44:42.0051 1320 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:44:42.0067 1320 RasSstp - ok
11:44:42.0114 1320 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:44:42.0114 1320 rdbss - ok
11:44:42.0160 1320 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:44:42.0160 1320 rdpbus - ok
11:44:42.0176 1320 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:44:42.0176 1320 RDPCDD - ok
11:44:42.0192 1320 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:44:42.0192 1320 RDPENCDD - ok
11:44:42.0207 1320 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:44:42.0207 1320 RDPREFMP - ok
11:44:42.0254 1320 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
11:44:42.0270 1320 RDPWD - ok
11:44:42.0316 1320 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:44:42.0332 1320 rdyboost - ok
11:44:42.0363 1320 regi (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\Windows\system32\drivers\regi.sys
11:44:42.0379 1320 regi - ok
11:44:42.0426 1320 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
11:44:42.0426 1320 RemoteAccess - ok
11:44:42.0472 1320 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
11:44:42.0472 1320 RemoteRegistry - ok
11:44:42.0504 1320 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
11:44:42.0519 1320 RFCOMM - ok
11:44:42.0550 1320 rimsptsk (258aadb43e3f3468b5cf8cb0f84872c2) C:\Windows\system32\DRIVERS\rimssn64.sys
11:44:42.0550 1320 rimsptsk - ok
11:44:42.0597 1320 RimUsb (ad42432d22940b4215177be113e4919c) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
11:44:42.0597 1320 RimUsb - ok
11:44:42.0644 1320 RimVSerPort (4aafffa67ac4dfa3d9985d78573887e2) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
11:44:42.0644 1320 RimVSerPort - ok
11:44:42.0675 1320 risdptsk (71e182a0de1cecb3f912960716345405) C:\Windows\system32\DRIVERS\risdsn64.sys
11:44:42.0675 1320 risdptsk - ok
11:44:42.0691 1320 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
11:44:42.0691 1320 ROOTMODEM - ok
11:44:42.0738 1320 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
11:44:42.0738 1320 RpcEptMapper - ok
11:44:42.0769 1320 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
11:44:42.0769 1320 RpcLocator - ok
11:44:42.0831 1320 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:44:42.0831 1320 RpcSs - ok
11:44:42.0847 1320 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:44:42.0862 1320 rspndr - ok
11:44:42.0894 1320 RTHDMIAzAudService (34f05c417f038ffa3bef69b798d7d7dd) C:\Windows\system32\drivers\RtHDMIVX.sys
11:44:42.0894 1320 RTHDMIAzAudService - ok
11:44:42.0956 1320 RtkAudioService (01e6a1e53e39a0b1e2b6ae62bf52e8ec) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
11:44:42.0956 1320 RtkAudioService - ok
11:44:43.0018 1320 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:44:43.0018 1320 SamSs - ok
11:44:43.0065 1320 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
11:44:43.0065 1320 sbp2port - ok
11:44:43.0128 1320 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
11:44:43.0143 1320 SCardSvr - ok
11:44:43.0174 1320 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:44:43.0190 1320 scfilter - ok
11:44:43.0284 1320 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
11:44:43.0315 1320 Schedule - ok
11:44:43.0346 1320 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:44:43.0346 1320 SCPolicySvc - ok
11:44:43.0393 1320 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
11:44:43.0393 1320 sdbus - ok
11:44:43.0440 1320 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
11:44:43.0440 1320 SDRSVC - ok
11:44:43.0549 1320 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
11:44:43.0549 1320 SeaPort - ok
11:44:43.0596 1320 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:44:43.0596 1320 secdrv - ok
11:44:43.0627 1320 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
11:44:43.0627 1320 seclogon - ok
11:44:43.0658 1320 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
11:44:43.0658 1320 SENS - ok
11:44:43.0674 1320 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
11:44:43.0674 1320 SensrSvc - ok
11:44:43.0705 1320 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:44:43.0705 1320 Serenum - ok
11:44:43.0736 1320 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:44:43.0736 1320 Serial - ok
11:44:43.0783 1320 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
11:44:43.0783 1320 sermouse - ok
11:44:43.0845 1320 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
11:44:43.0861 1320 SessionEnv - ok
11:44:43.0892 1320 SFEP (70f9c476b62de4f2823e918a6c181ade) C:\Windows\system32\DRIVERS\SFEP.sys
11:44:43.0892 1320 SFEP - ok
11:44:43.0939 1320 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:44:43.0954 1320 sffdisk - ok
11:44:43.0986 1320 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:44:44.0001 1320 sffp_mmc - ok
11:44:44.0017 1320 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:44:44.0017 1320 sffp_sd - ok
11:44:44.0048 1320 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
11:44:44.0048 1320 sfloppy - ok
11:44:44.0095 1320 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
11:44:44.0095 1320 SharedAccess - ok
11:44:44.0188 1320 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
11:44:44.0204 1320 ShellHWDetection - ok
11:44:44.0235 1320 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:44:44.0235 1320 SiSRaid2 - ok
11:44:44.0266 1320 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
11:44:44.0266 1320 SiSRaid4 - ok
11:44:44.0282 1320 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:44:44.0282 1320 Smb - ok
11:44:44.0329 1320 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
11:44:44.0329 1320 SNMPTRAP - ok
11:44:44.0391 1320 SOHCImp (98886c88a1cb13d61672ae2c638b7e1c) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
11:44:44.0407 1320 SOHCImp - ok
11:44:44.0438 1320 SOHDBSvr (442a13f395546f4564c377296d43b564) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
11:44:44.0438 1320 SOHDBSvr - ok
11:44:44.0485 1320 SOHDms (556681be668d71dc162391a45422b52c) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
11:44:44.0500 1320 SOHDms - ok
11:44:44.0532 1320 SOHDs (72b46103e4111439109acf5882627c24) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
11:44:44.0532 1320 SOHDs - ok
11:44:44.0563 1320 SOHPlMgr (725b6e9cd1959271ac993dc035e1606d) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
11:44:44.0578 1320 SOHPlMgr - ok
11:44:44.0610 1320 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:44:44.0610 1320 spldr - ok
11:44:44.0672 1320 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
11:44:44.0672 1320 Spooler - ok
11:44:44.0922 1320 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
11:44:44.0953 1320 sppsvc - ok
11:44:45.0031 1320 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
11:44:45.0046 1320 sppuinotify - ok
11:44:45.0124 1320 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:44:45.0124 1320 srv - ok
11:44:45.0202 1320 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:44:45.0202 1320 srv2 - ok
11:44:45.0234 1320 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:44:45.0234 1320 srvnet - ok
11:44:45.0280 1320 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
11:44:45.0296 1320 SSDPSRV - ok
11:44:45.0327 1320 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
11:44:45.0327 1320 SstpSvc - ok
11:44:45.0343 1320 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
11:44:45.0358 1320 stexstor - ok
11:44:45.0405 1320 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
11:44:45.0421 1320 stisvc - ok
11:44:45.0452 1320 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
11:44:45.0452 1320 swenum - ok
11:44:45.0530 1320 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
11:44:45.0546 1320 swprv - ok
11:44:45.0686 1320 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
11:44:45.0733 1320 SysMain - ok
11:44:45.0826 1320 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
11:44:45.0842 1320 TabletInputService - ok
11:44:45.0873 1320 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
11:44:45.0889 1320 TapiSrv - ok
11:44:45.0920 1320 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
11:44:45.0920 1320 TBS - ok
11:44:46.0045 1320 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
11:44:46.0076 1320 Tcpip - ok
11:44:46.0294 1320 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
11:44:46.0310 1320 TCPIP6 - ok
11:44:46.0435 1320 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:44:46.0450 1320 tcpipreg - ok
11:44:46.0497 1320 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:44:46.0497 1320 TDPIPE - ok
11:44:46.0528 1320 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
11:44:46.0528 1320 TDTCP - ok
11:44:46.0591 1320 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:44:46.0591 1320 tdx - ok
11:44:46.0638 1320 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
11:44:46.0653 1320 TermDD - ok
11:44:46.0716 1320 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
11:44:46.0731 1320 TermService - ok
11:44:46.0762 1320 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
11:44:46.0778 1320 Themes - ok
11:44:46.0794 1320 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:44:46.0794 1320 THREADORDER - ok
11:44:46.0825 1320 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
11:44:46.0825 1320 TrkWks - ok
11:44:46.0887 1320 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
11:44:46.0887 1320 TrustedInstaller - ok
11:44:46.0950 1320 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:44:46.0950 1320 tssecsrv - ok
11:44:46.0981 1320 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:44:46.0981 1320 TsUsbFlt - ok
11:44:47.0043 1320 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:44:47.0043 1320 tunnel - ok
11:44:47.0074 1320 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
11:44:47.0074 1320 uagp35 - ok
11:44:47.0137 1320 uCamMonitor (63f6d08c54d5b3c1b12a6172032055c7) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
11:44:47.0137 1320 uCamMonitor - ok
11:44:47.0199 1320 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:44:47.0199 1320 udfs - ok
11:44:47.0262 1320 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
11:44:47.0277 1320 UI0Detect - ok
11:44:47.0324 1320 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:44:47.0324 1320 uliagpkx - ok
11:44:47.0371 1320 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
11:44:47.0371 1320 umbus - ok
11:44:47.0418 1320 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:44:47.0418 1320 UmPass - ok
11:44:47.0464 1320 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
11:44:47.0480 1320 upnphost - ok
11:44:47.0511 1320 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
11:44:47.0511 1320 USBAAPL64 - ok
11:44:47.0542 1320 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
11:44:47.0542 1320 usbccgp - ok
11:44:47.0574 1320 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:44:47.0574 1320 usbcir - ok
11:44:47.0620 1320 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
11:44:47.0620 1320 usbehci - ok
11:44:47.0652 1320 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
11:44:47.0652 1320 usbhub - ok
11:44:47.0683 1320 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
11:44:47.0683 1320 usbohci - ok
11:44:47.0714 1320 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:44:47.0714 1320 usbprint - ok
11:44:47.0730 1320 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
11:44:47.0745 1320 USBSTOR - ok
11:44:47.0761 1320 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
11:44:47.0761 1320 usbuhci - ok
11:44:47.0808 1320 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
11:44:47.0823 1320 usbvideo - ok
11:44:47.0854 1320 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
11:44:47.0854 1320 UxSms - ok
11:44:47.0948 1320 VAIO Event Service (d4197cf0c8567046fd4af28ff47af528) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
11:44:47.0948 1320 VAIO Event Service - ok
11:44:48.0042 1320 VAIO Power Management (2d6605c1f0bbd0f71a4cb3a5b1e07240) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
11:44:48.0057 1320 VAIO Power Management - ok
11:44:48.0088 1320 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:44:48.0088 1320 VaultSvc - ok
11:44:48.0182 1320 VCFw (06fe5beddadb158d84e6de33cbe19f3e) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
11:44:48.0198 1320 VCFw - ok
11:44:48.0260 1320 VcmIAlzMgr (34063c0b842e73662067f9b03947c55c) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
11:44:48.0276 1320 VcmIAlzMgr - ok
11:44:48.0322 1320 VcmINSMgr (a8f5d1651a324abc6c308891a1252ee3) C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
11:44:48.0338 1320 VcmINSMgr - ok
11:44:48.0400 1320 VcmXmlIfHelper (db544b487f360128dc1c383e0a6fcc2f) C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
11:44:48.0416 1320 VcmXmlIfHelper - ok
11:44:48.0432 1320 Vcsw - ok
11:44:48.0556 1320 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:44:48.0572 1320 vdrvroot - ok
11:44:48.0634 1320 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
11:44:48.0650 1320 vds - ok
11:44:48.0681 1320 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:44:48.0697 1320 vga - ok
11:44:48.0712 1320 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:44:48.0712 1320 VgaSave - ok
11:44:48.0759 1320 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:44:48.0759 1320 vhdmp - ok
11:44:48.0775 1320 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:44:48.0775 1320 viaide - ok
11:44:48.0790 1320 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:44:48.0790 1320 volmgr - ok
11:44:48.0837 1320 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:44:48.0853 1320 volmgrx - ok
11:44:48.0884 1320 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
11:44:48.0884 1320 volsnap - ok
11:44:48.0915 1320 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
11:44:48.0931 1320 vsmraid - ok
11:44:49.0040 1320 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
11:44:49.0071 1320 VSS - ok
11:44:49.0180 1320 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
11:44:49.0196 1320 vwifibus - ok
11:44:49.0258 1320 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
11:44:49.0274 1320 W32Time - ok
11:44:49.0336 1320 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:44:49.0336 1320 WacomPen - ok
11:44:49.0383 1320 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:44:49.0383 1320 WANARP - ok
11:44:49.0399 1320 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:44:49.0399 1320 Wanarpv6 - ok
11:44:49.0508 1320 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
11:44:49.0524 1320 WatAdminSvc - ok
11:44:49.0664 1320 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
11:44:49.0680 1320 wbengine - ok
11:44:49.0773 1320 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
11:44:49.0789 1320 WbioSrvc - ok
11:44:49.0867 1320 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
11:44:49.0867 1320 wcncsvc - ok
11:44:49.0898 1320 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
11:44:49.0914 1320 WcsPlugInService - ok
11:44:49.0929 1320 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:44:49.0929 1320 Wd - ok
11:44:49.0992 1320 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:44:49.0992 1320 Wdf01000 - ok
11:44:50.0023 1320 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:44:50.0023 1320 WdiServiceHost - ok
11:44:50.0038 1320 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:44:50.0038 1320 WdiSystemHost - ok
11:44:50.0085 1320 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
11:44:50.0101 1320 WebClient - ok
11:44:50.0148 1320 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
11:44:50.0148 1320 Wecsvc - ok
11:44:50.0163 1320 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
11:44:50.0179 1320 wercplsupport - ok
11:44:50.0179 1320 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
11:44:50.0194 1320 WerSvc - ok
11:44:50.0226 1320 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:44:50.0241 1320 WfpLwf - ok
11:44:50.0257 1320 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:44:50.0272 1320 WIMMount - ok
11:44:50.0288 1320 WinDefend - ok
11:44:50.0304 1320 WinHttpAutoProxySvc - ok
11:44:50.0366 1320 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
11:44:50.0382 1320 Winmgmt - ok
11:44:50.0506 1320 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
11:44:50.0538 1320 WinRM - ok
11:44:50.0662 1320 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
11:44:50.0678 1320 WinUsb - ok
11:44:50.0772 1320 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
11:44:50.0787 1320 Wlansvc - ok
11:44:51.0006 1320 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:44:51.0021 1320 wlidsvc - ok
11:44:51.0146 1320 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
11:44:51.0146 1320 WmiAcpi - ok
11:44:51.0224 1320 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
11:44:51.0224 1320 wmiApSrv - ok
11:44:51.0271 1320 WMPNetworkSvc - ok
11:44:51.0318 1320 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
11:44:51.0318 1320 WPCSvc - ok
11:44:51.0380 1320 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
11:44:51.0396 1320 WPDBusEnum - ok
11:44:51.0442 1320 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:44:51.0442 1320 ws2ifsl - ok
11:44:51.0474 1320 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
11:44:51.0474 1320 wscsvc - ok
11:44:51.0520 1320 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
11:44:51.0520 1320 WSDPrintDevice - ok
11:44:51.0567 1320 WSDScan (4a2a5c50dd1a63577d3aca94269fbc7f) C:\Windows\system32\DRIVERS\WSDScan.sys
11:44:51.0567 1320 WSDScan - ok
11:44:51.0583 1320 WSearch - ok
11:44:51.0770 1320 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
11:44:51.0801 1320 wuauserv - ok
11:44:51.0910 1320 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:44:51.0910 1320 WudfPf - ok
11:44:51.0957 1320 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:44:51.0957 1320 WUDFRd - ok
11:44:52.0004 1320 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
11:44:52.0004 1320 wudfsvc - ok
11:44:52.0051 1320 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
11:44:52.0066 1320 WwanSvc - ok
11:44:52.0098 1320 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
11:44:52.0113 1320 yukonw7 - ok
11:44:52.0160 1320 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:44:52.0332 1320 \Device\Harddisk0\DR0 - ok
11:44:52.0332 1320 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk3\DR3
11:44:52.0347 1320 \Device\Harddisk3\DR3 - ok
11:44:52.0347 1320 Boot (0x1200) (b45f99075caea4cad741453908059d48) \Device\Harddisk0\DR0\Partition0
11:44:52.0347 1320 \Device\Harddisk0\DR0\Partition0 - ok
11:44:52.0347 1320 Boot (0x1200) (e6638e46f55087b6be283558fd847096) \Device\Harddisk0\DR0\Partition1
11:44:52.0347 1320 \Device\Harddisk0\DR0\Partition1 - ok
11:44:52.0363 1320 Boot (0x1200) (d9bbbfe4c6805cb22f74441ccd6c941e) \Device\Harddisk3\DR3\Partition0
11:44:52.0363 1320 \Device\Harddisk3\DR3\Partition0 - ok
11:44:52.0363 1320 ============================================================
11:44:52.0363 1320 Scan finished
11:44:52.0363 1320 ============================================================
11:44:52.0363 4836 Detected object count: 0
11:44:52.0363 4836 Actual detected object count: 0
11:45:03.0049 10200 Deinitialize success

..............................................................................................
COMBOFIX LOG:

ComboFix 12-07-14.01 - Linda 07/14/2012 12:03:37.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6111.4231 [GMT -7:00]
Running from: c:\users\Linda\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Linda\AppData\Local\ATI\ArcSoft\svvag.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-06-14 to 2012-07-14 )))))))))))))))))))))))))))))))
.
.
2012-07-14 19:18 . 2012-07-14 19:18 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2012-07-14 19:18 . 2012-07-14 19:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-13 00:30 . 2012-07-13 00:42 -------- d-----w- C:\FRST
2012-07-11 04:19 . 2012-07-11 04:29 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-11 03:53 . 2012-07-11 03:53 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-07-11 03:53 . 2012-07-11 03:53 -------- d-----w- c:\program files (x86)\Oracle
2012-07-11 03:07 . 2012-07-11 03:07 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-07-11 03:07 . 2012-07-11 03:07 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-07-11 03:04 . 2012-05-24 17:47 24448 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-07-11 02:26 . 2012-07-11 02:26 -------- d-----w- c:\programdata\IObit
2012-07-11 02:26 . 2012-07-11 02:26 -------- d-----w- c:\users\Linda\AppData\Roaming\IObit
2012-07-11 02:26 . 2012-07-11 02:26 -------- d-----w- c:\program files (x86)\IObit
2012-07-11 02:10 . 2012-07-11 02:10 -------- d-----w- c:\users\Linda\AppData\Roaming\ParetoLogic
2012-07-11 02:10 . 2012-07-11 02:10 -------- d-----w- c:\users\Linda\AppData\Roaming\DriverCure
2012-07-11 02:10 . 2012-07-11 03:34 -------- d-----w- c:\programdata\ParetoLogic
2012-07-07 23:32 . 2011-07-20 21:58 44032 ----a-w- c:\windows\system32\drivers\RimSerial_AMD64.sys
2012-07-07 23:31 . 2012-07-07 23:31 -------- d-----w- c:\programdata\Research In Motion
2012-07-07 23:31 . 2012-07-07 23:31 -------- d-----w- c:\program files (x86)\Common Files\XCPCSync.OEM
2012-06-24 17:56 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-24 17:56 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-24 17:56 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-24 17:56 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-24 17:55 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-24 17:55 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-24 17:55 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-24 17:54 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-24 17:54 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 17:50 . 2012-04-26 15:38 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 17:50 . 2011-06-07 18:38 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 18:53 . 2011-10-27 01:36 87488 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-07-11 18:53 . 2011-10-27 01:36 34720 ----a-w- c:\windows\system32\LMIport.dll
2012-07-11 18:53 . 2011-10-27 01:36 80800 ----a-w- c:\windows\system32\LMIinit.dll
2012-05-23 00:51 . 2011-10-27 01:36 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2012-05-20 17:49 . 2012-05-20 17:49 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-05-20 17:49 . 2012-05-20 17:49 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-05-05 02:29 . 2012-05-07 21:47 772504 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-05-05 02:29 . 2010-05-08 16:09 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-04 11:06 . 2012-06-13 20:07 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 20:07 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 20:07 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-13 20:07 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-13 20:07 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-27 16:59 . 2012-04-27 16:59 53248 ----a-r- c:\users\Linda\AppData\Roaming\Microsoft\Installer\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}\ARPPRODUCTICON.exe
2012-04-26 05:41 . 2012-06-13 20:07 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-13 20:07 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-13 20:07 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-13 20:06 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-13 20:06 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-13 20:06 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-13 20:06 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-13 20:06 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-13 20:06 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-04-19 11:50 . 2012-04-19 11:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-04-19 03:56 . 2012-04-19 03:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-19 03:56 . 2012-04-19 03:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-29 06:44 1400712 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-08 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2009-09-02 80384]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-05-26 317288]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-09-30 2215768]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-08-23 206240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-05-20 296056]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2012-3-9 5969752]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2012-4-9 1156968]
QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks 2011\QBW32.EXE [2012-4-9 1178984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-07-01 18:49 98304 ------w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-07-05 5160568]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-08 133104]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-08 133104]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-07-27 120104]
R3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-07-27 70952]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-07-27 427304]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-07-27 75048]
R3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-07-27 91432]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-06-26 468264]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-06-26 357672]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-06-18 110888]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-20 1255736]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-05-20 55280]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-05-26 913792]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-27 203264]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-07-11 375208]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2011-09-16 15928]
S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2012-03-09 1248256]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-07-24 189984]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-08-22 411496]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-07-22 642920]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-08-03 35104]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-05 5435904]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2009-06-11 11392]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-26 17:50]
.
2012-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-08 13:01]
.
2012-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-08 13:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-24 7938080]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-07-24 1833504]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2710856]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2011-09-16 57928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.sfgate.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{5DBFBD58-DD01-4EFB-BBA9-EB13D11E42A6}: NameServer = 206.13.28.12
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-ArcSoft - c:\users\Linda\AppData\Local\ATI\ArcSoft\svvag.dll
SafeBoot-42843952.sys
SafeBoot-46982048.sys
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-14 12:49:20
ComboFix-quarantined-files.txt 2012-07-14 19:49
.
Pre-Run: 421,926,957,056 bytes free
Post-Run: 421,489,606,656 bytes free
.
- - End Of File - - 9DD70BE82206952220E9657A1656116B

#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:02 AM

Posted 14 July 2012 - 04:33 PM

Hello,

Glad to hear things are better. Let's run a couple other scanners for any leftovers.


1.
Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.


2.
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.


Things to include in your next reply::
MBAM log
Eset log
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 Lindarita

Lindarita
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Northern California
  • Local time:12:02 AM

Posted 14 July 2012 - 10:03 PM

Google still working great! Here are log files from MBAM & ESET:
................................................

MBAM:
Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.14.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Linda :: LINDA-VAIO [administrator]

Protection: Enabled

7/14/2012 2:49:06 PM
mbam-log-2012-07-14 (14-49-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 240690
Time elapsed: 3 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

................................................
ESET:
C:\FRST\Quarantine\{fb91fb6a-83be-9b99-b605-f5f9131d9af3}\U\00000008.@ Win64/Agent.BA trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\{fb91fb6a-83be-9b99-b605-f5f9131d9af3}\U\80000000.@ Win64/Sirefef.AE trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\{fb91fb6a-83be-9b99-b605-f5f9131d9af3}\U\80000032.@ a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\{fb91fb6a-83be-9b99-b605-f5f9131d9af3}\U\80000064.@ Win64/Sirefef.AN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Linda\AppData\Local\ATI\ArcSoft\svvag.dll.vir a variant of Win32/Kryptik.AIGL trojan cleaned by deleting - quarantined
C:\Users\Linda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\4ab1522c-2b8e08c5 multiple threats deleted - quarantined
C:\Users\Linda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\25983abb-42116eed multiple threats deleted - quarantined

#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:02 AM

Posted 15 July 2012 - 03:55 PM

Hello, Lindarita.
Congratulations! You now appear clean! :cool:

Uninstall Combofix
  • Make sure that Combofix.exe that you downloaded is on your Desktop but Do not run it!
    o *If it is not on your Desktop, the below will not work.
  • Click on Posted Image then Run....
  • Now copy & paste the green bolded text in the run-box and click OK.

    ComboFix /Uninstall

    Posted Image

    <Notice the space between the "x" and "/".> <--- It needs to be there
    Windows Vista users: Press the Windows Key + R to bring the Run... Command and then from there you can add in the Combofix /Uninstall

  • Please advise if this step is missed for any reason as it performs some important actions:
    "This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
    It also makes a clean Restore Point and flashes all the old restore points in order to prevent possible reinfection from an old one through system restore".

Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

We Need to Clean Up Our Mess
  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.

One of the most common questions found when cleaning malware is "how did my machine get infected?"

There are a variety of reasons, but the most common ones are that you are not practicing Safe Internet, you are not running the proper security software or that your computer's security settings are set too low.

Below I have outlined a series of categories that outline how you can increase the security of your computer to help reduce the chance of being infected again in the future.

Do not use P2P programs
Peer-to-peer or file-sharing programs (such as uTorrent, Limewire and Bitorrent) are probably the primary route of infection nowadays. These programs allow file sharing between users as the name(s) suggest. It is almost impossible to know whether the file you’re downloading through P2P programs is safe.

It is therefore possible to be infected by downloading infected files via peer-to-peer programs and so I recommend that you do not use these programs. Should you wish to use them, they must be used with extreme care. Some further reading on this subject, along with included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

In addition, P2P programs facilitate cyber crime and help distribute pirated software, movies and other illegal material.

Practice Safe Internet
Another one of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will.

Below are a list of simple precautions to take to keep your computer clean and running securely:
  • If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that. Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
  • If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean. For the casual computer user, you will almost never receive a valid attachment of this type.
  • If you receive an attachment from someone you know, and it looks suspicious, then it probably is. The email could be from someone you know who is themselves infected with malware which is trying to infect everyone in their address book. A key thing to look out for here is: does the email sound as though it’s from the person you know? Often, the email may simply have a web link or a “Run this file to make your PC run fast” message in it.
  • If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. For an example of these types of pop-ups, or Foistware, you should read this article: Foistware, And how to avoid it.
    There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. Removal instructions for a lot of these "rogues" can be found here.
  • Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you, or will download a file to your PC without your knowledge. You can check to see if it's a real alert by right-clicking on the window. If there is a menu that comes up saying Add to Favorites... you know it's a fake. DO NOT click on these windows, instead close them by finding the open window on your http://en.wikipedia.org/wiki/Taskbar#Screenshots '>Taskbar, right click and chose close.
  • Do not visit pornographic websites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do, as this can often form part of their funding.
  • When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link you should message back to the person asking if it is legit.
  • Stay away from Warez and Crack sites! As with Peer-2-Peer programs, in addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
  • Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download files from a site, and are not sure if they are legitimate, you can use tools such as BitDefender Traffic Light, Norton Safe Web, or McAfee SiteAdvisor to look up info on the site and stay protected against malicious sites. Please be sure to only choose and install one of those tool bars.
  • DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software.
    Sometimes even legitimate programs will try to bundle extra, unwanted, software with the program you want - this is done to raise money for the program. Be sure to untick any boxes which may indicate that other programs will be downloaded.

Keep Windows up-to-date
Microsoft continually releases security and stability updates for its supported operating systems and you should always apply these to help keep your PC secure.

  • Windows XP users
    You should visit Windows Update to check for the latest updates to your system. The latest service pack (SP3) can be obtained directly from Microsoft here.
  • Windows Vista users
    You should run the Windows Update program from your start menu to access the latest updates to your operating system (information can be found here). The latest service pack (SP2) can be obtained directly from Microsoft here.
  • Windows 7 users
    You should run the Windows Update program from your start menu to access the latest updates to your operating system (information can be found here). The latest service pack (SP1) can be obtained directly from Microsoft here


Keep your browser secure
Most modern browsers have come on in leaps and bounds with their inbuilt, default security. The best way to keep your browser secure nowadays is simply to keep it up-to-date.

The latest versions of the three common browsers can be found below:

Use an AntiVirus Software
It is very important that your computer has an up-to-date anti-virus software on it which has a real-time agent running. This alone can save you a lot of trouble with malware in the future.
See this link for a listing of some online & their stand-alone antivirus programs: Virus, Spyware, and Malware Protection and Removal Resources, a couple of free Anti-Virus programs you may be interested in are Microsoft Security Essentials and Avast.

It is imperative that you update your Antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.

Use a Firewall
I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly.

All versions of Windows starting from XP have an in-built firewall. With Windows XP this firewall will protect you from incoming traffic (i.e. hackers). Starting with Windows Vista, the firewall was beefed up to also protect you against outgoing traffic (i.e. malicious programs installed on your machine should be blocked from sending data, such as your bank details and passwords, out).

In addition, if you connect to the internet via a router, this will normally have a firewall in-built.

Some people will recommend installing a different firewall (instead of the Windows’ built one), this is personal choice, but the message is to definitely have one! For a tutorial on Firewalls and a listing of some available ones see this link: Understanding and Using Firewalls

Install an Anti-Malware program
Recommended, and free, Anti-Malware programs are Malwarebytes Anti-Malware and SuperAntiSpyware.

You should regularly (perhaps once a week) scan your computer with an Anti-Malware program just as you would with an antivirus software.

Make sure your applications have all of their updates
It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is very important to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities (such as Adobe Reader and Java). You can check these by visiting Secunia Software Inspector.

Follow this list and your potential for being infected again will reduce dramatically.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 Lindarita

Lindarita
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Northern California
  • Local time:12:02 AM

Posted 16 July 2012 - 11:26 AM

I've removed Combofix and done the cleanup per the instructions above. Everything is working great. Again, many thanks for your help, and for being so thorough and responsive! I really do appreciate it!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users