Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with w32 sirefef no internet


  • This topic is locked This topic is locked
49 replies to this topic

#1 r8der

r8der

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 30 July 2012 - 10:06 PM

After being infected with w32 sirefef virus I can no longer access the internet. When I open internet explorer 32 bit I get the message "This page cannot be displayed" but when I open internet explorer 64 bit I can go online but I cant update my anti virus programs.
Please help.
I am running Windows 7 home edition 64 bit

http://www.bleepingcomputer.com/forums/topic463009.html

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Sickness5150 at 17:51:17 on 2012-07-30
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8155.6134 [GMT -7:00]
.
AV: ESET Smart Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Trojan Remover\Trjscan.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_3_300_265_ActiveX.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
mStart Page = about:blank
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Remote Mouse] "C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe"
mRun: [IAStorIcon] "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe"
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-00105-0000-0005-ABCDEFFEDCBC}
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{EA2A2886-48B0-4AEC-B65D-69D5468435DF} : DhcpNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
BHO-X64: IESpeakDoc - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
mRun-x64: [IAStorIcon] "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe"
mRun-x64: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
============= SERVICES / DRIVERS ===============
.
R0 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys --> C:\Windows\system32\DRIVERS\epfwwfp.sys [?]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\system32\DRIVERS\iusb3hcs.sys --> C:\Windows\system32\DRIVERS\iusb3hcs.sys [?]
R0 ssfs0bbc;ssfs0bbc;C:\Windows\system32\DRIVERS\ssfs0bbc.sys --> C:\Windows\system32\DRIVERS\ssfs0bbc.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\system32\DRIVERS\EpfwLWF.sys --> C:\Windows\system32\DRIVERS\EpfwLWF.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-3 63928]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-5-16 98208]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe [2011-12-29 106144]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-12 249648]
R2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-6-19 173056]
R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-8-9 974944]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-5-16 13592]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-1-10 627936]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-5-16 128280]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-30 655944]
R2 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-4-7 5352960]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-5-16 1695040]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-5-16 363800]
R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [2011-12-29 158880]
R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [2012-7-27 76960]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]
R3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\system32\drivers\btath_avdt.sys --> C:\Windows\system32\drivers\btath_avdt.sys [?]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]
R3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\iusb3hub.sys --> C:\Windows\system32\DRIVERS\iusb3hub.sys [?]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\system32\DRIVERS\iusb3xhc.sys --> C:\Windows\system32\DRIVERS\iusb3xhc.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-16 250056]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2012-4-10 25072]
S3 rspSanity;rspSanity;C:\Windows\system32\DRIVERS\rspSanity64.sys --> C:\Windows\system32\DRIVERS\rspSanity64.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWow64\rundll32.exe shell32.dll,Control_RunDLL "%1",%*
VBEFile=C:\Windows\SysWow64\rundll32.exe shell32.dll,Control_RunDLL "%1",%*
VBSFile=C:\Windows\SysWow64\rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.
=============== Created Last 30 ================
.
2012-07-31 00:47:32 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AB9069C9-B353-4351-9E1B-A09A7D77F664}\offreg.dll
2012-07-31 00:36:24 -------- d-----w- C:\Windows\pss
2012-07-31 00:28:22 -------- d-----w- C:\BrownSW
2012-07-30 23:25:24 27256 ----a-w- C:\Windows\System32\drivers\FixZeroAccess.sys
2012-07-30 23:22:41 -------- d-----w- C:\Program Files (x86)\ESET
2012-07-30 23:22:37 -------- d--h--w- C:\Windows\AxInstSV
2012-07-30 21:54:51 -------- d-----w- C:\Program Files\CCleaner
2012-07-30 21:24:05 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-30 21:24:05 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-30 04:34:31 -------- d-----w- C:\FRST
2012-07-30 04:02:15 -------- d-----w- C:\Users\Sickness5150\AppData\Local\Adobe
2012-07-30 03:47:11 -------- d-----w- C:\ProgramData\Sophos
2012-07-28 08:13:10 -------- d-----w- C:\ProgramData\PLAV
2012-07-28 08:12:50 -------- d-----w- C:\ProgramData\ParetoLogic Anti-Virus PLUS
2012-07-28 04:15:27 815 ----a-w- C:\temp188.bat
2012-07-28 04:15:19 1147 ----a-w- C:\temp52.bat
2012-07-28 04:13:24 290304 ----a-w- C:\subinacl.exe
2012-07-28 03:15:00 -------- d-----w- C:\ProgramData\Atheros
2012-07-28 03:11:25 -------- d-----w- C:\Users\Sickness5150\AppData\Roaming\Atheros
2012-07-28 03:11:22 -------- d-----w- C:\Program Files (x86)\Common Files\Atheros
2012-07-28 00:57:58 -------- d-----w- C:\ProgramData\Kaspersky Lab
2012-07-28 00:10:40 -------- d-----w- C:\ProgramData\PC Tools
2012-07-28 00:10:39 -------- d-----w- C:\Users\Sickness5150\AppData\Roaming\TestApp
2012-07-28 00:03:22 -------- d-----w- C:\Users\Sickness5150\AppData\Roaming\Malwarebytes
2012-07-28 00:03:18 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-27 23:37:16 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2012-07-27 22:54:21 -------- d-----w- C:\Users\Sickness5150\AppData\Roaming\Safer Networking
2012-07-27 22:41:48 29752 ----a-w- C:\Windows\System32\drivers\rspSanity64.sys
2012-07-27 22:35:11 -------- d-----w- C:\Users\Sickness5150\Pavark
2012-07-27 22:21:54 -------- d-----w- C:\Windows\Microsoft Antimalware
2012-07-27 20:36:20 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AB9069C9-B353-4351-9E1B-A09A7D77F664}\mpengine.dll
2012-07-26 06:04:41 955888 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-07-26 06:04:41 839152 ----a-w- C:\Windows\System32\deployJava1.dll
2012-07-26 04:27:00 61440 ----a-w- C:\Windows\SysWow64\drivers\npaiii.sys
2012-07-26 04:24:16 61440 ----a-w- C:\Windows\SysWow64\drivers\kkkbxtaw.sys
2012-07-26 04:19:12 61440 ----a-w- C:\Windows\SysWow64\drivers\udczvw.sys
2012-07-26 04:18:20 -------- d-sh--w- C:\$RECYCLE.BIN
2012-07-26 02:59:13 -------- d-----w- C:\Users\Sickness5150\AppData\Roaming\SUPERAntiSpyware.com
2012-07-26 00:05:25 98816 ----a-w- C:\Windows\sed.exe
2012-07-26 00:05:25 518144 ----a-w- C:\Windows\SWREG.exe
2012-07-26 00:05:25 256000 ----a-w- C:\Windows\PEV.exe
2012-07-26 00:05:25 208896 ----a-w- C:\Windows\MBR.exe
2012-07-25 23:58:46 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-07-25 23:58:46 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-07-25 05:01:13 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-07-25 05:00:59 9133488 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll
2012-07-25 04:56:11 207664 ----a-w- C:\Windows\System32\psshutdown.exe
2012-07-25 04:56:11 187184 ----a-w- C:\Windows\System32\pssuspend.exe
2012-07-25 04:56:11 183160 ----a-w- C:\Windows\System32\PsLoggedon.exe
2012-07-25 04:56:11 178040 ----a-w- C:\Windows\System32\psloglist.exe
2012-07-25 04:56:11 169848 ----a-w- C:\Windows\System32\PsService.exe
2012-07-25 04:56:11 105264 ----a-w- C:\Windows\System32\pspasswd.exe
2012-07-25 04:56:10 468592 ----a-w- C:\Windows\System32\pskill.exe
2012-07-25 04:56:10 390520 ----a-w- C:\Windows\System32\PsInfo.exe
2012-07-25 04:56:10 381816 ----a-w- C:\Windows\System32\PsExec.exe
2012-07-25 04:56:10 333176 ----a-w- C:\Windows\System32\PsGetsid.exe
2012-07-25 04:56:10 232232 ----a-w- C:\Windows\System32\pslist.exe
2012-07-25 04:56:10 105264 ----a-w- C:\Windows\System32\psfile.exe
2012-07-25 03:58:33 77312 ----a-w- C:\Windows\SysWow64\ztvunace26.dll
2012-07-25 03:58:33 75264 ----a-w- C:\Windows\SysWow64\unacev2.dll
2012-07-25 03:58:33 69632 ----a-w- C:\Windows\SysWow64\ztvcabinet.dll
2012-07-25 03:58:33 162304 ----a-w- C:\Windows\SysWow64\ztvunrar36.dll
2012-07-25 03:58:33 153088 ----a-w- C:\Windows\SysWow64\UNRAR3.dll
2012-07-25 03:58:26 -------- d-----w- C:\Users\Sickness5150\AppData\Roaming\Simply Super Software
2012-07-24 06:36:00 328704 ----a-w- C:\Windows\System32\services.exe.B163531DD5A9CE67
2012-07-24 06:35:50 129024 ----a-w- C:\Windows\RegBootClean64.exe
2012-07-24 06:14:23 -------- d-----w- C:\Program Files (x86)\stinger
2012-07-24 05:52:01 -------- d-----w- C:\ProgramData\HitmanPro
2012-07-24 05:27:25 -------- d-----w- C:\Program Files (x86)\Citrix
2012-07-24 05:12:23 -------- d-----w- C:\Users\Sickness5150\AppData\Roaming\QuickScan
2012-07-24 05:07:54 -------- d-----w- C:\Users\Sickness5150\AppData\Roaming\GetRightToGo
2012-07-24 04:43:29 -------- d-----w- C:\Users\Sickness5150\AppData\Roaming\SpeedyPC Software
2012-07-24 04:43:29 -------- d-----w- C:\Users\Sickness5150\AppData\Roaming\DriverCure
2012-07-24 04:43:23 -------- d-----w- C:\Program Files (x86)\Common Files\SpeedyPC Software
2012-07-24 04:43:21 -------- d-----w- C:\ProgramData\SpeedyPC Software
2012-07-24 04:43:21 -------- d-----w- C:\Program Files (x86)\SpeedyPC Software
2012-07-24 04:34:48 -------- d-----w- C:\Users\Sickness5150\AppData\Local\Deployment
2012-07-24 04:34:48 -------- d-----w- C:\Users\Sickness5150\AppData\Local\Apps
2012-07-24 04:23:09 328704 ----a-w- C:\Windows\System32\services.exe.3A2312A40FD809D1
2012-07-24 04:16:29 328704 ----a-w- C:\Windows\System32\services.exe.88D6BEFE027D546D
2012-07-24 04:12:52 328704 ----a-w- C:\Windows\System32\services.exe.90D5EDF0015B9C2F
2012-07-24 04:04:39 328704 ----a-w- C:\Windows\System32\services.exe.041952EDB02A1C04
2012-07-24 02:43:31 -------- d-----w- C:\Users\Sickness5150\AppData\Local\NPE
2012-07-24 02:43:30 -------- d-----w- C:\ProgramData\Norton
2012-07-24 02:24:49 38848 ----a-w- C:\Windows\avastSS.scr
2012-07-24 02:24:48 -------- d-----w- C:\ProgramData\Alwil Software
2012-07-24 02:11:01 27760 ----a-w- C:\Windows\SysWow64\epfwdata.bin
2012-07-24 02:10:09 -------- d-----w- C:\Users\Sickness5150\AppData\Roaming\ESET
2012-07-24 02:10:09 -------- d-----w- C:\Users\Sickness5150\AppData\Local\ESET
2012-07-24 01:48:43 -------- d-----w- C:\Program Files\ESET
2012-07-24 00:48:00 -------- d-----w- C:\ProgramData\Webroot
2012-07-23 23:48:41 -------- d-----w- C:\Program Files (x86)\MSSOAP
2012-07-23 23:48:41 -------- d-----w- C:\Program Files (x86)\Common Files\MSSoap
2012-07-23 23:32:01 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-07-23 23:32:01 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-07-20 23:37:04 -------- d-----w- C:\ProgramData\Simply Super Software
2012-07-20 23:37:04 -------- d-----w- C:\Program Files (x86)\Trojan Remover
2012-07-19 03:49:54 328704 ----a-w- C:\Windows\System32\services.exe.46DA573FA569C3D0
2012-07-19 03:39:13 328704 ----a-w- C:\Windows\System32\services.exe.517AF7A202A9B1D2
2012-07-19 03:35:59 328704 ----a-w- C:\Windows\System32\services.exe.FEE330994FFFB9D3
2012-07-19 03:18:10 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-07-18 03:52:41 -------- d-----w- C:\Program Files\VstPlugins
2012-07-17 01:02:33 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-07-17 00:58:33 233472 ----a-w- C:\Windows\SysWow64\REX Shared Library.dll
2012-07-12 04:07:36 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-12 03:41:20 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2012-07-12 03:41:20 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2012-07-12 03:41:20 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-07-12 03:41:20 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-07-12 03:41:20 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-07-12 03:41:20 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-07-12 03:40:22 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-07-12 03:40:22 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-07-12 03:40:22 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-07-12 03:40:22 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-07-12 03:40:22 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-07-12 03:40:22 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-07-12 03:40:22 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-07-12 03:40:22 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-07-12 03:40:13 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-07-02 22:26:23 -------- dc----w- C:\ProgramData\{D2C12600-1639-405E-BBA9-ED45C0EA0333}
2012-07-02 22:26:19 -------- d-----w- C:\Program Files (x86)\Common Files\Native Instruments
2012-07-02 22:25:40 -------- dc----w- C:\ProgramData\{78F6A1FC-ADDE-4028-A231-7B924CE455BD}
2012-07-02 22:20:58 -------- dc----w- C:\ProgramData\{AE4E9D9F-140B-4444-9F54-7EF88D1966D3}
2012-07-02 22:17:48 -------- dc----w- C:\ProgramData\{65BD0376-C4B3-4402-8FF3-939E99FDADE9}
2012-07-02 22:15:38 -------- dc----w- C:\ProgramData\{B0CAD5CC-867E-473E-B55F-339F9635A45D}
2012-07-02 22:12:32 -------- dc----w- C:\ProgramData\{CB28D9D3-6B5D-4AFA-BA37-B4AFAAAF71B9}
2012-07-02 22:09:46 -------- dc----w- C:\ProgramData\{5A23829C-A66E-47B0-AD50-21A3FFE6C325}
2012-07-02 22:09:35 -------- dc----w- C:\ProgramData\{DCC412E7-393B-4016-91FB-9307F059AFB6}
2012-07-02 20:55:25 -------- dc----w- C:\ProgramData\{C7E9FBB1-9CB7-4917-9D0E-7C333B122B2B}
2012-07-02 20:55:21 -------- dc----w- C:\ProgramData\{88FFB8E6-9C82-4D0A-8351-F2D3EAB81D35}
2012-07-02 20:55:14 -------- dc----w- C:\ProgramData\{3F0C2AC3-0702-4760-AFC1-157546C32EC1}
2012-07-02 20:54:56 -------- dc----w- C:\ProgramData\{BB5EBCFA-1B53-4EBA-A708-1AC15B03E2AB}
2012-07-02 20:54:44 -------- dc----w- C:\ProgramData\{3FD630E4-094C-41D8-8276-77FA452C358F}
2012-07-02 20:52:38 -------- dc----w- C:\ProgramData\{86A4FE2A-247F-42EF-9C3E-C2551D2529B5}
2012-07-02 20:45:43 -------- dc----w- C:\ProgramData\{C78336EC-F2EB-4640-99A4-DFE96581B90B}
2012-07-02 20:45:40 -------- d-----w- C:\ProgramData\Native Instruments
.
==================== Find3M ====================
.
2012-07-12 03:47:10 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 03:47:10 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-14 02:51:46 772592 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-06-14 02:51:46 687600 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-31 19:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-05-27 04:27:23 1025 ----a-w- C:\Windows\SysWow64\sysprs7.dll
2012-05-27 04:27:23 1025 ----a-w- C:\Windows\SysWow64\clauth2.dll
2012-05-27 04:27:23 1025 ----a-w- C:\Windows\SysWow64\clauth1.dll
2012-05-25 00:29:12 2892 ----a-w- C:\Windows\SysWow64\audcon.sys
2012-05-21 22:05:56 384 ----a-w- C:\Windows\SysWow64\checkOS.bat
2012-05-20 23:47:58 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
2012-05-20 18:29:33 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2012-05-17 06:27:28 0 ----a-w- C:\Windows\ativpsrm.bin
2012-05-17 06:01:14 91648 ----a-w- C:\Windows\System32\SetIEInstalledDate.exe
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
.
============= FINISH: 17:52:42.20 ===============

Edited by r8der, 30 July 2012 - 10:07 PM.


BC AdBot (Login to Remove)

 


#2 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:02:58 AM

Posted 04 August 2012 - 03:08 PM

r8der,

:welcome: to Bleeping Computer.

My name is Jason and I'll be helping you with your computer problems. You can call me by my screename jntkwx or Jason is fine.

Some things to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please do not attach logs or put logs in code or quote boxes (unless explicitly asked to)
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can also help.
  • Do not run anything while running a fix.
  • If you don't understand a step, please ask for clarification before continuing with any future steps.

Click on the Watch Topic button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Note to others: The instructions here are intended for the person who began this topic. If you need help, please create your own topic in the appropriate forum.

 

It looks like you may have run Combofix. If it exists, please copy and paste the Combofix log at C:\Combofix.txt into your reply.


FRST
Please download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

- OR -

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

In your next repy, please include:
  • Combofix log, located at C:\Combofix.txt, if it exists
  • FRST log
  • How's your computer running now? Please be as descripitve as possible.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#3 r8der

r8der
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 04 August 2012 - 06:54 PM

Hello Jason, Here's the combofix log.
I'm about to run system recovery

ComboFix 12-08-05.02 - Sickness5150 08/04/2012 16:45:06.3.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8155.6016 [GMT -7:00]
Running from: c:\users\Sickness5150\Downloads\ComboFix.exe
AV: ESET Smart Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\5907\Downloads\246b20c1-8ea9-4148-a34e-d03c8a1d5a76.dll
c:\programdata\PCDr\5907\Downloads\27e5bc9a-105f-4d7f-8352-e6ef1c8933dd.dll
c:\programdata\PCDr\5907\Downloads\a2192d8a-3d73-4ff7-be9b-02134f41db63.dll
c:\programdata\PCDr\5907\Downloads\f0fc9c9c-10ba-435b-8365-dadb523644ff.dll
c:\users\SICKNE~1\AppData\Local\Temp\{E8EDC83B-15E0-46F2-BAC8-E80F5B6B25B6}\fpb.tmp
c:\users\Sickness5150\AppData\Local\Temp\{E8EDC83B-15E0-46F2-BAC8-E80F5B6B25B6}\fpb.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-07-04 to 2012-08-04 )))))))))))))))))))))))))))))))
.
.
2012-08-04 23:51 . 2012-08-04 23:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-04 23:40 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FC1DDDA7-2EEA-4B8E-AA78-E4501F847D3A}\mpengine.dll
2012-07-31 00:28 . 2012-07-31 00:28 -------- d-----w- C:\BrownSW
2012-07-30 23:25 . 2012-07-30 23:25 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys
2012-07-30 23:22 . 2012-07-30 23:22 -------- d-----w- c:\program files (x86)\ESET
2012-07-30 23:22 . 2012-07-30 23:22 -------- d--h--w- c:\windows\AxInstSV
2012-07-30 21:54 . 2012-07-30 21:54 -------- d-----w- c:\program files\CCleaner
2012-07-30 21:24 . 2012-07-30 21:24 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-30 21:24 . 2012-07-03 20:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-30 04:34 . 2012-07-30 04:34 -------- d-----w- C:\FRST
2012-07-30 04:02 . 2012-07-30 04:02 -------- d-----w- c:\users\Sickness5150\AppData\Local\Adobe
2012-07-30 03:47 . 2012-07-30 03:47 -------- d-----w- c:\programdata\Sophos
2012-07-28 08:13 . 2012-07-29 23:34 -------- d-----w- c:\programdata\PLAV
2012-07-28 08:12 . 2012-07-28 08:12 -------- d-----w- c:\programdata\ParetoLogic Anti-Virus PLUS
2012-07-28 04:15 . 2012-07-28 04:15 815 ----a-w- C:\temp188.bat
2012-07-28 04:15 . 2012-07-28 04:15 1147 ----a-w- C:\temp52.bat
2012-07-28 04:13 . 2004-06-11 23:33 290304 ----a-w- C:\subinacl.exe
2012-07-28 03:15 . 2012-07-30 02:51 -------- d-----w- c:\programdata\Atheros
2012-07-28 03:11 . 2012-07-28 03:11 -------- d-----w- c:\users\Sickness5150\AppData\Roaming\Atheros
2012-07-28 03:11 . 2012-07-28 03:11 -------- d-----w- c:\program files (x86)\Common Files\Atheros
2012-07-28 00:57 . 2012-07-28 00:57 -------- d-----w- c:\programdata\Kaspersky Lab
2012-07-28 00:10 . 2012-07-28 00:10 -------- d-----w- c:\programdata\PC Tools
2012-07-28 00:10 . 2012-07-28 00:10 -------- d-----w- c:\users\Sickness5150\AppData\Roaming\TestApp
2012-07-28 00:03 . 2012-07-28 00:03 -------- d-----w- c:\users\Sickness5150\AppData\Roaming\Malwarebytes
2012-07-28 00:03 . 2012-07-28 00:03 -------- d-----w- c:\programdata\Malwarebytes
2012-07-27 23:37 . 2012-07-27 23:37 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-07-27 22:54 . 2012-07-27 22:54 -------- d-----w- c:\users\Sickness5150\AppData\Roaming\Safer Networking
2012-07-27 22:41 . 2011-05-04 18:36 29752 ----a-w- c:\windows\system32\drivers\rspSanity64.sys
2012-07-27 22:35 . 2012-07-30 03:44 -------- d-----w- c:\users\Sickness5150\Pavark
2012-07-27 22:21 . 2012-07-27 22:21 -------- d-----w- c:\windows\Microsoft Antimalware
2012-07-26 06:04 . 2012-07-26 06:04 955888 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-26 06:04 . 2012-07-26 06:04 839152 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-26 06:04 . 2012-07-26 06:04 268784 ----a-w- c:\windows\system32\javaws.exe
2012-07-26 06:04 . 2012-07-26 06:04 189424 ----a-w- c:\windows\system32\javaw.exe
2012-07-26 06:04 . 2012-07-26 06:04 188912 ----a-w- c:\windows\system32\java.exe
2012-07-26 06:03 . 2012-07-26 06:03 -------- d-----w- c:\program files\Java
2012-07-26 04:27 . 2012-07-26 04:27 61440 ----a-w- c:\windows\SysWow64\drivers\npaiii.sys
2012-07-26 04:24 . 2012-07-26 04:24 61440 ----a-w- c:\windows\SysWow64\drivers\kkkbxtaw.sys
2012-07-26 04:19 . 2012-07-26 04:19 61440 ----a-w- c:\windows\SysWow64\drivers\udczvw.sys
2012-07-26 02:59 . 2012-07-26 02:59 -------- d-----w- c:\users\Sickness5150\AppData\Roaming\SUPERAntiSpyware.com
2012-07-25 23:58 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-07-25 23:58 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-07-25 05:01 . 2012-07-25 05:01 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-07-25 04:56 . 2010-04-27 18:04 178040 ----a-w- c:\windows\system32\psloglist.exe
2012-07-25 04:56 . 2010-04-27 18:04 183160 ----a-w- c:\windows\system32\PsLoggedon.exe
2012-07-25 04:56 . 2010-04-27 18:04 169848 ----a-w- c:\windows\system32\PsService.exe
2012-07-25 04:56 . 2006-12-05 00:53 207664 ----a-w- c:\windows\system32\psshutdown.exe
2012-07-25 04:56 . 2006-12-05 00:53 187184 ----a-w- c:\windows\system32\pssuspend.exe
2012-07-25 04:56 . 2006-12-05 00:53 105264 ----a-w- c:\windows\system32\pspasswd.exe
2012-07-25 04:56 . 2012-06-22 06:34 468592 ----a-w- c:\windows\system32\pskill.exe
2012-07-25 04:56 . 2012-03-22 22:53 232232 ----a-w- c:\windows\system32\pslist.exe
2012-07-25 04:56 . 2010-04-27 18:04 381816 ----a-w- c:\windows\system32\PsExec.exe
2012-07-25 04:56 . 2010-04-27 18:04 333176 ----a-w- c:\windows\system32\PsGetsid.exe
2012-07-25 04:56 . 2010-04-27 18:04 390520 ----a-w- c:\windows\system32\PsInfo.exe
2012-07-25 04:56 . 2006-12-05 00:53 105264 ----a-w- c:\windows\system32\psfile.exe
2012-07-25 03:58 . 2006-06-19 20:01 69632 ----a-w- c:\windows\SysWow64\ztvcabinet.dll
2012-07-25 03:58 . 2006-05-25 22:52 162304 ----a-w- c:\windows\SysWow64\ztvunrar36.dll
2012-07-25 03:58 . 2005-08-26 08:50 77312 ----a-w- c:\windows\SysWow64\ztvunace26.dll
2012-07-25 03:58 . 2003-02-03 03:06 153088 ----a-w- c:\windows\SysWow64\UNRAR3.dll
2012-07-25 03:58 . 2002-03-06 08:00 75264 ----a-w- c:\windows\SysWow64\unacev2.dll
2012-07-25 03:58 . 2012-07-25 06:28 -------- d-----w- c:\users\Sickness5150\AppData\Roaming\Simply Super Software
2012-07-24 06:36 . 2012-07-24 06:36 328704 ----a-w- c:\windows\system32\services.exe.B163531DD5A9CE67
2012-07-24 06:35 . 2012-07-24 06:35 129024 ----a-w- c:\windows\RegBootClean64.exe
2012-07-24 06:14 . 2012-07-26 02:00 -------- d-----w- c:\program files (x86)\stinger
2012-07-24 05:52 . 2012-07-24 05:55 -------- d-----w- c:\programdata\HitmanPro
2012-07-24 05:27 . 2012-07-24 05:27 -------- d-----w- c:\program files (x86)\Citrix
2012-07-24 05:12 . 2012-07-24 05:12 -------- d-----w- c:\users\Sickness5150\AppData\Roaming\QuickScan
2012-07-24 05:07 . 2012-07-28 03:23 -------- d-----w- c:\users\Sickness5150\AppData\Roaming\GetRightToGo
2012-07-24 04:43 . 2012-07-24 04:43 -------- d-----w- c:\users\Sickness5150\AppData\Roaming\SpeedyPC Software
2012-07-24 04:43 . 2012-07-24 04:43 -------- d-----w- c:\users\Sickness5150\AppData\Roaming\DriverCure
2012-07-24 04:43 . 2012-07-24 04:43 -------- d-----w- c:\program files (x86)\Common Files\SpeedyPC Software
2012-07-24 04:43 . 2012-07-24 04:43 -------- d-----w- c:\programdata\SpeedyPC Software
2012-07-24 04:43 . 2012-07-24 04:43 -------- d-----w- c:\program files (x86)\SpeedyPC Software
2012-07-24 04:34 . 2012-07-25 03:36 -------- d-----w- c:\users\Sickness5150\AppData\Local\Deployment
2012-07-24 04:34 . 2012-07-24 04:34 -------- d-----w- c:\users\Sickness5150\AppData\Local\Apps
2012-07-24 04:23 . 2012-07-24 04:23 328704 ----a-w- c:\windows\system32\services.exe.3A2312A40FD809D1
2012-07-24 04:16 . 2012-07-24 04:16 328704 ----a-w- c:\windows\system32\services.exe.88D6BEFE027D546D
2012-07-24 04:12 . 2012-07-24 04:12 328704 ----a-w- c:\windows\system32\services.exe.90D5EDF0015B9C2F
2012-07-24 04:04 . 2012-07-24 04:04 328704 ----a-w- c:\windows\system32\services.exe.041952EDB02A1C04
2012-07-24 02:43 . 2012-07-25 03:14 -------- d-----w- c:\users\Sickness5150\AppData\Local\NPE
2012-07-24 02:43 . 2012-07-24 02:43 -------- d-----w- c:\programdata\Norton
2012-07-24 02:24 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2012-07-24 02:24 . 2010-06-28 20:57 165032 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-07-24 02:24 . 2012-07-25 03:23 -------- d-----w- c:\program files\Alwil Software
2012-07-24 02:24 . 2012-07-25 03:23 -------- d-----w- c:\programdata\Alwil Software
2012-07-24 02:11 . 2012-07-24 02:14 27760 ----a-w- c:\windows\SysWow64\epfwdata.bin
2012-07-24 02:10 . 2012-07-24 02:10 -------- d-----w- c:\users\Sickness5150\AppData\Local\ESET
2012-07-24 01:48 . 2012-07-24 01:48 -------- d-----w- c:\program files\ESET
2012-07-24 00:48 . 2012-07-24 00:48 -------- d-----w- c:\programdata\Webroot
2012-07-23 23:48 . 2012-07-23 23:48 -------- d-----w- c:\program files (x86)\MSSOAP
2012-07-23 23:48 . 2012-07-23 23:48 17264 ----a-w- c:\windows\system32\SsiEfr.exe
2012-07-23 23:32 . 2012-07-24 00:48 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-07-23 23:32 . 2012-07-24 00:48 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-07-20 23:37 . 2012-07-25 03:58 -------- d-----w- c:\program files (x86)\Trojan Remover
2012-07-20 23:37 . 2012-07-20 23:37 -------- d-----w- c:\programdata\Simply Super Software
2012-07-19 03:49 . 2012-07-19 03:49 328704 ----a-w- c:\windows\system32\services.exe.46DA573FA569C3D0
2012-07-19 03:39 . 2012-07-19 03:39 328704 ----a-w- c:\windows\system32\services.exe.517AF7A202A9B1D2
2012-07-19 03:35 . 2012-07-19 03:35 328704 ----a-w- c:\windows\system32\services.exe.FEE330994FFFB9D3
2012-07-19 03:18 . 2012-07-19 03:18 -------- d-----w- c:\program files (x86)\Trend Micro
2012-07-18 03:52 . 2012-07-18 03:52 -------- d-----w- c:\program files\VstPlugins
2012-07-17 01:02 . 2012-07-17 01:02 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-17 00:58 . 2006-04-07 02:41 233472 ----a-w- c:\windows\SysWow64\REX Shared Library.dll
2012-07-12 04:07 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-12 03:41 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-12 03:41 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-07-12 03:41 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-12 03:41 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-07-12 03:41 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-12 03:41 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2012-07-12 03:40 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-07-12 03:40 . 2012-06-02 05:50 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-12 03:40 . 2012-06-02 05:48 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-12 03:40 . 2012-06-02 05:48 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-07-12 03:40 . 2012-06-02 05:45 340992 ----a-w- c:\windows\system32\schannel.dll
2012-07-12 03:40 . 2012-06-02 05:44 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-12 03:40 . 2012-06-02 04:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-07-12 03:40 . 2012-06-02 04:40 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-07-12 03:40 . 2012-06-02 04:39 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-07-12 03:40 . 2012-06-02 04:34 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 03:47 . 2012-05-17 04:32 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 03:47 . 2012-05-17 04:32 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-03 10:19 . 2012-05-23 23:01 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-14 02:51 . 2012-06-14 02:51 772592 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-06-14 02:51 . 2012-06-14 02:51 687600 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-02 22:19 . 2012-06-18 21:55 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-18 21:55 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-18 21:55 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-18 21:55 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-18 21:55 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-18 21:55 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-18 21:55 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-18 21:55 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-18 21:55 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-05-31 19:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-25 00:29 . 2012-05-25 00:29 2892 ----a-w- c:\windows\SysWow64\audcon.sys
2012-05-21 22:05 . 2012-05-21 22:05 384 ----a-w- c:\windows\SysWow64\checkOS.bat
2012-05-20 23:47 . 2012-05-20 23:47 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2012-05-20 18:29 . 2012-05-20 18:29 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-05-20 16:52 . 2010-06-24 16:33 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-05-17 06:21 . 2012-05-17 06:21 86528 ----a-w- c:\windows\SysWow64\SearchFilterHost.exe
2012-05-17 06:21 . 2012-05-17 06:21 778752 ----a-w- c:\windows\system32\mssvp.dll
2012-05-17 06:21 . 2012-05-17 06:21 75264 ----a-w- c:\windows\system32\msscntrs.dll
2012-05-17 06:21 . 2012-05-17 06:21 666624 ----a-w- c:\windows\SysWow64\mssvp.dll
2012-05-17 06:21 . 2012-05-17 06:21 59392 ----a-w- c:\windows\SysWow64\msscntrs.dll
2012-05-17 06:21 . 2012-05-17 06:21 591872 ----a-w- c:\windows\system32\SearchIndexer.exe
2012-05-17 06:21 . 2012-05-17 06:21 491520 ----a-w- c:\windows\system32\mssph.dll
2012-05-17 06:21 . 2012-05-17 06:21 427520 ----a-w- c:\windows\SysWow64\SearchIndexer.exe
2012-05-17 06:21 . 2012-05-17 06:21 337408 ----a-w- c:\windows\SysWow64\mssph.dll
2012-05-17 06:21 . 2012-05-17 06:21 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2012-05-17 06:21 . 2012-05-17 06:21 31232 ----a-w- c:\windows\system32\prevhost.exe
2012-05-17 06:21 . 2012-05-17 06:21 288256 ----a-w- c:\windows\system32\mssphtb.dll
2012-05-17 06:21 . 2012-05-17 06:21 249856 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2012-05-17 06:21 . 2012-05-17 06:21 2315776 ----a-w- c:\windows\system32\tquery.dll
2012-05-17 06:21 . 2012-05-17 06:21 2223616 ----a-w- c:\windows\system32\mssrch.dll
2012-05-17 06:21 . 2012-05-17 06:21 197120 ----a-w- c:\windows\SysWow64\mssphtb.dll
2012-05-17 06:21 . 2012-05-17 06:21 164352 ----a-w- c:\windows\SysWow64\SearchProtocolHost.exe
2012-05-17 06:21 . 2012-05-17 06:21 1549312 ----a-w- c:\windows\SysWow64\tquery.dll
2012-05-17 06:21 . 2012-05-17 06:21 1401344 ----a-w- c:\windows\SysWow64\mssrch.dll
2012-05-17 06:21 . 2012-05-17 06:21 113664 ----a-w- c:\windows\system32\SearchFilterHost.exe
2012-05-17 06:21 . 2012-05-17 06:21 976896 ----a-w- c:\windows\system32\inetcomm.dll
2012-05-17 06:21 . 2012-05-17 06:21 80384 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2012-05-17 06:21 . 2012-05-17 06:21 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2012-05-17 06:21 . 2012-05-17 06:21 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2012-05-17 06:21 . 2012-05-17 06:21 613888 ----a-w- c:\windows\system32\psisdecd.dll
2012-05-17 06:21 . 2012-05-17 06:21 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-05-17 06:21 . 2012-05-17 06:21 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-05-17 06:21 . 2012-05-17 06:21 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-05-17 06:21 . 2012-05-17 06:21 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2012-05-17 06:21 . 2012-05-17 06:21 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2012-05-17 06:21 . 2012-05-17 06:21 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2012-05-17 06:21 . 2012-05-17 06:21 1395712 ----a-w- c:\windows\system32\mfc42.dll
2012-05-17 06:21 . 2012-05-17 06:21 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2012-05-17 06:21 . 2012-05-17 06:21 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2012-05-17 06:21 . 2012-05-17 06:21 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2012-05-17 06:21 . 2012-05-17 06:21 108032 ----a-w- c:\windows\system32\psisrndr.ax
2012-05-17 06:21 . 2012-05-17 06:21 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-05-17 06:21 . 2012-05-17 06:21 77312 ----a-w- c:\windows\system32\packager.dll
2012-05-17 06:21 . 2012-05-17 06:21 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-05-17 06:21 . 2012-05-17 06:21 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-05-17 06:21 . 2012-05-17 06:21 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2012-05-17 06:21 . 2012-05-17 06:21 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-05-17 06:21 . 2012-05-17 06:21 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2012-05-17 06:21 . 2012-05-17 06:21 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-05-17 06:21 . 2012-05-17 06:21 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-05-17 06:21 . 2012-05-17 06:21 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-05-17 06:21 . 2012-05-17 06:21 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2012-05-17 06:21 . 2012-05-17 06:21 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-05-17 06:21 . 2012-05-17 06:21 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2012-05-17 06:21 . 2012-05-17 06:21 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-05-17 06:21 . 2012-05-17 06:21 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-05-17 06:21 . 2012-05-17 06:21 294912 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-05-17 06:21 . 2012-05-17 06:21 2871808 ----a-w- c:\windows\explorer.exe
2012-05-17 06:21 . 2012-05-17 06:21 2616320 ----a-w- c:\windows\SysWow64\explorer.exe
2012-05-17 06:21 . 2012-05-17 06:21 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2012-05-17 06:21 . 2012-05-17 06:21 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-05-17 06:21 . 2012-05-17 06:21 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-05-17 06:21 . 2012-05-17 06:21 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2012-05-17 06:21 . 2012-05-17 06:21 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-05-17 06:21 . 2012-05-17 06:21 100864 ----a-w- c:\windows\system32\fontsub.dll
2012-05-17 06:21 . 2012-05-17 06:21 961024 ----a-w- c:\windows\system32\CPFilters.dll
2012-05-17 06:21 . 2012-05-17 06:21 861696 ----a-w- c:\windows\system32\oleaut32.dll
2012-05-17 06:21 . 2012-05-17 06:21 850944 ----a-w- c:\windows\SysWow64\sbe.dll
2012-05-17 06:21 . 2012-05-17 06:21 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2012-05-17 06:21 . 2012-05-17 06:21 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-05-17 06:21 . 2012-05-17 06:21 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll
2012-05-17 06:21 . 2012-05-17 06:21 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-05-17 06:21 . 2012-05-17 06:21 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-05-17 06:21 . 2012-05-17 06:21 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2012-05-17 06:21 . 2012-05-17 06:21 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-05-17 06:21 . 2012-05-17 06:21 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-05-17 06:21 . 2012-05-17 06:21 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-05-17 06:21 . 2012-05-17 06:21 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-05-17 06:21 . 2012-05-17 06:21 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2012-05-17 06:21 . 2012-05-17 06:21 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-05-17 06:21 . 2012-05-17 06:21 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-05-17 06:21 . 2012-05-17 06:21 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-05-17 06:21 . 2012-05-17 06:21 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-05-17 06:21 . 2012-05-17 06:21 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-05-17 06:21 . 2012-05-17 06:21 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-26_00.11.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-06 11:20 . 2007-02-17 14:21 63488 c:\windows\xcacls.exe
- 2012-07-17 18:53 . 2012-07-24 00:16 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-07-17 18:53 . 2012-07-29 23:22 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-07-28 01:20 . 2012-08-04 23:38 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-11-21 03:09 . 2012-08-01 00:00 55696 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-04 23:38 40254 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-05-20 16:59 . 2012-08-04 23:38 10712 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-727242494-1739597175-2475294030-1001_UserData.bin
+ 2012-07-24 01:15 . 2012-07-30 01:26 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
- 2012-07-24 01:15 . 2012-07-24 00:14 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
- 2009-07-14 05:30 . 2012-07-25 03:28 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2012-07-29 23:34 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2011-12-30 01:03 . 2011-12-30 01:03 26784 c:\windows\system32\DriverStore\FileRepository\leath_hid.inf_amd64_neutral_f414d694c665a156\leath_hid.sys
- 2011-12-29 23:03 . 2011-12-29 23:03 26784 c:\windows\system32\DriverStore\FileRepository\leath_hid.inf_amd64_neutral_f414d694c665a156\leath_hid.sys
+ 2011-12-30 01:03 . 2011-12-30 01:03 75424 c:\windows\system32\DriverStore\FileRepository\bthathfax.inf_amd64_neutral_224255f3172e492e\bthathfax.sys
- 2011-12-29 23:03 . 2011-12-29 23:03 75424 c:\windows\system32\DriverStore\FileRepository\bthathfax.inf_amd64_neutral_224255f3172e492e\bthathfax.sys
- 2011-12-29 23:02 . 2011-12-29 23:02 68256 c:\windows\system32\DriverStore\FileRepository\btath_lwflt.inf_amd64_neutral_9540c1199820c9fb\btath_lwflt.sys
+ 2011-12-30 01:02 . 2011-12-30 01:02 68256 c:\windows\system32\DriverStore\FileRepository\btath_lwflt.inf_amd64_neutral_9540c1199820c9fb\btath_lwflt.sys
- 2011-12-29 23:01 . 2011-12-29 23:01 36000 c:\windows\system32\DriverStore\FileRepository\btath_flt.inf_amd64_neutral_b737ac480dc9833d\btath_flt.sys
+ 2011-12-30 01:01 . 2011-12-30 01:01 36000 c:\windows\system32\DriverStore\FileRepository\btath_flt.inf_amd64_neutral_b737ac480dc9833d\btath_flt.sys
- 2011-12-29 23:01 . 2011-12-29 23:01 30368 c:\windows\system32\DriverStore\FileRepository\btath_bus.inf_amd64_neutral_da5ba56f73dd15f4\btath_bus.sys
+ 2011-12-30 01:01 . 2011-12-30 01:01 30368 c:\windows\system32\DriverStore\FileRepository\btath_bus.inf_amd64_neutral_da5ba56f73dd15f4\btath_bus.sys
+ 2011-12-30 01:00 . 2011-12-30 01:00 51872 c:\windows\system32\DriverStore\FileRepository\athdfu.inf_amd64_neutral_4b4e8f4a2bf5dd62\AthDfu.sys
- 2011-12-29 23:00 . 2011-12-29 23:00 51872 c:\windows\system32\DriverStore\FileRepository\athdfu.inf_amd64_neutral_4b4e8f4a2bf5dd62\AthDfu.sys
- 2011-12-29 23:02 . 2011-12-29 23:02 68256 c:\windows\system32\drivers\btath_lwflt.sys
+ 2011-12-30 01:02 . 2011-12-30 01:02 68256 c:\windows\system32\drivers\btath_lwflt.sys
- 2011-12-29 23:01 . 2011-12-29 23:01 36000 c:\windows\system32\drivers\btath_flt.sys
+ 2011-12-30 01:01 . 2011-12-30 01:01 36000 c:\windows\system32\drivers\btath_flt.sys
+ 2011-12-30 01:01 . 2011-12-30 01:01 30368 c:\windows\system32\drivers\btath_bus.sys
- 2011-12-29 23:01 . 2011-12-29 23:01 30368 c:\windows\system32\drivers\btath_bus.sys
- 2012-05-20 16:53 . 2012-07-25 05:27 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-05-20 16:53 . 2012-08-04 23:39 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-05-20 16:53 . 2012-07-25 05:27 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-07-28 02:15 . 2012-08-04 23:39 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-04 23:39 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-25 05:27 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-05-17 04:46 . 2011-12-27 01:09 63648 c:\windows\system32\athihvui.dll
+ 2012-05-17 04:46 . 2011-12-27 03:09 63648 c:\windows\system32\athihvui.dll
+ 2009-07-14 04:46 . 2012-07-28 02:14 95984 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2012-05-17 04:55 . 2012-07-19 03:58 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2012-05-17 04:55 . 2012-07-30 01:51 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
- 2012-05-17 04:47 . 2012-05-17 04:47 49152 c:\windows\Installer\{230D1595-57DA-4933-8C4E-375797EBB7E1}\UNINST_Uninstall_B_7C0706C16B0446EC9C4A38067C8CF2DF.exe
+ 2012-05-17 04:47 . 2012-07-28 03:11 49152 c:\windows\Installer\{230D1595-57DA-4933-8C4E-375797EBB7E1}\UNINST_Uninstall_B_7C0706C16B0446EC9C4A38067C8CF2DF.exe
- 2012-05-17 04:47 . 2012-05-17 04:47 73728 c:\windows\Installer\{230D1595-57DA-4933-8C4E-375797EBB7E1}\NewShortcut2_62D3A0C907F44E66BDE223F767544503.exe
+ 2012-07-28 03:11 . 2012-07-28 03:11 73728 c:\windows\Installer\{230D1595-57DA-4933-8C4E-375797EBB7E1}\NewShortcut2_62D3A0C907F44E66BDE223F767544503.exe
- 2012-05-17 04:47 . 2012-05-17 04:47 73728 c:\windows\Installer\{230D1595-57DA-4933-8C4E-375797EBB7E1}\ARPPRODUCTICON.exe
+ 2012-07-28 03:11 . 2012-07-28 03:11 73728 c:\windows\Installer\{230D1595-57DA-4933-8C4E-375797EBB7E1}\ARPPRODUCTICON.exe
- 2012-07-25 23:48 . 2012-07-25 23:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-04 23:36 . 2012-08-04 23:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-25 23:48 . 2012-07-25 23:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-04 23:36 . 2012-08-04 23:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-28 03:19 . 2012-07-28 03:19 262144 c:\windows\SysWOW64\config\TxR\NTUSER.DAT
+ 2009-07-14 04:54 . 2012-08-04 23:38 245760 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-07-25 23:50 245760 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-07-28 03:19 . 2012-07-28 03:19 262144 c:\windows\SysWOW64\config\RegBack\NTUSER.DAT
+ 2012-07-28 03:19 . 2012-07-28 03:19 262144 c:\windows\SysWOW64\config\Journal\NTUSER.DAT
+ 2009-07-14 02:36 . 2012-08-04 23:41 660068 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-07-25 23:52 660068 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-07-25 23:52 120996 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-08-04 23:41 120996 c:\windows\system32\perfc009.dat
- 2009-07-14 05:30 . 2012-07-25 03:28 239616 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-07-29 23:34 239616 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-07-29 23:34 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2012-07-25 03:28 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2011-12-30 01:02 . 2011-12-30 01:02 280992 c:\windows\system32\DriverStore\FileRepository\btath_rcp.inf_amd64_neutral_863e79fdeb3b79fb\btath_rcp.sys
- 2011-12-29 23:02 . 2011-12-29 23:02 280992 c:\windows\system32\DriverStore\FileRepository\btath_rcp.inf_amd64_neutral_863e79fdeb3b79fb\btath_rcp.sys
+ 2011-12-30 01:01 . 2011-12-30 01:01 167584 c:\windows\system32\DriverStore\FileRepository\btath_hcrp.inf_amd64_neutral_5a733c5e2f8be56c\btath_hcrp.sys
- 2011-12-29 23:01 . 2011-12-29 23:01 167584 c:\windows\system32\DriverStore\FileRepository\btath_hcrp.inf_amd64_neutral_5a733c5e2f8be56c\btath_hcrp.sys
- 2011-12-29 23:00 . 2011-12-29 23:00 110752 c:\windows\system32\DriverStore\FileRepository\btath_a2dp.inf_amd64_neutral_18708509e5d29428\btath_avdt.sys
+ 2011-12-30 01:00 . 2011-12-30 01:00 110752 c:\windows\system32\DriverStore\FileRepository\btath_a2dp.inf_amd64_neutral_18708509e5d29428\btath_avdt.sys
- 2011-12-29 23:00 . 2011-12-29 23:00 338592 c:\windows\system32\DriverStore\FileRepository\btath_a2dp.inf_amd64_neutral_18708509e5d29428\btath_a2dp.sys
+ 2011-12-30 01:00 . 2011-12-30 01:00 338592 c:\windows\system32\DriverStore\FileRepository\btath_a2dp.inf_amd64_neutral_18708509e5d29428\btath_a2dp.sys
- 2011-12-29 23:02 . 2011-12-29 23:02 548000 c:\windows\system32\DriverStore\FileRepository\atheros_bth.inf_amd64_neutral_5410f2f609e1cd74\btfilter.sys
+ 2011-12-30 01:02 . 2011-12-30 01:02 548000 c:\windows\system32\DriverStore\FileRepository\atheros_bth.inf_amd64_neutral_5410f2f609e1cd74\btfilter.sys
+ 2010-05-28 14:55 . 2010-05-28 14:55 354320 c:\windows\system32\drivers\klif.sys
+ 2010-08-09 17:57 . 2010-08-09 17:57 460888 c:\windows\system32\drivers\kl1.sys
+ 2011-12-30 01:02 . 2011-12-30 01:02 548000 c:\windows\system32\drivers\btfilter.sys
- 2011-12-29 23:02 . 2011-12-29 23:02 548000 c:\windows\system32\drivers\btfilter.sys
+ 2011-12-30 01:02 . 2011-12-30 01:02 280992 c:\windows\system32\drivers\btath_rcp.sys
- 2011-12-29 23:02 . 2011-12-29 23:02 280992 c:\windows\system32\drivers\btath_rcp.sys
- 2011-12-29 23:01 . 2011-12-29 23:01 167584 c:\windows\system32\drivers\btath_hcrp.sys
+ 2011-12-30 01:01 . 2011-12-30 01:01 167584 c:\windows\system32\drivers\btath_hcrp.sys
+ 2011-12-30 01:00 . 2011-12-30 01:00 110752 c:\windows\system32\drivers\btath_avdt.sys
- 2011-12-29 23:00 . 2011-12-29 23:00 110752 c:\windows\system32\drivers\btath_avdt.sys
+ 2011-12-30 01:00 . 2011-12-30 01:00 338592 c:\windows\system32\drivers\btath_a2dp.sys
- 2011-12-29 23:00 . 2011-12-29 23:00 338592 c:\windows\system32\drivers\btath_a2dp.sys
- 2011-12-29 21:50 . 2012-05-17 04:47 246804 c:\windows\system32\drivers\AtherosBt.bin
+ 2011-12-29 23:50 . 2012-07-28 03:11 246804 c:\windows\system32\drivers\AtherosBt.bin
+ 2009-07-14 05:12 . 2012-07-30 23:22 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2012-07-24 01:14 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-05-17 04:46 . 2011-12-27 03:09 442528 c:\windows\system32\athihvs.dll
- 2012-05-17 04:46 . 2011-12-27 01:09 442528 c:\windows\system32\athihvs.dll
+ 2011-12-30 00:54 . 2011-12-30 00:54 347808 c:\windows\system32\AthCredentialProvider.dll
- 2011-12-29 22:54 . 2011-12-29 22:54 347808 c:\windows\system32\AthCredentialProvider.dll
+ 2012-07-27 22:25 . 2012-07-27 22:28 262144 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2012-07-27 22:22 . 2012-07-27 22:28 262144 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2012-05-17 05:00 . 2012-08-01 03:07 617528 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 05:01 . 2012-07-25 07:02 228692 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-08-01 03:07 228692 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-07-30 03:05 . 2012-07-30 03:05 401924 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-727242494-1739597175-2475294030-1003-8192.dat
+ 2012-07-30 03:05 . 2012-07-30 03:05 229460 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-727242494-1739597175-2475294030-1003-4096.dat
+ 2012-05-20 16:57 . 2012-07-30 04:28 932156 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-727242494-1739597175-2475294030-1001-8192.dat
+ 2012-07-27 22:21 . 2012-07-27 22:21 311296 c:\windows\Microsoft Antimalware\Scans\History\CacheManager\MpScanCache-0.bin
+ 2012-07-26 06:03 . 2012-07-26 06:03 891392 c:\windows\Installer\19bf1d.msi
- 2012-07-19 03:32 . 2012-07-24 04:01 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\SCEP.exe
+ 2012-07-19 03:32 . 2012-07-28 07:53 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\SCEP.exe
- 2012-07-19 03:32 . 2012-07-24 04:01 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\INTUNE.exe
+ 2012-07-19 03:32 . 2012-07-28 07:53 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\INTUNE.exe
+ 2012-07-19 03:32 . 2012-07-28 07:53 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\FEP.exe
- 2012-07-19 03:32 . 2012-07-24 04:01 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\FEP.exe
- 2012-07-19 03:32 . 2012-07-24 04:01 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\EPP.exe
+ 2012-07-19 03:32 . 2012-07-28 07:53 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\EPP.exe
+ 2012-07-28 03:11 . 2012-07-28 03:11 217088 c:\windows\Installer\{230D1595-57DA-4933-8C4E-375797EBB7E1}\NewShortcut4_E6DAE290FB784409ADA5CE68A93A2309.exe
- 2012-05-17 04:47 . 2012-05-17 04:47 217088 c:\windows\Installer\{230D1595-57DA-4933-8C4E-375797EBB7E1}\NewShortcut4_E6DAE290FB784409ADA5CE68A93A2309.exe
- 2009-07-14 04:54 . 2012-07-25 23:50 4603904 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-04 23:38 4603904 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-05-17 04:46 . 2011-12-13 16:32 2797056 c:\windows\system32\DriverStore\FileRepository\netathrx.inf_amd64_neutral_e8d248ee43f17fdf\athrx.sys
+ 2012-05-17 04:46 . 2011-12-13 18:32 2797056 c:\windows\system32\DriverStore\FileRepository\netathrx.inf_amd64_neutral_e8d248ee43f17fdf\athrx.sys
- 2011-12-29 22:15 . 2011-12-29 22:15 1721576 c:\windows\system32\DriverStore\FileRepository\btath_hcrp.inf_amd64_neutral_5a733c5e2f8be56c\wdfcoinstaller01009.dll
+ 2011-12-30 00:15 . 2011-12-30 00:15 1721576 c:\windows\system32\DriverStore\FileRepository\btath_hcrp.inf_amd64_neutral_5a733c5e2f8be56c\wdfcoinstaller01009.dll
+ 2012-05-17 04:46 . 2011-12-13 18:32 2797056 c:\windows\system32\athrx.sys
- 2012-05-17 04:46 . 2011-12-13 16:32 2797056 c:\windows\system32\athrx.sys
- 2009-07-14 04:45 . 2012-07-25 05:33 7187735 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-07-26 00:19 7187735 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2012-05-20 22:48 . 2012-08-01 03:07 6908070 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-727242494-1739597175-2475294030-1001-4096.dat
+ 2012-05-20 16:57 . 2012-07-31 23:34 6356160 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-727242494-1739597175-2475294030-1001-12288.dat
+ 2012-07-27 22:21 . 2012-07-27 23:15 4194304 c:\windows\Microsoft Antimalware\Support\MpWppTracing-07272012-142154-00000003-ffffffff.bin
+ 2012-07-27 22:22 . 2012-07-16 10:40 9133488 c:\windows\Microsoft Antimalware\Definition Updates\{E6690E90-C283-415B-BF20-35EA0B549F6D}\mpengine.dll
+ 2009-07-14 02:34 . 2012-07-12 06:11 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2012-07-25 23:59 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2012-07-28 03:11 . 2012-07-28 03:11 94136840 c:\windows\Installer\1e46e8.msi
+ 2012-07-30 01:51 . 2012-07-30 01:51 23771136 c:\windows\Installer\12d2f1.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Remote Mouse"="c:\program files (x86)\Remote Mouse\RemoteMouse.exe" [2012-03-19 1020416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-11-30 284440]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-17 291608]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-26 343168]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"TrojanScanner"="c:\program files (x86)\Trojan Remover\Trjscan.exe" [2012-07-25 1233856]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R0 efpnfd;efpnfd;c:\windows\system32\drivers\kkkbxtaw.sys [x]
R0 lfwsbi;lfwsbi;c:\windows\system32\drivers\udczvw.sys [x]
R0 nbbod;nbbod;c:\windows\system32\drivers\npaiii.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-06-07 191752]
R3 efavdrv;efavdrv;c:\windows\system32\drivers\efavdrv.sys [x]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-04-10 25072]
R3 rspSanity;rspSanity;c:\windows\system32\DRIVERS\rspSanity64.sys [2011-05-04 29752]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-11-24 648808]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-22 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2011-08-04 62496]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-27 16152]
S0 ssfs0bbc;ssfs0bbc;c:\windows\system32\DRIVERS\ssfs0bbc.sys [2009-11-06 37488]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-20 283200]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2011-08-04 38288]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-26 204288]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [2011-12-30 106144]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-05-12 249648]
S2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-06-19 173056]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-08-10 974944]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-30 13592]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-01-11 627936]
S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-01-21 128280]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-04-07 5352960]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2012-02-16 1695040]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-01-21 363800]
S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [2011-12-30 158880]
S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe [2011-12-27 76960]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-10-26 10496512]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-10-26 326656]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-12-30 36000]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-10-18 93712]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-12-30 338592]
S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2011-12-30 110752]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-12-30 30368]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-12-30 167584]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-12-30 68256]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-12-30 280992]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-12-30 548000]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-27 356120]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-27 787736]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2011-11-11 60184]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-17 03:47]
.
2012-07-25 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-05-22 07:16]
.
2012-08-01 c:\windows\Tasks\SpeedyPC Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2012-08-04 c:\windows\Tasks\SpeedyPC Update Version3 Startup Task.job
- c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-07-06 20:52]
.
2012-07-24 c:\windows\Tasks\SpeedyPC Update Version3.job
- c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-07-06 20:52]
.
2012-08-04 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-05-22 07:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-12-23 6457960]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-11-16 1156712]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-08-10 4030008]
"AtherosBtStack"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" [2011-12-30 1014432]
"AthBtTray"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe" [2011-12-30 800416]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mStart Page = about:blank
TCP: DhcpNameServer = 192.168.1.1
.
.
------- File Associations -------
.
JSEFile=c:\windows\SysWow64\rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\05\00\14\12\03\10?"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-04 16:53:34
ComboFix-quarantined-files.txt 2012-08-04 23:53
ComboFix2.txt 2012-07-26 00:15
.
Pre-Run: 809,783,017,472 bytes free
Post-Run: 809,430,872,064 bytes free
.
- - End Of File - - 0442A0A5D73242DEE7AC3C6F2A45A252

#4 r8der

r8der
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 04 August 2012 - 07:05 PM

Ok I ran the system recovery I'll post the log at the bottom.
Computer runs fine its just I have no internet. My wifi connection says I'm connected but when I open up internet explorer 32 bit I get the message "Internet Explorer cannot display the webpage" & also I cannot update my antivirus program, malware bytes & trojan remover all wont update saying theres no internet connection. Pretty much any program I have that needs to access the internet cannot connect.
But whats weird is when I open internet explorer 64 bit version I can surf the web.


Scan result of Farbar Recovery Scan Tool Version: 04-08-2012 01
Ran by SYSTEM at 04-08-2012 16:59:17
Running from I:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet002

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s [6457960 2011-12-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX4 [1156712 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice [4030008 2011-08-09] (ESET)
HKLM\...\Run: [AtherosBtStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" [1014432 2011-12-29] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe" [800416 2011-12-29] (Atheros Commnucations)
HKLM-x32\...\Run: [IAStorIcon] "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-02-16] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-10-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2012-04-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot [1233856 2012-07-24] (Simply Super Software)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
HKU\Sickness5150\...\Run: [Remote Mouse] "C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe" [1020416 2012-03-19] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

==================== Services (Whitelisted) ======

2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [106144 2011-12-29] (Atheros Commnucations)
2 DellDigitalDelivery; "C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe" [173056 2012-06-19] (Dell Products, LP.)
2 ekrn; "C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe" [974944 2011-08-09] (ESET)
2 Intel® Capability Licensing Service Interface; "C:\Program Files\Intel\iCLS Client\HeciServer.exe" [627936 2012-01-10] (Intel® Corporation)
2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-01-21] ()
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [363800 2012-01-21] (Intel Corporation)
2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-12-29] (Atheros)
2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [76960 2011-12-26] (Atheros)

========================== Drivers (Whitelisted) =============

3 AthBTPort; C:\Windows\System32\DRIVERS\btath_flt.sys [36000 2011-12-29] (Atheros)
3 BTATH_A2DP; C:\Windows\System32\Drivers\BTATH_A2DP.sys [338592 2011-12-29] (Atheros)
3 btath_avdt; C:\Windows\System32\Drivers\btath_avdt.sys [110752 2011-12-29] (Atheros)
3 BTATH_BUS; C:\Windows\System32\Drivers\BTATH_BUS.sys [30368 2011-12-29] (Atheros)
3 BTATH_HCRP; C:\Windows\System32\Drivers\BTATH_HCRP.sys [167584 2011-12-29] (Atheros)
3 BTATH_LWFLT; C:\Windows\System32\Drivers\BTATH_LWFLT.sys [68256 2011-12-29] (Atheros)
3 BTATH_RCP; C:\Windows\System32\Drivers\BTATH_RCP.sys [280992 2011-12-29] (Atheros)
3 BtFilter; C:\Windows\System32\Drivers\BtFilter.sys [548000 2011-12-29] (Atheros)
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-05-20] (DT Soft Ltd)
2 eamonm; C:\Windows\System32\Drivers\eamonm.sys [202576 2011-08-09] (ESET)
1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [146432 2011-08-04] (ESET)
2 epfw; C:\Windows\System32\Drivers\epfw.sys [187632 2011-08-04] (ESET)
1 EpfwLWF; C:\Windows\System32\Drivers\EpfwLWF.sys [38288 2011-08-04] (ESET)
0 epfwwfp; C:\Windows\System32\Drivers\epfwwfp.sys [62496 2011-08-04] (ESET)
0 iusb3hcs; C:\Windows\System32\Drivers\iusb3hcs.sys [16152 2012-01-26] (Intel Corporation)
3 iusb3hub; C:\Windows\System32\Drivers\iusb3hub.sys [356120 2012-01-26] (Intel Corporation)
3 iusb3xhc; C:\Windows\System32\Drivers\iusb3xhc.sys [787736 2012-01-26] (Intel Corporation)
1 kl1; C:\Windows\System32\Drivers\kl1.sys [460888 2010-08-09] (Kaspersky Lab ZAO)
1 KLIF; C:\Windows\System32\Drivers\KLIF.sys [354320 2010-05-28] (Kaspersky Lab)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
3 rspSanity; C:\Windows\System32\DRIVERS\rspSanity64.sys [29752 2011-05-04] (Resplendence Software Projects Sp.)
0 ssfs0bbc; C:\Windows\System32\Drivers\ssfs0bbc.sys [37488 2009-11-06] (Webroot Software, Inc. (www.webroot.com))
0 ssidrv; C:\Windows\System32\Drivers\ssidrv.sys [135280 2009-11-06] (Webroot Software, Inc. (www.webroot.com))
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 efavdrv; \??\C:\Windows\system32\drivers\efavdrv.sys [x]
0 efpnfd; C:\Windows\System32\drivers\kkkbxtaw.sys [x]
1 IPSec; C:\Windows\System32\DRIVERS\ipsec.sys [x]
0 lfwsbi; C:\Windows\System32\drivers\udczvw.sys [x]
0 nbbod; C:\Windows\System32\drivers\npaiii.sys [x]
3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-04 15:53 - 2012-08-04 15:53 - 00052970 ____A C:\ComboFix.txt
2012-08-04 15:42 - 2012-08-04 15:43 - 04725168 ____R (Swearware) C:\Users\Sickness5150\Downloads\ComboFix.exe
2012-08-04 15:40 - 2012-08-04 15:40 - 01439619 ____A (Farbar) C:\Users\Sickness5150\Downloads\FRST64.exe
2012-07-30 16:36 - 2012-07-30 16:36 - 00000000 ____D C:\Windows\pss
2012-07-30 16:29 - 2012-08-04 15:56 - 00000928 ____A C:\Windows\PFRO.log
2012-07-30 16:28 - 2012-07-30 16:28 - 00000161 ____A C:\Windows\clnqhosts.txt
2012-07-30 16:28 - 2012-07-30 16:28 - 00000000 ____D C:\BrownSW
2012-07-30 16:28 - 2003-10-03 10:55 - 00000734 ____A C:\Windows\System32\Drivers\etc\hosts.{00}.SAV
2012-07-30 15:25 - 2012-07-30 15:25 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys
2012-07-30 15:22 - 2012-07-30 15:22 - 00000000 ___HD C:\Windows\AxInstSV
2012-07-30 15:22 - 2012-07-30 15:22 - 00000000 ____D C:\Program Files (x86)\ESET
2012-07-30 15:20 - 2012-07-30 15:20 - 00000168 ____A C:\Users\Sickness5150\defogger_reenable
2012-07-30 14:05 - 2012-08-04 15:55 - 00109973 ____A C:\Windows\WindowsUpdate.log
2012-07-30 14:03 - 2012-08-04 15:56 - 00000896 ____A C:\Windows\setupact.log
2012-07-30 14:03 - 2012-07-30 14:03 - 00000000 ____A C:\Windows\setuperr.log
2012-07-30 13:56 - 2012-07-30 13:56 - 00125632 ____A C:\Users\Sickness5150\My Documents\cc_20120730_145611.reg
2012-07-30 13:56 - 2012-07-30 13:56 - 00125632 ____A C:\Users\Sickness5150\Documents\cc_20120730_145611.reg
2012-07-30 13:54 - 2012-07-30 13:54 - 00000000 ____D C:\Program Files\CCleaner
2012-07-30 13:24 - 2012-07-30 13:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-30 13:24 - 2012-07-03 12:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-29 20:34 - 2012-07-29 20:34 - 00000000 ____D C:\FRST
2012-07-29 20:02 - 2012-07-29 20:02 - 00000000 ____D C:\Users\Sickness5150\Local Settings\Application Data\Adobe
2012-07-29 20:02 - 2012-07-29 20:02 - 00000000 ____D C:\Users\Sickness5150\Local Settings\Adobe
2012-07-29 20:02 - 2012-07-29 20:02 - 00000000 ____D C:\Users\Sickness5150\AppData\Local\Adobe
2012-07-29 19:47 - 2012-07-29 19:47 - 00000000 ____D C:\Users\All Users\Sophos
2012-07-29 19:47 - 2012-07-29 19:47 - 00000000 ____D C:\Users\All Users\Application Data\Sophos
2012-07-29 19:09 - 2012-07-30 13:17 - 00000395 ____A C:\rkill.log
2012-07-28 00:13 - 2012-07-29 15:34 - 00000000 ____D C:\Users\All Users\PLAV
2012-07-28 00:13 - 2012-07-29 15:34 - 00000000 ____D C:\Users\All Users\Application Data\PLAV
2012-07-28 00:12 - 2012-07-28 00:12 - 00000000 ____D C:\Users\All Users\ParetoLogic Anti-Virus PLUS
2012-07-28 00:12 - 2012-07-28 00:12 - 00000000 ____D C:\Users\All Users\Application Data\ParetoLogic Anti-Virus PLUS
2012-07-27 20:15 - 2012-07-27 20:15 - 00001147 ____A C:\temp52.bat
2012-07-27 20:15 - 2012-07-27 20:15 - 00000815 ____A C:\temp188.bat
2012-07-27 20:13 - 2004-06-11 15:33 - 00290304 ____A (Microsoft Corporation) C:\subinacl.exe
2012-07-27 20:07 - 2012-07-27 20:15 - 00000042 ____A C:\repairs_running.dat
2012-07-27 19:15 - 2012-07-29 18:51 - 00000000 ____D C:\Users\All Users\Atheros
2012-07-27 19:15 - 2012-07-29 18:51 - 00000000 ____D C:\Users\All Users\Application Data\Atheros
2012-07-27 19:11 - 2012-07-27 19:11 - 00000000 ____D C:\Users\Sickness5150\Application Data\Atheros
2012-07-27 19:11 - 2012-07-27 19:11 - 00000000 ____D C:\Users\Sickness5150\AppData\Roaming\Atheros
2012-07-27 16:57 - 2012-07-27 16:57 - 00000000 ____D C:\Users\All Users\Kaspersky Lab
2012-07-27 16:57 - 2012-07-27 16:57 - 00000000 ____D C:\Users\All Users\Application Data\Kaspersky Lab
2012-07-27 16:10 - 2012-07-27 16:10 - 00000000 ____D C:\Users\Sickness5150\Application Data\TestApp
2012-07-27 16:10 - 2012-07-27 16:10 - 00000000 ____D C:\Users\Sickness5150\AppData\Roaming\TestApp
2012-07-27 16:10 - 2012-07-27 16:10 - 00000000 ____D C:\Users\All Users\PC Tools
2012-07-27 16:10 - 2012-07-27 16:10 - 00000000 ____D C:\Users\All Users\Application Data\PC Tools
2012-07-27 16:03 - 2012-07-27 16:03 - 00000000 ____D C:\Users\Sickness5150\Application Data\Malwarebytes
2012-07-27 16:03 - 2012-07-27 16:03 - 00000000 ____D C:\Users\Sickness5150\AppData\Roaming\Malwarebytes
2012-07-27 16:03 - 2012-07-27 16:03 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-07-27 16:03 - 2012-07-27 16:03 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2012-07-27 15:37 - 2012-07-27 15:37 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2012-07-27 14:54 - 2012-07-27 14:54 - 00000000 ____D C:\Users\Sickness5150\Application Data\Safer Networking
2012-07-27 14:54 - 2012-07-27 14:54 - 00000000 ____D C:\Users\Sickness5150\AppData\Roaming\Safer Networking
2012-07-27 14:44 - 2012-07-27 14:44 - 00008097 ____A C:\Users\Sickness5150\Local Settings\Temp24.html
2012-07-27 14:44 - 2012-07-27 14:44 - 00008097 ____A C:\Users\Sickness5150\Local Settings\Application Data\Temp24.html
2012-07-27 14:44 - 2012-07-27 14:44 - 00008097 ____A C:\Users\Sickness5150\AppData\Local\Temp24.html
2012-07-27 14:42 - 2012-07-27 14:43 - 00001293 ____A C:\Users\Sickness5150\Local Settings\Temp1.html
2012-07-27 14:42 - 2012-07-27 14:43 - 00001293 ____A C:\Users\Sickness5150\Local Settings\Application Data\Temp1.html
2012-07-27 14:42 - 2012-07-27 14:43 - 00001293 ____A C:\Users\Sickness5150\AppData\Local\Temp1.html
2012-07-27 14:41 - 2011-05-04 10:36 - 00029752 ____A (Resplendence Software Projects Sp.) C:\Windows\System32\Drivers\rspSanity64.sys
2012-07-27 14:35 - 2012-07-29 19:44 - 00000000 ____D C:\Users\Sickness5150\Pavark
2012-07-27 14:21 - 2012-07-27 14:21 - 00000000 ____D C:\Windows\Microsoft Antimalware
2012-07-27 12:45 - 2012-07-27 12:45 - 00000000 ____D C:\Users\Sickness5150\Downloads\Baby Einstein -Baby Mozart_BY LUISAH_
2012-07-27 12:45 - 2012-07-27 12:45 - 00000000 ____D C:\Users\Sickness5150\Downloads\Baby Einstein - Lullaby Classics_BY LUISAH_
2012-07-27 12:42 - 2012-07-27 12:44 - 00000000 ____D C:\Users\Sickness5150\Downloads\Baby.Einstein[Baby Mozart]DVDRip[Eng]Xvid-10vol
2012-07-25 22:04 - 2012-07-25 22:04 - 00955888 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-07-25 22:04 - 2012-07-25 22:04 - 00839152 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-07-25 22:04 - 2012-07-25 22:04 - 00268784 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-07-25 22:04 - 2012-07-25 22:04 - 00189424 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-07-25 22:04 - 2012-07-25 22:04 - 00188912 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-07-25 22:03 - 2012-07-25 22:03 - 00045161 ____A C:\JavaRa.log
2012-07-25 22:03 - 2012-07-25 22:03 - 00000000 ____D C:\Program Files\Java
2012-07-25 20:27 - 2012-07-25 20:27 - 00061440 ____A C:\Windows\SysWOW64\Drivers\npaiii.sys
2012-07-25 20:27 - 2012-07-25 20:27 - 00000050 ____A C:\Program Files (x86)\cjpzdu.txt
2012-07-25 20:24 - 2012-07-25 20:24 - 00061440 ____A C:\Windows\SysWOW64\Drivers\kkkbxtaw.sys
2012-07-25 20:24 - 2012-07-25 20:24 - 00000050 ____A C:\Windows\jwam.txt
2012-07-25 20:19 - 2012-07-25 20:19 - 00061440 ____A C:\Windows\SysWOW64\Drivers\udczvw.sys
2012-07-25 20:19 - 2012-07-25 20:19 - 00000050 ____A C:\Program Files (x86)\rghiax.txt
2012-07-25 19:43 - 2012-07-30 15:05 - 00000021 _RASH C:\Windows\System32\Drivers\etc\hosts.ORI
2012-07-25 19:41 - 2012-07-25 19:42 - 00000833 ____A C:\Windows\System32\Drivers\etc\hosts.txt
2012-07-25 18:59 - 2012-07-25 18:59 - 00000000 ____D C:\Users\Sickness5150\Application Data\SUPERAntiSpyware.com
2012-07-25 18:59 - 2012-07-25 18:59 - 00000000 ____D C:\Users\Sickness5150\AppData\Roaming\SUPERAntiSpyware.com
2012-07-25 16:05 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-07-25 16:05 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-07-25 16:05 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-07-25 16:05 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-07-25 16:05 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-07-25 16:05 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-07-25 16:05 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-07-25 16:05 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-07-25 15:58 - 2012-05-04 03:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-07-25 15:58 - 2012-05-04 01:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-07-24 21:01 - 2012-07-24 21:01 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2012-07-24 20:56 - 2012-06-21 22:34 - 00468592 ____A (Sysinternals - www.sysinternals.com) C:\Windows\System32\pskill.exe
2012-07-24 20:56 - 2012-03-22 14:53 - 00232232 ____A (Sysinternals - www.sysinternals.com) C:\Windows\System32\pslist.exe
2012-07-24 20:56 - 2010-04-27 10:04 - 00390520 ____A (Sysinternals - www.sysinternals.com) C:\Windows\System32\PsInfo.exe
2012-07-24 20:56 - 2010-04-27 10:04 - 00381816 ____A (Sysinternals - www.sysinternals.com) C:\Windows\System32\PsExec.exe
2012-07-24 20:56 - 2010-04-27 10:04 - 00333176 ____A (Sysinternals - www.sysinternals.com) C:\Windows\System32\PsGetsid.exe
2012-07-24 20:56 - 2010-04-27 10:04 - 00183160 ____A (Sysinternals - www.sysinternals.com) C:\Windows\System32\PsLoggedon.exe
2012-07-24 20:56 - 2010-04-27 10:04 - 00178040 ____A (Sysinternals - www.sysinternals.com) C:\Windows\System32\psloglist.exe
2012-07-24 20:56 - 2010-04-27 10:04 - 00169848 ____A (Sysinternals - www.sysinternals.com) C:\Windows\System32\PsService.exe
2012-07-24 20:56 - 2007-11-06 08:17 - 00000039 ____A C:\Windows\System32\psversion.txt
2012-07-24 20:56 - 2007-02-10 08:46 - 00064126 ____A C:\Windows\System32\Pstools.chm
2012-07-24 20:56 - 2006-12-04 16:53 - 00207664 ____A (Sysinternals - www.sysinternals.com) C:\Windows\System32\psshutdown.exe
2012-07-24 20:56 - 2006-12-04 16:53 - 00187184 ____A (Sysinternals) C:\Windows\System32\pssuspend.exe
2012-07-24 20:56 - 2006-12-04 16:53 - 00105264 ____A (Sysinternals) C:\Windows\System32\psfile.exe
2012-07-24 20:56 - 2006-12-04 16:53 - 00105264 ____A (Sysinternals - www.sysinternals.com) C:\Windows\System32\pspasswd.exe
2012-07-24 20:56 - 2006-07-28 08:32 - 00007005 ____A C:\Windows\System32\Eula.txt
2012-07-24 19:58 - 2012-07-24 22:28 - 00000000 ____D C:\Users\Sickness5150\Application Data\Simply Super Software
2012-07-24 19:58 - 2012-07-24 22:28 - 00000000 ____D C:\Users\Sickness5150\AppData\Roaming\Simply Super Software
2012-07-24 19:58 - 2006-06-19 12:01 - 00069632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ztvcabinet.dll
2012-07-24 19:58 - 2006-05-25 14:52 - 00162304 ____A C:\Windows\SysWOW64\ztvunrar36.dll
2012-07-24 19:58 - 2005-08-26 00:50 - 00077312 ____A C:\Windows\SysWOW64\ztvunace26.dll
2012-07-24 19:58 - 2003-02-02 19:06 - 00153088 ____A C:\Windows\SysWOW64\UNRAR3.dll
2012-07-24 19:58 - 2002-03-06 00:00 - 00075264 ____A C:\Windows\SysWOW64\unacev2.dll
2012-07-23 22:36 - 2012-07-23 22:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B163531DD5A9CE67
2012-07-23 22:35 - 2012-07-23 22:35 - 00872477 ____A C:\Users\Sickness5150\Local Settings\census.cache
2012-07-23 22:35 - 2012-07-23 22:35 - 00872477 ____A C:\Users\Sickness5150\Local Settings\Application Data\census.cache
2012-07-23 22:35 - 2012-07-23 22:35 - 00872477 ____A C:\Users\Sickness5150\AppData\Local\census.cache
2012-07-23 22:35 - 2012-07-23 22:35 - 00129024 ____A C:\Windows\RegBootClean64.exe
2012-07-23 22:35 - 2012-07-23 22:35 - 00114957 ____A C:\Users\Sickness5150\Local Settings\ars.cache
2012-07-23 22:35 - 2012-07-23 22:35 - 00114957 ____A C:\Users\Sickness5150\Local Settings\Application Data\ars.cache
2012-07-23 22:35 - 2012-07-23 22:35 - 00114957 ____A C:\Users\Sickness5150\AppData\Local\ars.cache
2012-07-23 22:19 - 2012-07-23 22:19 - 00000036 ____A C:\Users\Sickness5150\Local Settings\housecall.guid.cache
2012-07-23 22:19 - 2012-07-23 22:19 - 00000036 ____A C:\Users\Sickness5150\Local Settings\Application Data\housecall.guid.cache
2012-07-23 22:19 - 2012-07-23 22:19 - 00000036 ____A C:\Users\Sickness5150\AppData\Local\housecall.guid.cache
2012-07-23 22:14 - 2012-07-25 18:00 - 00000000 ____D C:\Program Files (x86)\stinger
2012-07-23 21:57 - 2012-07-30 13:55 - 00000000 ____D C:\Windows\Minidump
2012-07-23 21:55 - 2012-07-24 19:10 - 00000524 ____A C:\Windows\System32\.crusader
2012-07-23 21:52 - 2012-07-23 21:55 - 00000000 ____D C:\Users\All Users\HitmanPro
2012-07-23 21:52 - 2012-07-23 21:55 - 00000000 ____D C:\Users\All Users\Application Data\HitmanPro
2012-07-23 21:27 - 2012-07-23 21:27 - 00000000 ____D C:\Program Files (x86)\Citrix
2012-07-23 21:12 - 2012-07-23 21:12 - 00000000 ____D C:\Users\Sickness5150\Application Data\QuickScan
2012-07-23 21:12 - 2012-07-23 21:12 - 00000000 ____D C:\Users\Sickness5150\AppData\Roaming\QuickScan
2012-07-23 21:07 - 2012-07-27 19:23 - 00000000 ____D C:\Users\Sickness5150\Application Data\GetRightToGo
2012-07-23 21:07 - 2012-07-27 19:23 - 00000000 ____D C:\Users\Sickness5150\AppData\Roaming\GetRightToGo
2012-07-23 20:43 - 2012-08-04 15:56 - 00000530 ____A C:\Windows\Tasks\SpeedyPC Update Version3 Startup Task.job
2012-07-23 20:43 - 2012-07-31 17:00 - 00000506 ____A C:\Windows\Tasks\SpeedyPC Registration3.job
2012-07-23 20:43 - 2012-07-23 21:57 - 00000478 ____A C:\Windows\Tasks\SpeedyPC Update Version3.job
2012-07-23 20:43 - 2012-07-23 20:43 - 00000000 ____D C:\Users\Sickness5150\Application Data\SpeedyPC Software
2012-07-23 20:43 - 2012-07-23 20:43 - 00000000 ____D C:\Users\Sickness5150\Application Data\DriverCure
2012-07-23 20:43 - 2012-07-23 20:43 - 00000000 ____D C:\Users\Sickness5150\AppData\Roaming\SpeedyPC Software
2012-07-23 20:43 - 2012-07-23 20:43 - 00000000 ____D C:\Users\Sickness5150\AppData\Roaming\DriverCure
2012-07-23 20:43 - 2012-07-23 20:43 - 00000000 ____D C:\Users\All Users\SpeedyPC Software
2012-07-23 20:43 - 2012-07-23 20:43 - 00000000 ____D C:\Users\All Users\Application Data\SpeedyPC Software
2012-07-23 20:43 - 2012-07-23 20:43 - 00000000 ____D C:\Program Files (x86)\SpeedyPC Software
2012-07-23 20:34 - 2012-07-24 19:36 - 00000000 ____D C:\Users\Sickness5150\Local Settings\Deployment
2012-07-23 20:34 - 2012-07-24 19:36 - 00000000 ____D C:\Users\Sickness5150\Local Settings\Application Data\Deployment
2012-07-23 20:34 - 2012-07-24 19:36 - 00000000 ____D C:\Users\Sickness5150\AppData\Local\Deployment
2012-07-23 20:34 - 2012-07-23 20:34 - 00000000 ____D C:\Users\Sickness5150\AppData\Local\Apps\2.0
2012-07-23 20:23 - 2012-07-23 20:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3A2312A40FD809D1
2012-07-23 20:16 - 2012-07-23 20:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.88D6BEFE027D546D
2012-07-23 20:12 - 2012-07-23 20:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.90D5EDF0015B9C2F
2012-07-23 20:04 - 2012-07-23 20:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.041952EDB02A1C04
2012-07-23 19:43 - 2012-08-04 15:53 - 00000000 ____D C:\Qoobox
2012-07-23 19:43 - 2012-07-25 16:12 - 00000000 ____D C:\Windows\erdnt
2012-07-23 18:43 - 2012-07-24 19:14 - 00000000 ____D C:\Users\Sickness5150\Local Settings\NPE
2012-07-23 18:43 - 2012-07-24 19:14 - 00000000 ____D C:\Users\Sickness5150\Local Settings\Application Data\NPE
2012-07-23 18:43 - 2012-07-24 19:14 - 00000000 ____D C:\Users\Sickness5150\AppData\Local\NPE
2012-07-23 18:43 - 2012-07-23 18:43 - 00000000 ____D C:\Users\All Users\Norton
2012-07-23 18:43 - 2012-07-23 18:43 - 00000000 ____D C:\Users\All Users\Application Data\Norton
2012-07-23 18:25 - 2012-07-24 19:23 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-07-23 18:24 - 2012-07-24 19:23 - 00000000 ____D C:\Users\All Users\Application Data\Alwil Software
2012-07-23 18:24 - 2012-07-24 19:23 - 00000000 ____D C:\Users\All Users\Alwil Software
2012-07-23 18:24 - 2012-07-24 19:23 - 00000000 ____D C:\Program Files\Alwil Software
2012-07-23 18:24 - 2010-06-28 12:57 - 00165032 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-07-23 18:24 - 2010-06-28 12:57 - 00038848 ____A (ALWIL Software) C:\Windows\avastSS.scr
2012-07-23 18:11 - 2012-07-23 18:14 - 00027760 ____A C:\Windows\SysWOW64\epfwdata.bin
2012-07-23 18:10 - 2012-07-23 18:10 - 00000000 ____D C:\Users\Sickness5150\Local Settings\ESET
2012-07-23 18:10 - 2012-07-23 18:10 - 00000000 ____D C:\Users\Sickness5150\Local Settings\Application Data\ESET
2012-07-23 18:10 - 2012-07-23 18:10 - 00000000 ____D C:\Users\Sickness5150\Application Data\ESET
2012-07-23 18:10 - 2012-07-23 18:10 - 00000000 ____D C:\Users\Sickness5150\AppData\Roaming\ESET
2012-07-23 18:10 - 2012-07-23 18:10 - 00000000 ____D C:\Users\Sickness5150\AppData\Local\ESET
2012-07-23 17:48 - 2012-07-27 15:45 - 00000000 ____D C:\Users\All Users\ESET
2012-07-23 17:48 - 2012-07-27 15:45 - 00000000 ____D C:\Users\All Users\Application Data\ESET
2012-07-23 17:48 - 2012-07-23 17:48 - 00000000 ____D C:\Program Files\ESET
2012-07-23 16:48 - 2012-07-23 16:48 - 00000000 ____D C:\Users\All Users\Webroot
2012-07-23 16:48 - 2012-07-23 16:48 - 00000000 ____D C:\Users\All Users\Application Data\Webroot
2012-07-23 15:48 - 2012-07-23 15:48 - 00017264 ____A (Webroot Software, Inc. (www.webroot.com)) C:\Windows\System32\SsiEfr.exe
2012-07-23 15:48 - 2012-07-23 15:48 - 00000000 ____D C:\Program Files (x86)\MSSOAP
2012-07-23 15:44 - 2012-07-21 12:22 - 00000975 ____A C:\Windows\System32\Drivers\etc\hosts.20120723-164421.backup
2012-07-23 15:32 - 2012-07-23 16:48 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-07-23 15:32 - 2012-07-23 16:48 - 00000000 ____D C:\Users\All Users\Application Data\Spybot - Search & Destroy
2012-07-23 15:32 - 2012-07-23 16:48 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-07-20 15:39 - 2011-12-22 15:11 - 00000833 ____A C:\Windows\System32\Drivers\etc\hosts.trb
2012-07-20 15:37 - 2012-07-24 19:58 - 00000000 ____D C:\Program Files (x86)\Trojan Remover
2012-07-20 15:37 - 2012-07-20 15:37 - 00000000 ____D C:\Users\Sickness5150\My Documents\Simply Super Software
2012-07-20 15:37 - 2012-07-20 15:37 - 00000000 ____D C:\Users\Sickness5150\Documents\Simply Super Software
2012-07-20 15:37 - 2012-07-20 15:37 - 00000000 ____D C:\Users\All Users\Simply Super Software
2012-07-20 15:37 - 2012-07-20 15:37 - 00000000 ____D C:\Users\All Users\Application Data\Simply Super Software
2012-07-18 19:49 - 2012-07-18 19:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.46DA573FA569C3D0
2012-07-18 19:39 - 2012-07-18 19:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.517AF7A202A9B1D2
2012-07-18 19:35 - 2012-07-18 19:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FEE330994FFFB9D3
2012-07-18 19:32 - 2012-07-29 15:32 - 00001945 ____A C:\Windows\epplauncher.mif
2012-07-18 19:18 - 2012-07-18 19:18 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2012-07-17 19:52 - 2012-07-17 19:52 - 00000000 ____D C:\Users\Sickness5150\My Documents\iZotope RX 2 Presets
2012-07-17 19:52 - 2012-07-17 19:52 - 00000000 ____D C:\Users\Sickness5150\Documents\iZotope RX 2 Presets
2012-07-17 19:52 - 2012-07-17 19:52 - 00000000 ____D C:\Program Files\VstPlugins
2012-07-16 17:18 - 2012-07-16 17:18 - 53116460 ____A C:\Users\Sickness5150\Downloads\09 Fantasy.wav
2012-07-16 17:02 - 2012-07-16 17:02 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-07-16 16:58 - 2006-04-06 18:41 - 00233472 ____A (Propellerhead Software AB) C:\Windows\SysWOW64\REX Shared Library.dll
2012-07-11 20:07 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 20:05 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-11 20:05 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-11 20:05 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-11 20:05 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-11 20:05 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-11 20:05 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-11 20:05 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-11 20:05 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-11 20:05 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-11 20:05 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-11 20:05 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-11 20:05 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-11 20:05 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-11 20:05 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-11 20:05 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-11 20:05 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-11 20:05 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-11 20:05 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-11 20:05 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-11 20:05 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-11 20:05 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-11 20:05 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-11 20:05 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-11 20:05 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-11 20:05 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-11 20:05 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-11 20:05 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-11 20:05 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-11 19:41 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-11 19:41 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-11 19:41 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-11 19:41 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-11 19:41 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-11 19:41 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-07-11 19:40 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-11 19:40 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-11 19:40 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-11 19:40 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-11 19:40 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-11 19:40 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-11 19:40 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-11 19:40 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-11 19:40 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-11 19:40 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-11 19:40 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-11 19:39 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-11 19:39 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll

============ 3 Months Modified Files ========================

2012-08-04 15:56 - 2012-07-30 16:29 - 00000928 ____A C:\Windows\PFRO.log
2012-08-04 15:56 - 2012-07-30 14:03 - 00000896 ____A C:\Windows\setupact.log
2012-08-04 15:56 - 2012-07-23 20:43 - 00000530 ____A C:\Windows\Tasks\SpeedyPC Update Version3 Startup Task.job
2012-08-04 15:56 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-04 15:55 - 2012-07-30 14:05 - 00109973 ____A C:\Windows\WindowsUpdate.log
2012-08-04 15:53 - 2012-08-04 15:53 - 00052970 ____A C:\ComboFix.txt
2012-08-04 15:51 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-08-04 15:48 - 2012-05-24 15:53 - 00000506 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
2012-08-04 15:47 - 2012-05-16 20:32 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-04 15:43 - 2012-08-04 15:42 - 04725168 ____R (Swearware) C:\Users\Sickness5150\Downloads\ComboFix.exe
2012-08-04 15:43 - 2009-07-13 20:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-04 15:43 - 2009-07-13 20:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-04 15:41 - 2009-07-13 21:13 - 00778834 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-04 15:40 - 2012-08-04 15:40 - 01439619 ____A (Farbar) C:\Users\Sickness5150\Downloads\FRST64.exe
2012-07-31 17:00 - 2012-07-23 20:43 - 00000506 ____A C:\Windows\Tasks\SpeedyPC Registration3.job
2012-07-30 16:28 - 2012-07-30 16:28 - 00000161 ____A C:\Windows\clnqhosts.txt
2012-07-30 15:25 - 2012-07-30 15:25 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys
2012-07-30 15:20 - 2012-07-30 15:20 - 00000168 ____A C:\Users\Sickness5150\defogger_reenable
2012-07-30 15:05 - 2012-07-25 19:43 - 00000021 _RASH C:\Windows\System32\Drivers\etc\hosts.ORI
2012-07-30 14:03 - 2012-07-30 14:03 - 00000000 ____A C:\Windows\setuperr.log
2012-07-30 13:56 - 2012-07-30 13:56 - 00125632 ____A C:\Users\Sickness5150\My Documents\cc_20120730_145611.reg
2012-07-30 13:56 - 2012-07-30 13:56 - 00125632 ____A C:\Users\Sickness5150\Documents\cc_20120730_145611.reg
2012-07-30 13:17 - 2012-07-29 19:09 - 00000395 ____A C:\rkill.log
2012-07-29 15:32 - 2012-07-18 19:32 - 00001945 ____A C:\Windows\epplauncher.mif
2012-07-27 23:53 - 2011-02-10 08:10 - 00795928 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-07-27 23:15 - 2009-07-13 18:34 - 00000583 ____A C:\Windows\win.ini
2012-07-27 20:15 - 2012-07-27 20:15 - 00001147 ____A C:\temp52.bat
2012-07-27 20:15 - 2012-07-27 20:15 - 00000815 ____A C:\temp188.bat
2012-07-27 20:15 - 2012-07-27 20:07 - 00000042 ____A C:\repairs_running.dat
2012-07-27 19:13 - 2012-05-16 20:49 - 00001849 ____A C:\Users\Public\Desktop\HotSpot.lnk
2012-07-27 19:13 - 2012-05-16 20:49 - 00001849 ____A C:\Users\All Users\Desktop\HotSpot.lnk
2012-07-27 19:13 - 2012-05-16 20:49 - 00001826 ____A C:\Users\Public\Desktop\asav.lnk
2012-07-27 19:13 - 2012-05-16 20:49 - 00001826 ____A C:\Users\All Users\Desktop\asav.lnk
2012-07-27 19:11 - 2011-12-29 15:50 - 00246804 ____A C:\Windows\System32\Drivers\AtherosBt.bin
2012-07-27 19:11 - 2011-12-29 15:50 - 00001796 ____A C:\Windows\System32\Drivers\ramps_0x11020000_40.dfu
2012-07-27 19:11 - 2011-12-29 15:50 - 00001242 ____A C:\Windows\System32\Drivers\ramps_0x01020200_40_0x01.dfu
2012-07-27 19:11 - 2011-12-29 15:50 - 00001214 ____A C:\Windows\System32\Drivers\ramps_0x01020200_40_0x03.dfu
2012-07-27 19:11 - 2011-12-29 15:50 - 00001204 ____A C:\Windows\System32\Drivers\ramps_0x01020200_40_0x02.dfu
2012-07-27 19:11 - 2011-12-29 15:50 - 00001204 ____A C:\Windows\System32\Drivers\ramps_0x01020200_40.dfu
2012-07-27 19:11 - 2011-12-29 15:50 - 00001198 ____A C:\Windows\System32\Drivers\ramps_0x01020200_26.dfu
2012-07-27 19:11 - 2011-12-29 15:50 - 00001192 ____A C:\Windows\System32\Drivers\ramps_0x01020200_26_0x01.dfu
2012-07-27 15:37 - 2012-07-27 15:37 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2012-07-27 14:44 - 2012-07-27 14:44 - 00008097 ____A C:\Users\Sickness5150\Local Settings\Temp24.html
2012-07-27 14:44 - 2012-07-27 14:44 - 00008097 ____A C:\Users\Sickness5150\Local Settings\Application Data\Temp24.html
2012-07-27 14:44 - 2012-07-27 14:44 - 00008097 ____A C:\Users\Sickness5150\AppData\Local\Temp24.html
2012-07-27 14:43 - 2012-07-27 14:42 - 00001293 ____A C:\Users\Sickness5150\Local Settings\Temp1.html
2012-07-27 14:43 - 2012-07-27 14:42 - 00001293 ____A C:\Users\Sickness5150\Local Settings\Application Data\Temp1.html
2012-07-27 14:43 - 2012-07-27 14:42 - 00001293 ____A C:\Users\Sickness5150\AppData\Local\Temp1.html
2012-07-25 22:04 - 2012-07-25 22:04 - 00955888 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-07-25 22:04 - 2012-07-25 22:04 - 00839152 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-07-25 22:04 - 2012-07-25 22:04 - 00268784 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-07-25 22:04 - 2012-07-25 22:04 - 00189424 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-07-25 22:04 - 2012-07-25 22:04 - 00188912 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-07-25 22:03 - 2012-07-25 22:03 - 00045161 ____A C:\JavaRa.log
2012-07-25 20:39 - 2009-07-13 21:08 - 00032644 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-25 20:27 - 2012-07-25 20:27 - 00061440 ____A C:\Windows\SysWOW64\Drivers\npaiii.sys
2012-07-25 20:27 - 2012-07-25 20:27 - 00000050 ____A C:\Program Files (x86)\cjpzdu.txt
2012-07-25 20:24 - 2012-07-25 20:24 - 00061440 ____A C:\Windows\SysWOW64\Drivers\kkkbxtaw.sys
2012-07-25 20:24 - 2012-07-25 20:24 - 00000050 ____A C:\Windows\jwam.txt
2012-07-25 20:19 - 2012-07-25 20:19 - 00061440 ____A C:\Windows\SysWOW64\Drivers\udczvw.sys
2012-07-25 20:19 - 2012-07-25 20:19 - 00000050 ____A C:\Program Files (x86)\rghiax.txt
2012-07-25 19:42 - 2012-07-25 19:41 - 00000833 ____A C:\Windows\System32\Drivers\etc\hosts.txt
2012-07-25 16:11 - 2009-07-13 18:34 - 00000027 ____A C:\Windows\System32\Drivers\etc\hosts.old 2
2012-07-24 20:21 - 2012-05-24 15:53 - 00000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2012-07-24 19:23 - 2012-07-23 18:25 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-07-24 19:10 - 2012-07-23 21:55 - 00000524 ____A C:\Windows\System32\.crusader
2012-07-23 22:36 - 2012-07-23 22:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B163531DD5A9CE67
2012-07-23 22:35 - 2012-07-23 22:35 - 00872477 ____A C:\Users\Sickness5150\Local Settings\census.cache
2012-07-23 22:35 - 2012-07-23 22:35 - 00872477 ____A C:\Users\Sickness5150\Local Settings\Application Data\census.cache
2012-07-23 22:35 - 2012-07-23 22:35 - 00872477 ____A C:\Users\Sickness5150\AppData\Local\census.cache
2012-07-23 22:35 - 2012-07-23 22:35 - 00129024 ____A C:\Windows\RegBootClean64.exe
2012-07-23 22:35 - 2012-07-23 22:35 - 00114957 ____A C:\Users\Sickness5150\Local Settings\ars.cache
2012-07-23 22:35 - 2012-07-23 22:35 - 00114957 ____A C:\Users\Sickness5150\Local Settings\Application Data\ars.cache
2012-07-23 22:35 - 2012-07-23 22:35 - 00114957 ____A C:\Users\Sickness5150\AppData\Local\ars.cache
2012-07-23 22:19 - 2012-07-23 22:19 - 00000036 ____A C:\Users\Sickness5150\Local Settings\housecall.guid.cache
2012-07-23 22:19 - 2012-07-23 22:19 - 00000036 ____A C:\Users\Sickness5150\Local Settings\Application Data\housecall.guid.cache
2012-07-23 22:19 - 2012-07-23 22:19 - 00000036 ____A C:\Users\Sickness5150\AppData\Local\housecall.guid.cache
2012-07-23 21:57 - 2012-07-23 20:43 - 00000478 ____A C:\Windows\Tasks\SpeedyPC Update Version3.job
2012-07-23 20:23 - 2012-07-23 20:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3A2312A40FD809D1
2012-07-23 20:16 - 2012-07-23 20:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.88D6BEFE027D546D
2012-07-23 20:12 - 2012-07-23 20:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.90D5EDF0015B9C2F
2012-07-23 20:04 - 2012-07-23 20:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.041952EDB02A1C04
2012-07-23 18:14 - 2012-07-23 18:11 - 00027760 ____A C:\Windows\SysWOW64\epfwdata.bin
2012-07-23 15:48 - 2012-07-23 15:48 - 00017264 ____A (Webroot Software, Inc. (www.webroot.com)) C:\Windows\System32\SsiEfr.exe
2012-07-23 15:44 - 2009-07-13 18:34 - 00443729 ____A C:\Windows\System32\Drivers\etc\hosts.old
2012-07-23 15:37 - 2012-05-26 18:34 - 00000032 ____A C:\Windows\SysWOW64\w3data.vss
2012-07-23 15:37 - 2012-05-26 18:34 - 00000032 ____A C:\Windows\msocreg32.dat
2012-07-22 14:03 - 2012-05-26 20:27 - 00000219 ____A C:\Windows\SysWOW64\lsprst7.tgz
2012-07-22 14:03 - 2012-05-26 20:27 - 00000087 ____A C:\Windows\SysWOW64\ssprs.tgz
2012-07-21 12:22 - 2012-07-23 15:44 - 00000975 ____A C:\Windows\System32\Drivers\etc\hosts.20120723-164421.backup
2012-07-18 19:49 - 2012-07-18 19:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.46DA573FA569C3D0
2012-07-18 19:39 - 2012-07-18 19:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.517AF7A202A9B1D2
2012-07-18 19:35 - 2012-07-18 19:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FEE330994FFFB9D3
2012-07-17 18:13 - 2012-05-21 14:07 - 00000033 ____A C:\Windows\SysWOW64\deck.ini
2012-07-16 17:18 - 2012-07-16 17:18 - 53116460 ____A C:\Users\Sickness5150\Downloads\09 Fantasy.wav
2012-07-11 22:12 - 2009-07-13 20:45 - 00274320 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-11 19:47 - 2012-05-16 20:32 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-11 19:47 - 2012-05-16 20:32 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-03 12:46 - 2012-07-30 13:24 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-03 02:19 - 2012-05-23 15:01 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-02 14:26 - 2012-07-02 12:51 - 00001011 ____A C:\Users\Public\Desktop\Reaktor 5.lnk
2012-07-02 14:26 - 2012-07-02 12:51 - 00001011 ____A C:\Users\All Users\Desktop\Reaktor 5.lnk
2012-07-02 14:25 - 2012-07-02 14:25 - 00001016 ____A C:\Users\Public\Desktop\Kontakt 5.lnk
2012-07-02 14:25 - 2012-07-02 14:25 - 00001016 ____A C:\Users\All Users\Desktop\Kontakt 5.lnk
2012-07-02 14:20 - 2012-07-02 14:20 - 00001016 ____A C:\Users\Public\Desktop\Kontakt 4.lnk
2012-07-02 14:20 - 2012-07-02 14:20 - 00001016 ____A C:\Users\All Users\Desktop\Kontakt 4.lnk
2012-07-02 14:17 - 2012-07-02 14:17 - 00001046 ____A C:\Users\Public\Desktop\Guitar Rig 5.lnk
2012-07-02 14:17 - 2012-07-02 14:17 - 00001046 ____A C:\Users\All Users\Desktop\Guitar Rig 5.lnk
2012-07-02 14:09 - 2012-07-02 14:09 - 00001096 ____A C:\Users\Public\Desktop\Controller Editor.lnk
2012-07-02 14:09 - 2012-07-02 14:09 - 00001096 ____A C:\Users\All Users\Desktop\Controller Editor.lnk
2012-07-02 12:45 - 2012-07-02 12:45 - 00001061 ____A C:\Users\Public\Desktop\Service Center.lnk
2012-07-02 12:45 - 2012-07-02 12:45 - 00001061 ____A C:\Users\All Users\Desktop\Service Center.lnk
2012-07-01 22:48 - 2012-07-01 22:36 - 00000375 ____A C:\Windows\System32\Drivers\etc\hosts.ics
2012-06-23 16:35 - 2012-06-23 16:35 - 28193646 ____A C:\Users\Sickness5150\My Documents\A La Orilla De Un Palmar.wav
2012-06-23 16:35 - 2012-06-23 16:35 - 28193646 ____A C:\Users\Sickness5150\Documents\A La Orilla De Un Palmar.wav
2012-06-23 16:30 - 2012-06-23 16:30 - 37640378 ____A C:\Users\Sickness5150\My Documents\Cruz Negra.wav
2012-06-23 16:30 - 2012-06-23 16:30 - 37640378 ____A C:\Users\Sickness5150\Documents\Cruz Negra.wav
2012-06-23 16:25 - 2012-06-23 16:25 - 37345246 ____A C:\Users\Sickness5150\My Documents\Prietita Linda.wav
2012-06-23 16:25 - 2012-06-23 16:25 - 37345246 ____A C:\Users\Sickness5150\Documents\Prietita Linda.wav
2012-06-23 16:18 - 2012-06-23 16:18 - 32567178 ____A C:\Users\Sickness5150\My Documents\Dejame Verte Llorando.wav
2012-06-23 16:18 - 2012-06-23 16:18 - 32567178 ____A C:\Users\Sickness5150\Documents\Dejame Verte Llorando.wav
2012-06-23 16:14 - 2012-06-23 16:14 - 28905182 ____A C:\Users\Sickness5150\My Documents\Serenata Sin Luna.wav
2012-06-23 16:14 - 2012-06-23 16:14 - 28905182 ____A C:\Users\Sickness5150\Documents\Serenata Sin Luna.wav
2012-06-23 16:07 - 2012-06-23 16:07 - 19484746 ____A C:\Users\Sickness5150\My Documents\Cuatro Vidas.wav
2012-06-23 16:07 - 2012-06-23 16:07 - 19484746 ____A C:\Users\Sickness5150\Documents\Cuatro Vidas.wav
2012-06-23 16:02 - 2012-06-23 16:02 - 27019062 ____A C:\Users\Sickness5150\My Documents\Palomita Blanca.wav
2012-06-23 16:02 - 2012-06-23 16:02 - 27019062 ____A C:\Users\Sickness5150\Documents\Palomita Blanca.wav
2012-06-23 15:54 - 2012-06-23 15:54 - 30229030 ____A C:\Users\Sickness5150\My Documents\Mexico Lindo Y Querido.wav
2012-06-23 15:54 - 2012-06-23 15:54 - 30229030 ____A C:\Users\Sickness5150\Documents\Mexico Lindo Y Querido.wav
2012-06-23 15:45 - 2012-06-23 15:45 - 37271462 ____A C:\Users\Sickness5150\My Documents\Solo Dios.wav
2012-06-23 15:45 - 2012-06-23 15:45 - 37271462 ____A C:\Users\Sickness5150\Documents\Solo Dios.wav
2012-06-21 22:34 - 2012-07-24 20:56 - 00468592 ____A (Sysinternals - www.sysinternals.com) C:\Windows\System32\pskill.exe
2012-06-13 18:51 - 2012-06-13 18:51 - 00772592 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-06-13 18:51 - 2012-06-13 18:51 - 00687600 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-06-13 18:51 - 2012-06-13 18:51 - 00227824 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-06-13 18:51 - 2012-06-13 18:51 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-06-13 18:51 - 2012-06-13 18:51 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-06-11 19:08 - 2012-07-11 20:07 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 21:43 - 2012-07-11 19:40 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-11 19:40 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-05 22:06 - 2012-07-11 19:41 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-07-11 19:41 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-07-11 19:39 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-07-11 19:41 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-07-11 19:41 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-07-11 19:39 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-02 14:19 - 2012-06-18 13:55 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-18 13:55 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-18 13:55 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 14:19 - 2012-06-18 13:55 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-18 13:55 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-18 13:55 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-18 13:55 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-18 13:55 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:15 - 2012-06-18 13:55 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 04:49 - 2012-07-11 20:05 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-11 20:05 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-11 20:05 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-11 20:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:05 - 2012-07-11 20:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:04 - 2012-07-11 20:05 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:04 - 2012-07-11 20:05 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:03 - 2012-07-11 20:05 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-11 20:05 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-11 20:05 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-11 20:05 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-11 20:05 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-11 20:05 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-11 20:05 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-11 20:05 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-11 20:05 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-11 20:05 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-11 20:05 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-11 20:05 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-11 20:05 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-11 20:05 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-11 20:05 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-11 20:05 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-11 20:05 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-11 20:05 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-11 20:05 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-11 20:05 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-11 20:05 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 21:50 - 2012-07-11 19:40 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:48 - 2012-07-11 19:40 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:48 - 2012-07-11 19:40 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:45 - 2012-07-11 19:40 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:44 - 2012-07-11 19:40 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:40 - 2012-07-11 19:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:40 - 2012-07-11 19:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:39 - 2012-07-11 19:40 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:34 - 2012-07-11 19:40 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-31 11:25 - 2010-11-20 19:27 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-05-26 20:27 - 2012-05-26 20:27 - 00001025 ____A C:\Windows\SysWOW64\sysprs7.tgz
2012-05-26 20:27 - 2012-05-26 20:27 - 00001025 ____A C:\Windows\SysWOW64\sysprs7.dll
2012-05-26 20:27 - 2012-05-26 20:27 - 00001025 ____A C:\Windows\SysWOW64\clauth2.dll
2012-05-26 20:27 - 2012-05-26 20:27 - 00001025 ____A C:\Windows\SysWOW64\clauth1.dll
2012-05-24 16:42 - 2012-05-24 16:28 - 00000051 ____A C:\Windows\SysWOW64\SYNSOPOS.exe.cfg
2012-05-24 16:29 - 2012-05-24 16:29 - 00002892 ____A () C:\Windows\SysWOW64\audcon.sys
2012-05-23 16:26 - 2012-05-23 16:26 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2012-05-21 14:08 - 2012-05-21 14:08 - 00002021 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2012-05-21 14:08 - 2012-05-21 14:08 - 00002021 ____A C:\Users\All Users\Desktop\Adobe Reader X.lnk
2012-05-21 14:05 - 2012-05-21 14:05 - 00000704 ____A C:\Windows\SysWOW64\checkOS.txt
2012-05-21 14:05 - 2012-05-21 14:05 - 00000384 ____A C:\Windows\SysWOW64\checkOS.bat
2012-05-21 14:05 - 2012-05-21 14:05 - 00000000 ____A C:\Windows\SysWOW64\x64.txt
2012-05-21 14:05 - 2012-05-21 14:05 - 00000000 ____A C:\Windows\SysWOW64\version.txt
2012-05-20 15:47 - 2012-05-20 15:47 - 01700352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
2012-05-20 15:43 - 2012-05-20 15:43 - 00001769 ____A C:\Users\Public\Desktop\GTR 3.lnk
2012-05-20 15:43 - 2012-05-20 15:43 - 00001769 ____A C:\Users\All Users\Desktop\GTR 3.lnk
2012-05-20 15:34 - 2012-05-20 15:34 - 00001140 ____A C:\Users\Sickness5150\Desktop\ASIO4ALL v2 Instruction Manual.lnk
2012-05-20 10:29 - 2012-05-20 10:29 - 00283200 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
2012-05-20 10:03 - 2012-05-20 10:03 - 00001850 ____A C:\Users\Public\Desktop\Vuze.lnk
2012-05-20 10:03 - 2012-05-20 10:03 - 00001850 ____A C:\Users\All Users\Desktop\Vuze.lnk
2012-05-20 08:52 - 2012-05-20 08:52 - 00057560 ____A C:\Users\Sickness5150\Local Settings\GDIPFONTCACHEV1.DAT
2012-05-20 08:52 - 2012-05-20 08:52 - 00057560 ____A C:\Users\Sickness5150\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-05-20 08:52 - 2012-05-20 08:52 - 00057560 ____A C:\Users\Sickness5150\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-20 08:52 - 2012-05-20 08:52 - 00000000 ____A C:\Users\Sickness5150\agent.log
2012-05-20 08:51 - 2012-05-20 08:51 - 00000020 ___SH C:\Users\Sickness5150\ntuser.ini
2012-05-16 22:27 - 2012-05-16 22:27 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2012-05-16 22:27 - 2012-05-16 22:27 - 00000000 ____A C:\Windows\ativpsrm.bin
2012-05-16 22:24 - 2012-05-16 22:24 - 00029684 ___RA C:\dell.sdr
2012-05-16 22:24 - 2012-05-16 22:24 - 00000012 ____A C:\Windows\csup.txt
2012-05-16 22:21 - 2012-05-16 22:21 - 02871808 ____A (Microsoft Corporation) C:\Windows\explorer.exe
2012-05-16 22:21 - 2012-05-16 22:21 - 02616320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2012-05-16 22:21 - 2012-05-16 22:21 - 02565632 ____A (Microsoft Corporation) C:\Windows\System32\esent.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 02315776 ____A (Microsoft Corporation) C:\Windows\System32\tquery.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 02223616 ____A (Microsoft Corporation) C:\Windows\System32\mssrch.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 01731920 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 01699328 ____A (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 01659776 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-05-16 22:21 - 2012-05-16 22:21 - 01572864 ____A (Microsoft Corporation) C:\Windows\System32\quartz.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 01549312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 01447936 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 01401344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 01395712 ____A (Microsoft Corporation) C:\Windows\System32\mfc42.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 01359872 ____A (Microsoft Corporation) C:\Windows\System32\mfc42u.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 01328128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 01292080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 01164288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 01162752 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 01139200 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 01137664 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 01118720 ____A (Microsoft Corporation) C:\Windows\System32\sbe.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00976896 ____A (Microsoft Corporation) C:\Windows\System32\inetcomm.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00961024 ____A (Microsoft Corporation) C:\Windows\System32\CPFilters.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00951680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-05-16 22:21 - 2012-05-16 22:21 - 00902656 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00861696 ____A (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00850944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sbe.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00800256 ____A (Microsoft Corporation) C:\Windows\System32\usp10.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00778752 ____A (Microsoft Corporation) C:\Windows\System32\mssvp.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00741376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00739840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00723456 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00666624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00642944 ____A (Microsoft Corporation) C:\Windows\System32\winload.efi
2012-05-16 22:21 - 2012-05-16 22:21 - 00642048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00634880 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00626176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00613888 ____A (Microsoft Corporation) C:\Windows\System32\psisdecd.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00605552 ____A (Microsoft Corporation) C:\Windows\System32\winload.exe
2012-05-16 22:21 - 2012-05-16 22:21 - 00591872 ____A (Microsoft Corporation) C:\Windows\System32\SearchIndexer.exe
2012-05-16 22:21 - 2012-05-16 22:21 - 00571904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00566208 ____A (Microsoft Corporation) C:\Windows\System32\winresume.efi
2012-05-16 22:21 - 2012-05-16 22:21 - 00552960 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
2012-05-16 22:21 - 2012-05-16 22:21 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00534528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00518672 ____A (Microsoft Corporation) C:\Windows\System32\winresume.exe
2012-05-16 22:21 - 2012-05-16 22:21 - 00515584 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl
2012-05-16 22:21 - 2012-05-16 22:21 - 00509952 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00498688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2012-05-16 22:21 - 2012-05-16 22:21 - 00491520 ____A (Microsoft Corporation) C:\Windows\System32\mssph.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00478720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2012-05-16 22:21 - 2012-05-16 22:21 - 00476160 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00467456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv.sys
2012-05-16 22:21 - 2012-05-16 22:21 - 00465408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00427520 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2012-05-16 22:21 - 2012-05-16 22:21 - 00421888 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00419744 ____A C:\Windows\SysWOW64\locale.nls
2012-05-16 22:21 - 2012-05-16 22:21 - 00419744 ____A C:\Windows\System32\locale.nls
2012-05-16 22:21 - 2012-05-16 22:21 - 00410496 ____A (Intel Corporation) C:\Windows\System32\Drivers\iaStorV.sys
2012-05-16 22:21 - 2012-05-16 22:21 - 00410112 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2012-05-16 22:21 - 2012-05-16 22:21 - 00404480 ____A (Microsoft Corporation) C:\Windows\System32\umpnpmgr.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00395776 ____A (Microsoft Corporation) C:\Windows\System32\webio.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00357888 ____A (Microsoft Corporation) C:\Windows\System32\dnsapi.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00343040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2012-05-16 22:21 - 2012-05-16 22:21 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-05-16 22:21 - 2012-05-16 22:21 - 00337408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00331776 ____A (Microsoft Corporation) C:\Windows\System32\oleacc.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00325120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2012-05-16 22:21 - 2012-05-16 22:21 - 00319488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbcjt32.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00314880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00294912 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00288768 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2012-05-16 22:21 - 2012-05-16 22:21 - 00288256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00288256 ____A (Microsoft Corporation) C:\Windows\System32\mssphtb.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00272384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00270336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\FXSCOVER.exe
2012-05-16 22:21 - 2012-05-16 22:21 - 00259072 ____A (Microsoft Corporation) C:\Windows\System32\mpg2splt.ax
2012-05-16 22:21 - 2012-05-16 22:21 - 00257024 ____A (Microsoft Corporation) C:\Windows\System32\mfreadwrite.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00252928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\drvinst.exe
2012-05-16 22:21 - 2012-05-16 22:21 - 00249856 ____A (Microsoft Corporation) C:\Windows\System32\SearchProtocolHost.exe
2012-05-16 22:21 - 2012-05-16 22:21 - 00246784 ____A (Microsoft Corporation) C:\Windows\System32\input.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00233472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00214528 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00212992 ____A (Microsoft Corporation) C:\Windows\System32\odbctrac.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00202240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00199680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mpg2splt.ax
2012-05-16 22:21 - 2012-05-16 22:21 - 00199680 ____A (Microsoft Corporation) C:\Windows\System32\xmllite.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00197120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00196608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00189824 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\storport.sys
2012-05-16 22:21 - 2012-05-16 22:21 - 00183296 ____A (Microsoft Corporation) C:\Windows\System32\dnsrslvr.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xmllite.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00168448 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
2012-05-16 22:21 - 2012-05-16 22:21 - 00166272 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvstor.sys
2012-05-16 22:21 - 2012-05-16 22:21 - 00164352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2012-05-16 22:21 - 2012-05-16 22:21 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbctrac.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\umpo.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\odbccp32.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00158208 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2012-05-16 22:21 - 2012-05-16 22:21 - 00148352 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvraid.sys
2012-05-16 22:21 - 2012-05-16 22:21 - 00145920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cfgmgr32.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00128000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2012-05-16 22:21 - 2012-05-16 22:21 - 00122880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccp32.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00113664 ____A (Microsoft Corporation) C:\Windows\System32\SearchFilterHost.exe
2012-05-16 22:21 - 2012-05-16 22:21 - 00108032 ____A (Microsoft Corporation) C:\Windows\System32\psisrndr.ax
2012-05-16 22:21 - 2012-05-16 22:21 - 00107904 ____A (Advanced Micro Devices) C:\Windows\System32\Drivers\amdsata.sys
2012-05-16 22:21 - 2012-05-16 22:21 - 00106496 ____A (Microsoft Corporation) C:\Windows\System32\odbccu32.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00106496 ____A (Microsoft Corporation) C:\Windows\System32\odbccr32.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00100864 ____A (Microsoft Corporation) C:\Windows\System32\fontsub.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00099328 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2012-05-16 22:21 - 2012-05-16 22:21 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\fsutil.exe
2012-05-16 22:21 - 2012-05-16 22:21 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\USBSTOR.SYS
2012-05-16 22:21 - 2012-05-16 22:21 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2012-05-16 22:21 - 2012-05-16 22:21 - 00086016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccu32.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00081920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccr32.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00080384 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\BTHUSB.SYS
2012-05-16 22:21 - 2012-05-16 22:21 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\packager.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00075776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax
2012-05-16 22:21 - 2012-05-16 22:21 - 00075264 ____A (Microsoft Corporation) C:\Windows\System32\msscntrs.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\fsutil.exe
2012-05-16 22:21 - 2012-05-16 22:21 - 00070656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\devobj.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00059392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00052736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2012-05-16 22:21 - 2012-05-16 22:21 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\devrtl.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00031232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
2012-05-16 22:21 - 2012-05-16 22:21 - 00031232 ____A (Microsoft Corporation) C:\Windows\System32\prevhost.exe
2012-05-16 22:21 - 2012-05-16 22:21 - 00031232 ____A (Microsoft Corporation) C:\Windows\System32\lsass.exe
2012-05-16 22:21 - 2012-05-16 22:21 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2012-05-16 22:21 - 2012-05-16 22:21 - 00030208 ____A (Microsoft Corporation) C:\Windows\System32\dnscacheugc.exe
2012-05-16 22:21 - 2012-05-16 22:21 - 00029184 ____A (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00028672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dnscacheugc.exe
2012-05-16 22:21 - 2012-05-16 22:21 - 00028160 ____A (Microsoft Corporation) C:\Windows\System32\secur32.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00027520 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Diskdump.sys
2012-05-16 22:21 - 2012-05-16 22:21 - 00027008 ____A (Advanced Micro Devices) C:\Windows\System32\Drivers\amdxata.sys
2012-05-16 22:21 - 2012-05-16 22:21 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-05-16 22:21 - 2012-05-16 22:21 - 00025600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys
2012-05-16 22:21 - 2012-05-16 22:21 - 00020352 ____A (Microsoft Corporation) C:\Windows\System32\kdusb.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00019328 ____A (Microsoft Corporation) C:\Windows\System32\kd1394.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00017792 ____A (Microsoft Corporation) C:\Windows\System32\kdcom.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00007936 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2012-05-16 22:21 - 2012-05-16 22:21 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-05-16 22:21 - 2012-05-16 22:21 - 00007680 ____A (Microsoft Corporation) C:\Windows\System32\KBDINTAM.DLL
2012-05-16 22:21 - 2012-05-16 22:21 - 00007680 ____A (Microsoft Corporation) C:\Windows\System32\KBDINMAL.DLL
2012-05-16 22:21 - 2012-05-16 22:21 - 00007680 ____A (Microsoft Corporation) C:\Windows\System32\KBDINDEV.DLL
2012-05-16 22:21 - 2012-05-16 22:21 - 00007680 ____A (Microsoft Corporation) C:\Windows\System32\KBDINBEN.DLL
2012-05-16 22:21 - 2012-05-16 22:21 - 00007168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINTAM.DLL
2012-05-16 22:21 - 2012-05-16 22:21 - 00007168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINORI.DLL
2012-05-16 22:21 - 2012-05-16 22:21 - 00007168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINMAR.DLL
2012-05-16 22:21 - 2012-05-16 22:21 - 00007168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINMAL.DLL
2012-05-16 22:21 - 2012-05-16 22:21 - 00007168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINKAN.DLL
2012-05-16 22:21 - 2012-05-16 22:21 - 00007168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINHIN.DLL
2012-05-16 22:21 - 2012-05-16 22:21 - 00007168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINDEV.DLL
2012-05-16 22:21 - 2012-05-16 22:21 - 00007168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINBEN.DLL
2012-05-16 22:21 - 2012-05-16 22:21 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDINTEL.DLL
2012-05-16 22:21 - 2012-05-16 22:21 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDINPUN.DLL
2012-05-16 22:21 - 2012-05-16 22:21 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDINORI.DLL
2012-05-16 22:21 - 2012-05-16 22:21 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDINMAR.DLL
2012-05-16 22:21 - 2012-05-16 22:21 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDINKAN.DLL
2012-05-16 22:21 - 2012-05-16 22:21 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDINHIN.DLL
2012-05-16 22:21 - 2012-05-16 22:21 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDINGUJ.DLL
2012-05-16 22:21 - 2012-05-16 22:21 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDINEN.DLL
2012-05-16 22:21 - 2012-05-16 22:21 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDINBE2.DLL
2012-05-16 22:21 - 2012-05-16 22:21 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDINBE1.DLL
2012-05-16 22:21 - 2012-05-16 22:21 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDINASA.DLL
2012-05-16 22:21 - 2012-05-16 22:21 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINTEL.DLL
2012-05-16 22:21 - 2012-05-16 22:21 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINPUN.DLL
2012-05-16 22:21 - 2012-05-16 22:21 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINGUJ.DLL
2012-05-16 22:21 - 2012-05-16 22:21 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINBE2.DLL
2012-05-16 22:21 - 2012-05-16 22:21 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINBE1.DLL
2012-05-16 22:21 - 2012-05-16 22:21 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINASA.DLL
2012-05-16 22:21 - 2012-05-16 22:21 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-05-16 22:21 - 2012-05-16 22:21 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-05-16 22:01 - 2012-05-16 22:01 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-05-16 22:01 - 2012-05-16 22:01 - 00697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-05-16 22:01 - 2012-05-16 22:01 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-05-16 22:01 - 2012-05-16 22:01 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-05-16 22:01 - 2012-05-16 22:01 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-05-16 22:01 - 2012-05-16 22:01 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-05-16 22:01 - 2012-05-16 22:01 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-05-16 22:01 - 2012-05-16 22:01 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-05-16 22:01 - 2012-05-16 22:01 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-05-16 22:01 - 2012-05-16 22:01 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-05-16 22:01 - 2012-05-16 22:01 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-05-16 22:01 - 2012-05-16 22:01 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-05-16 22:01 - 2012-05-16 22:01 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-05-16 22:01 - 2012-05-16 22:01 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-05-16 22:01 - 2012-05-16 22:01 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-05-16 22:01 - 2012-05-16 22:01 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-05-16 22:01 - 2012-05-16 22:01 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-05-16 22:01 - 2012-05-16 22:01 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-05-16 22:01 - 2012-05-16 22:01 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-05-16 22:01 - 2012-05-16 22:01 - 00003440 ____A C:\Windows\SysWOW64\Drivers\1028_Dell_XPS_8500.mrk
2012-05-16 22:01 - 2012-05-16 22:01 - 00003440 ____A C:\Windows\System32\Drivers\1028_Dell_XPS_8500.mrk
2012-05-16 21:58 - 2009-07-13 21:38 - 00025600 __ASH C:\Windows\System32\config\BCD-Template.LOG
2012-05-16 21:58 - 2009-07-13 21:32 - 00028672 ____A C:\Windows\System32\config\BCD-Template
2012-05-16 20:48 - 2012-05-16 20:48 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_btath_hcrp_01009.Wdf
2012-05-16 20:45 - 2012-05-16 20:45 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_iusb3hcs_01009.Wdf
2012-05-16 20:29 - 2012-05-16 22:26 - 00164480 ____A C:\Windows\System32\Drivers\RTWAVES40.dat

ZeroAccess:
C:\Windows\Installer\{639f942b-ed58-6584-d63f-f1c93a10823f}
C:\Windows\Installer\{639f942b-ed58-6584-d63f-f1c93a10823f}\L
C:\Windows\Installer\{639f942b-ed58-6584-d63f-f1c93a10823f}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 10%
Total physical RAM: 8155.28 MB
Available physical RAM: 7334.24 MB
Total Pagefile: 8153.48 MB
Available Pagefile: 7325.3 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:919.22 GB) (Free:753.86 GB) NTFS
2 Drive d: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.18 GB) (Free:0 GB) UDF
3 Drive e: (RECOVERY) (Fixed) (Total:12.25 GB) (Free:5.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
7 Drive i: (WDO_MEDIA64) (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT32
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 Online 1924 MB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 12 GB 40 MB
Partition 3 Primary 919 GB 12 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 FAT Partition 39 MB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 E RECOVERY NTFS Partition 12 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 919 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1907 MB 64 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 I WDO_MEDIA64 FAT32 Removable 1907 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-30 17:24

======================= End Of Log ==========================

#5 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:02:58 AM

Posted 04 August 2012 - 09:55 PM

r8der,

That is odd that you can access the Internet in Internet Explorer 64-bit, but cannot access it in any other program. You're still partially infected with ZeroAccess, a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.


:step1: Rerun Combofix

Please delete the Cobmofix file from your desktop. Do not make any other changes to your computer.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2


Open notepad and copy/paste the text in the quotebox below into it:

http://www.bleepingcomputer.com/forums/topic463189.html

Collect::
C:\Windows\Installer\{639f942b-ed58-6584-d63f-f1c93a10823f}\L
C:\Windows\Installer\{639f942b-ed58-6584-d63f-f1c93a10823f}\U

Suspect::
c:\windows\SysWow64\drivers\kkkbxtaw.sys
c:\windows\SysWow64\drivers\udczvw.sys
c:\windows\SysWow64\drivers\npaiii.sys

DirLook::
c:\windows\AxInstSV

Save this as CFScript.txt


Posted Image


Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**
When Combofix finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
Ensure you are connected to the internet and click OK on the message box.


:step2: dumpit
Please do the following. You will need a USB drive with no less than 64 MB of space. If you have any questions or get any errors, please let me know!

  • Insert your USB drive.
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format (Note that this will erase any files you have on your flashdrive. Please move any files you want to keep to your computer before completing this step.)
  • Download xPUD 0.9.2 iso, saving the file to your Desktop.
  • Download UNetbootin and save it to your Desktop as well.
  • Double click the unetbootin-windows-latest.exe that you just downloaded.
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will write files to your USB device and make it bootable
  • Once the files have been written to the device you will be prompted to reboot ~ do NOT reboot and instead just Exit the UNetbootin interface
  • Next, download dumpit and save it to the same flash drive where you installed xPUD.
  • Remove the USB and insert it in the ailing computer
  • Power on the computer and press F12 then choose to boot from the USB
  • After selecting a language and readying the system, a Welcome to xPUD screen will appear
  • Click the File tab
  • Expand mnt by clicking the plus sign to it's left
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Double click dumpit.
  • It will create some MBR copies on the USB drive.
  • When it completes press Enter to exit the Terminal window.
  • Remove the USB drive, then locate on it an mbr.zip file, and upload that here as an attachment please.
mbr.zip should be created on your flash drive, please attach it to your next reply.


In your next reply, please include:
  • Combofix log
  • Attach the mbr.zip file
  • Feedback from you - how is your computer running now?

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#6 r8der

r8der
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 04 August 2012 - 11:15 PM

xpud wont load up i get a black screen saying something about a fatal error, no screen & no server :o

#7 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:02:58 AM

Posted 05 August 2012 - 12:17 PM

r8der,

xPUD sometimes has problems with graphics cards. Let's try dumpit a different way. Again, if you have any questions or run into any problems, please let me know.

Please create this bootable CD.

  • Save these files to your Desktop
  • Open BurnCDCC and Extract All files to to it's own folder
  • Double Click BurnCDCC
  • Click Browse and navigate to the Puppy Linux ISO file you just downloaded
  • click on it and click Open
  • IMPORTANT: Adjust the speed bar to CD: 4x DVD: 1x
  • Click Start
  • Your CD Burner Tray will open automatically
  • Insert a blank CD and close the tray
  • Click OK
The CD should eject when finished.

Download and save pldumpit.exe to your USB device.

To use the CD

  • Insert the CD and restart the computer
  • When the computer first starts please press the key indicated on the screen to enter the bios or setup.
  • Make the necessary changes to make the CD first in the boot order
  • Save the changes and exit the bios/setup
  • Your computer will restart and boot from the Puppy Linux Live CD
You can save these instructions to a notepad on your usb device. Once you have mounted the drives you should be able view them by clicking on them.

  • Set your language, time. etc preferences and continue
  • Click the Mount Icon located at the top left of your desktop (should be 3rd from the left top row)
  • A Window will open, click mount for each drive listed
  • if you have a USB Flash Drive connected it's usually automatically mounted upon boot, but click the "usbdrv" tab and make sure it is mounted.

In the lower left you will see some icons with a green light on them. Click on the one that represents your usb device.
  • locate pldumpit.exe
  • right click it and select rename
  • please remove only the .exe from the file path
  • click rename
  • click on pldumpit
  • a window will open please hit enter when told to to close the window
  • there should now be a file named mbr.zip in the list of files
  • close all windows
  • click menu
  • highlight shutdown
  • click reboot
  • use the arrow key to select Do not save
  • hit enter
  • remove the CD before the computer restarts and allow the computer to boot

Please attach MBR.zip to your next reply.


In your next reply, please include:
  • Attach the mbr.zip file

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#8 r8der

r8der
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 05 August 2012 - 02:48 PM

Ok all Done, here is last nights combofix log & mbr file

ComboFix 12-08-05.02 - Sickness5150 08/04/2012 20:10:41.4.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8155.5918 [GMT -7:00]
Running from: c:\users\Sickness5150\Desktop\ComboFix.exe
Command switches used :: c:\users\Sickness5150\Desktop\CFScript.txt
AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\5907\Downloads\116e5d12-0d05-4993-954c-85b013aaf3cb.dll
c:\programdata\PCDr\5907\Downloads\140239b3-d59a-46fa-b856-17682a46cb44.dll
c:\programdata\PCDr\5907\Downloads\f0fc9c9c-10ba-435b-8365-dadb523644ff.dll
c:\users\SICKNE~1\AppData\Local\Temp\{A46436FC-8502-4147-B8BD-F7E70ECE9EC9}\fpb.tmp
c:\users\Sickness5150\AppData\Local\Temp\{A46436FC-8502-4147-B8BD-F7E70ECE9EC9}\fpb.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-07-05 to 2012-08-05 )))))))))))))))))))))))))))))))
.
.
2012-08-05 03:16 . 2012-08-05 03:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-04 23:40 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FC1DDDA7-2EEA-4B8E-AA78-E4501F847D3A}\mpengine.dll
2012-07-31 00:28 . 2012-07-31 00:28 -------- d-----w- C:\BrownSW
2012-07-30 23:25 . 2012-07-30 23:25 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys
2012-07-30 23:22 . 2012-07-30 23:22 -------- d-----w- c:\program files (x86)\ESET
2012-07-30 23:22 . 2012-07-30 23:22 -------- d--h--w- c:\windows\AxInstSV
2012-07-30 21:54 . 2012-07-30 21:54 -------- d-----w- c:\program files\CCleaner
2012-07-30 21:24 . 2012-07-30 21:24 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-30 21:24 . 2012-07-03 20:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-30 04:34 . 2012-07-30 04:34 -------- d-----w- C:\FRST
2012-07-30 04:02 . 2012-07-30 04:02 -------- d-----w- c:\users\Sickness5150\AppData\Local\Adobe
2012-07-30 03:47 . 2012-07-30 03:47 -------- d-----w- c:\programdata\Sophos
2012-07-28 08:13 . 2012-07-29 23:34 -------- d-----w- c:\programdata\PLAV
2012-07-28 08:12 . 2012-07-28 08:12 -------- d-----w- c:\programdata\ParetoLogic Anti-Virus PLUS
2012-07-28 04:15 . 2012-07-28 04:15 815 ----a-w- C:\temp188.bat
2012-07-28 04:15 . 2012-07-28 04:15 1147 ----a-w- C:\temp52.bat
2012-07-28 04:13 . 2004-06-11 23:33 290304 ----a-w- C:\subinacl.exe
2012-07-28 03:15 . 2012-07-30 02:51 -------- d-----w- c:\programdata\Atheros
2012-07-28 03:11 . 2012-07-28 03:11 -------- d-----w- c:\users\Sickness5150\AppData\Roaming\Atheros
2012-07-28 03:11 . 2012-07-28 03:11 -------- d-----w- c:\program files (x86)\Common Files\Atheros
2012-07-28 00:57 . 2012-07-28 00:57 -------- d-----w- c:\programdata\Kaspersky Lab
2012-07-28 00:10 . 2012-07-28 00:10 -------- d-----w- c:\programdata\PC Tools
2012-07-28 00:10 . 2012-07-28 00:10 -------- d-----w- c:\users\Sickness5150\AppData\Roaming\TestApp
2012-07-28 00:03 . 2012-07-28 00:03 -------- d-----w- c:\users\Sickness5150\AppData\Roaming\Malwarebytes
2012-07-28 00:03 . 2012-07-28 00:03 -------- d-----w- c:\programdata\Malwarebytes
2012-07-27 23:37 . 2012-07-27 23:37 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-07-27 22:54 . 2012-07-27 22:54 -------- d-----w- c:\users\Sickness5150\AppData\Roaming\Safer Networking
2012-07-27 22:41 . 2011-05-04 18:36 29752 ----a-w- c:\windows\system32\drivers\rspSanity64.sys
2012-07-27 22:35 . 2012-07-30 03:44 -------- d-----w- c:\users\Sickness5150\Pavark
2012-07-27 22:21 . 2012-07-27 22:21 -------- d-----w- c:\windows\Microsoft Antimalware
2012-07-26 06:04 . 2012-07-26 06:04 955888 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-26 06:04 . 2012-07-26 06:04 839152 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-26 06:04 . 2012-07-26 06:04 268784 ----a-w- c:\windows\system32\javaws.exe
2012-07-26 06:04 . 2012-07-26 06:04 189424 ----a-w- c:\windows\system32\javaw.exe
2012-07-26 06:04 . 2012-07-26 06:04 188912 ----a-w- c:\windows\system32\java.exe
2012-07-26 06:03 . 2012-07-26 06:03 -------- d-----w- c:\program files\Java
2012-07-26 04:27 . 2012-07-26 04:27 61440 ------w- c:\windows\SysWow64\drivers\npaiii.sys
2012-07-26 04:24 . 2012-07-26 04:24 61440 ------w- c:\windows\SysWow64\drivers\kkkbxtaw.sys
2012-07-26 04:19 . 2012-07-26 04:19 61440 ------w- c:\windows\SysWow64\drivers\udczvw.sys
2012-07-26 02:59 . 2012-07-26 02:59 -------- d-----w- c:\users\Sickness5150\AppData\Roaming\SUPERAntiSpyware.com
2012-07-25 23:58 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-07-25 23:58 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-07-25 05:01 . 2012-07-25 05:01 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-07-25 04:56 . 2010-04-27 18:04 178040 ----a-w- c:\windows\system32\psloglist.exe
2012-07-25 04:56 . 2010-04-27 18:04 183160 ----a-w- c:\windows\system32\PsLoggedon.exe
2012-07-25 04:56 . 2010-04-27 18:04 169848 ----a-w- c:\windows\system32\PsService.exe
2012-07-25 04:56 . 2006-12-05 00:53 207664 ----a-w- c:\windows\system32\psshutdown.exe
2012-07-25 04:56 . 2006-12-05 00:53 187184 ----a-w- c:\windows\system32\pssuspend.exe
2012-07-25 04:56 . 2006-12-05 00:53 105264 ----a-w- c:\windows\system32\pspasswd.exe
2012-07-25 04:56 . 2012-06-22 06:34 468592 ----a-w- c:\windows\system32\pskill.exe
2012-07-25 04:56 . 2012-03-22 22:53 232232 ----a-w- c:\windows\system32\pslist.exe
2012-07-25 04:56 . 2010-04-27 18:04 381816 ----a-w- c:\windows\system32\PsExec.exe
2012-07-25 04:56 . 2010-04-27 18:04 333176 ----a-w- c:\windows\system32\PsGetsid.exe
2012-07-25 04:56 . 2010-04-27 18:04 390520 ----a-w- c:\windows\system32\PsInfo.exe
2012-07-25 04:56 . 2006-12-05 00:53 105264 ----a-w- c:\windows\system32\psfile.exe
2012-07-25 03:58 . 2006-06-19 20:01 69632 ----a-w- c:\windows\SysWow64\ztvcabinet.dll
2012-07-25 03:58 . 2006-05-25 22:52 162304 ----a-w- c:\windows\SysWow64\ztvunrar36.dll
2012-07-25 03:58 . 2005-08-26 08:50 77312 ----a-w- c:\windows\SysWow64\ztvunace26.dll
2012-07-25 03:58 . 2003-02-03 03:06 153088 ----a-w- c:\windows\SysWow64\UNRAR3.dll
2012-07-25 03:58 . 2002-03-06 08:00 75264 ----a-w- c:\windows\SysWow64\unacev2.dll
2012-07-25 03:58 . 2012-07-25 06:28 -------- d-----w- c:\users\Sickness5150\AppData\Roaming\Simply Super Software
2012-07-24 06:36 . 2012-07-24 06:36 328704 ----a-w- c:\windows\system32\services.exe.B163531DD5A9CE67
2012-07-24 06:35 . 2012-07-24 06:35 129024 ----a-w- c:\windows\RegBootClean64.exe
2012-07-24 06:14 . 2012-07-26 02:00 -------- d-----w- c:\program files (x86)\stinger
2012-07-24 05:52 . 2012-07-24 05:55 -------- d-----w- c:\programdata\HitmanPro
2012-07-24 05:27 . 2012-07-24 05:27 -------- d-----w- c:\program files (x86)\Citrix
2012-07-24 05:12 . 2012-07-24 05:12 -------- d-----w- c:\users\Sickness5150\AppData\Roaming\QuickScan
2012-07-24 05:07 . 2012-07-28 03:23 -------- d-----w- c:\users\Sickness5150\AppData\Roaming\GetRightToGo
2012-07-24 04:43 . 2012-07-24 04:43 -------- d-----w- c:\users\Sickness5150\AppData\Roaming\SpeedyPC Software
2012-07-24 04:43 . 2012-07-24 04:43 -------- d-----w- c:\users\Sickness5150\AppData\Roaming\DriverCure
2012-07-24 04:43 . 2012-07-24 04:43 -------- d-----w- c:\program files (x86)\Common Files\SpeedyPC Software
2012-07-24 04:43 . 2012-07-24 04:43 -------- d-----w- c:\programdata\SpeedyPC Software
2012-07-24 04:43 . 2012-07-24 04:43 -------- d-----w- c:\program files (x86)\SpeedyPC Software
2012-07-24 04:34 . 2012-07-25 03:36 -------- d-----w- c:\users\Sickness5150\AppData\Local\Deployment
2012-07-24 04:34 . 2012-07-24 04:34 -------- d-----w- c:\users\Sickness5150\AppData\Local\Apps
2012-07-24 04:23 . 2012-07-24 04:23 328704 ----a-w- c:\windows\system32\services.exe.3A2312A40FD809D1
2012-07-24 04:16 . 2012-07-24 04:16 328704 ----a-w- c:\windows\system32\services.exe.88D6BEFE027D546D
2012-07-24 04:12 . 2012-07-24 04:12 328704 ----a-w- c:\windows\system32\services.exe.90D5EDF0015B9C2F
2012-07-24 04:04 . 2012-07-24 04:04 328704 ----a-w- c:\windows\system32\services.exe.041952EDB02A1C04
2012-07-24 02:43 . 2012-07-25 03:14 -------- d-----w- c:\users\Sickness5150\AppData\Local\NPE
2012-07-24 02:43 . 2012-07-24 02:43 -------- d-----w- c:\programdata\Norton
2012-07-24 02:24 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2012-07-24 02:24 . 2010-06-28 20:57 165032 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-07-24 02:24 . 2012-07-25 03:23 -------- d-----w- c:\program files\Alwil Software
2012-07-24 02:24 . 2012-07-25 03:23 -------- d-----w- c:\programdata\Alwil Software
2012-07-24 02:11 . 2012-07-24 02:14 27760 ----a-w- c:\windows\SysWow64\epfwdata.bin
2012-07-24 02:10 . 2012-07-24 02:10 -------- d-----w- c:\users\Sickness5150\AppData\Local\ESET
2012-07-24 01:48 . 2012-07-24 01:48 -------- d-----w- c:\program files\ESET
2012-07-24 00:48 . 2012-07-24 00:48 -------- d-----w- c:\programdata\Webroot
2012-07-23 23:48 . 2012-07-23 23:48 -------- d-----w- c:\program files (x86)\MSSOAP
2012-07-23 23:48 . 2012-07-23 23:48 17264 ----a-w- c:\windows\system32\SsiEfr.exe
2012-07-23 23:32 . 2012-07-24 00:48 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-07-23 23:32 . 2012-07-24 00:48 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-07-20 23:37 . 2012-07-25 03:58 -------- d-----w- c:\program files (x86)\Trojan Remover
2012-07-20 23:37 . 2012-07-20 23:37 -------- d-----w- c:\programdata\Simply Super Software
2012-07-19 03:49 . 2012-07-19 03:49 328704 ----a-w- c:\windows\system32\services.exe.46DA573FA569C3D0
2012-07-19 03:39 . 2012-07-19 03:39 328704 ----a-w- c:\windows\system32\services.exe.517AF7A202A9B1D2
2012-07-19 03:35 . 2012-07-19 03:35 328704 ----a-w- c:\windows\system32\services.exe.FEE330994FFFB9D3
2012-07-19 03:18 . 2012-07-19 03:18 -------- d-----w- c:\program files (x86)\Trend Micro
2012-07-18 03:52 . 2012-07-18 03:52 -------- d-----w- c:\program files\VstPlugins
2012-07-17 01:02 . 2012-07-17 01:02 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-17 00:58 . 2006-04-07 02:41 233472 ----a-w- c:\windows\SysWow64\REX Shared Library.dll
2012-07-12 04:07 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-12 03:41 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-12 03:41 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-07-12 03:41 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-12 03:41 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-07-12 03:41 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-12 03:41 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2012-07-12 03:40 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-07-12 03:40 . 2012-06-02 05:50 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-12 03:40 . 2012-06-02 05:48 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-12 03:40 . 2012-06-02 05:48 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-07-12 03:40 . 2012-06-02 05:45 340992 ----a-w- c:\windows\system32\schannel.dll
2012-07-12 03:40 . 2012-06-02 05:44 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-12 03:40 . 2012-06-02 04:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-07-12 03:40 . 2012-06-02 04:40 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-07-12 03:40 . 2012-06-02 04:39 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-07-12 03:40 . 2012-06-02 04:34 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 03:47 . 2012-05-17 04:32 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 03:47 . 2012-05-17 04:32 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-03 10:19 . 2012-05-23 23:01 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-14 02:51 . 2012-06-14 02:51 772592 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-06-14 02:51 . 2012-06-14 02:51 687600 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-02 22:19 . 2012-06-18 21:55 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-18 21:55 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-18 21:55 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-18 21:55 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-18 21:55 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-18 21:55 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-18 21:55 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-18 21:55 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-18 21:55 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-05-31 19:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-25 00:29 . 2012-05-25 00:29 2892 ----a-w- c:\windows\SysWow64\audcon.sys
2012-05-21 22:05 . 2012-05-21 22:05 384 ----a-w- c:\windows\SysWow64\checkOS.bat
2012-05-20 23:47 . 2012-05-20 23:47 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2012-05-20 18:29 . 2012-05-20 18:29 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-05-20 16:52 . 2010-06-24 16:33 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-05-17 06:21 . 2012-05-17 06:21 86528 ----a-w- c:\windows\SysWow64\SearchFilterHost.exe
2012-05-17 06:21 . 2012-05-17 06:21 778752 ----a-w- c:\windows\system32\mssvp.dll
2012-05-17 06:21 . 2012-05-17 06:21 75264 ----a-w- c:\windows\system32\msscntrs.dll
2012-05-17 06:21 . 2012-05-17 06:21 666624 ----a-w- c:\windows\SysWow64\mssvp.dll
2012-05-17 06:21 . 2012-05-17 06:21 59392 ----a-w- c:\windows\SysWow64\msscntrs.dll
2012-05-17 06:21 . 2012-05-17 06:21 591872 ----a-w- c:\windows\system32\SearchIndexer.exe
2012-05-17 06:21 . 2012-05-17 06:21 491520 ----a-w- c:\windows\system32\mssph.dll
2012-05-17 06:21 . 2012-05-17 06:21 427520 ----a-w- c:\windows\SysWow64\SearchIndexer.exe
2012-05-17 06:21 . 2012-05-17 06:21 337408 ----a-w- c:\windows\SysWow64\mssph.dll
2012-05-17 06:21 . 2012-05-17 06:21 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2012-05-17 06:21 . 2012-05-17 06:21 31232 ----a-w- c:\windows\system32\prevhost.exe
2012-05-17 06:21 . 2012-05-17 06:21 288256 ----a-w- c:\windows\system32\mssphtb.dll
2012-05-17 06:21 . 2012-05-17 06:21 249856 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2012-05-17 06:21 . 2012-05-17 06:21 2315776 ----a-w- c:\windows\system32\tquery.dll
2012-05-17 06:21 . 2012-05-17 06:21 2223616 ----a-w- c:\windows\system32\mssrch.dll
2012-05-17 06:21 . 2012-05-17 06:21 197120 ----a-w- c:\windows\SysWow64\mssphtb.dll
2012-05-17 06:21 . 2012-05-17 06:21 164352 ----a-w- c:\windows\SysWow64\SearchProtocolHost.exe
2012-05-17 06:21 . 2012-05-17 06:21 1549312 ----a-w- c:\windows\SysWow64\tquery.dll
2012-05-17 06:21 . 2012-05-17 06:21 1401344 ----a-w- c:\windows\SysWow64\mssrch.dll
2012-05-17 06:21 . 2012-05-17 06:21 113664 ----a-w- c:\windows\system32\SearchFilterHost.exe
2012-05-17 06:21 . 2012-05-17 06:21 976896 ----a-w- c:\windows\system32\inetcomm.dll
2012-05-17 06:21 . 2012-05-17 06:21 80384 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2012-05-17 06:21 . 2012-05-17 06:21 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2012-05-17 06:21 . 2012-05-17 06:21 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2012-05-17 06:21 . 2012-05-17 06:21 613888 ----a-w- c:\windows\system32\psisdecd.dll
2012-05-17 06:21 . 2012-05-17 06:21 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-05-17 06:21 . 2012-05-17 06:21 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-05-17 06:21 . 2012-05-17 06:21 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-05-17 06:21 . 2012-05-17 06:21 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2012-05-17 06:21 . 2012-05-17 06:21 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2012-05-17 06:21 . 2012-05-17 06:21 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2012-05-17 06:21 . 2012-05-17 06:21 1395712 ----a-w- c:\windows\system32\mfc42.dll
2012-05-17 06:21 . 2012-05-17 06:21 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2012-05-17 06:21 . 2012-05-17 06:21 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2012-05-17 06:21 . 2012-05-17 06:21 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2012-05-17 06:21 . 2012-05-17 06:21 108032 ----a-w- c:\windows\system32\psisrndr.ax
2012-05-17 06:21 . 2012-05-17 06:21 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-05-17 06:21 . 2012-05-17 06:21 77312 ----a-w- c:\windows\system32\packager.dll
2012-05-17 06:21 . 2012-05-17 06:21 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-05-17 06:21 . 2012-05-17 06:21 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-05-17 06:21 . 2012-05-17 06:21 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2012-05-17 06:21 . 2012-05-17 06:21 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-05-17 06:21 . 2012-05-17 06:21 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2012-05-17 06:21 . 2012-05-17 06:21 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-05-17 06:21 . 2012-05-17 06:21 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-05-17 06:21 . 2012-05-17 06:21 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-05-17 06:21 . 2012-05-17 06:21 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2012-05-17 06:21 . 2012-05-17 06:21 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-05-17 06:21 . 2012-05-17 06:21 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2012-05-17 06:21 . 2012-05-17 06:21 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-05-17 06:21 . 2012-05-17 06:21 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-05-17 06:21 . 2012-05-17 06:21 294912 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-05-17 06:21 . 2012-05-17 06:21 2871808 ----a-w- c:\windows\explorer.exe
2012-05-17 06:21 . 2012-05-17 06:21 2616320 ----a-w- c:\windows\SysWow64\explorer.exe
2012-05-17 06:21 . 2012-05-17 06:21 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2012-05-17 06:21 . 2012-05-17 06:21 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-05-17 06:21 . 2012-05-17 06:21 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-05-17 06:21 . 2012-05-17 06:21 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2012-05-17 06:21 . 2012-05-17 06:21 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-05-17 06:21 . 2012-05-17 06:21 100864 ----a-w- c:\windows\system32\fontsub.dll
2012-05-17 06:21 . 2012-05-17 06:21 961024 ----a-w- c:\windows\system32\CPFilters.dll
2012-05-17 06:21 . 2012-05-17 06:21 861696 ----a-w- c:\windows\system32\oleaut32.dll
2012-05-17 06:21 . 2012-05-17 06:21 850944 ----a-w- c:\windows\SysWow64\sbe.dll
2012-05-17 06:21 . 2012-05-17 06:21 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2012-05-17 06:21 . 2012-05-17 06:21 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-05-17 06:21 . 2012-05-17 06:21 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll
2012-05-17 06:21 . 2012-05-17 06:21 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-05-17 06:21 . 2012-05-17 06:21 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-05-17 06:21 . 2012-05-17 06:21 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2012-05-17 06:21 . 2012-05-17 06:21 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-05-17 06:21 . 2012-05-17 06:21 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-05-17 06:21 . 2012-05-17 06:21 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-05-17 06:21 . 2012-05-17 06:21 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-05-17 06:21 . 2012-05-17 06:21 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2012-05-17 06:21 . 2012-05-17 06:21 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-05-17 06:21 . 2012-05-17 06:21 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-05-17 06:21 . 2012-05-17 06:21 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-05-17 06:21 . 2012-05-17 06:21 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-05-17 06:21 . 2012-05-17 06:21 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-05-17 06:21 . 2012-05-17 06:21 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\windows\AxInstSV ----
.
.
.
((((((((((((((((((((((((((((( SnapShot_2012-08-04_23.51.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-07-28 01:20 . 2012-08-05 00:03 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-07-28 01:20 . 2012-08-04 23:38 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-11-21 03:09 . 2012-08-05 00:02 56340 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-05 00:02 40270 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-05-20 16:59 . 2012-08-05 00:02 10712 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-727242494-1739597175-2475294030-1001_UserData.bin
- 2012-05-20 16:59 . 2012-08-04 23:38 10712 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-727242494-1739597175-2475294030-1001_UserData.bin
- 2012-08-04 23:36 . 2012-08-04 23:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-05 03:17 . 2012-08-05 03:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-05 03:17 . 2012-08-05 03:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-04 23:36 . 2012-08-04 23:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54 . 2012-08-05 00:03 245760 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-08-04 23:38 245760 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 02:36 . 2012-08-05 00:05 660068 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-08-04 23:41 660068 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-05 00:05 120996 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-08-04 23:41 120996 c:\windows\system32\perfc009.dat
- 2012-05-17 05:00 . 2012-08-01 03:07 617528 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-05-17 05:00 . 2012-08-05 03:17 617528 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 05:01 . 2012-08-05 03:17 228692 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-08-01 03:07 228692 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:54 . 2012-08-04 23:38 4603904 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-05 00:03 4603904 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-05-20 22:48 . 2012-08-05 03:17 6965224 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-727242494-1739597175-2475294030-1001-4096.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Remote Mouse"="c:\program files (x86)\Remote Mouse\RemoteMouse.exe" [2012-03-19 1020416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-11-30 284440]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-17 291608]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-26 343168]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"TrojanScanner"="c:\program files (x86)\Trojan Remover\Trjscan.exe" [2012-07-25 1233856]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R0 efpnfd;efpnfd;c:\windows\system32\drivers\kkkbxtaw.sys [x]
R0 lfwsbi;lfwsbi;c:\windows\system32\drivers\udczvw.sys [x]
R0 nbbod;nbbod;c:\windows\system32\drivers\npaiii.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-06-07 191752]
R3 efavdrv;efavdrv;c:\windows\system32\drivers\efavdrv.sys [x]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-04-10 25072]
R3 rspSanity;rspSanity;c:\windows\system32\DRIVERS\rspSanity64.sys [2011-05-04 29752]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-11-24 648808]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-22 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2011-08-04 62496]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-27 16152]
S0 ssfs0bbc;ssfs0bbc;c:\windows\system32\DRIVERS\ssfs0bbc.sys [2009-11-06 37488]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-20 283200]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2011-08-04 38288]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-26 204288]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [2011-12-30 106144]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-05-12 249648]
S2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-06-19 173056]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-08-10 974944]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-30 13592]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-01-11 627936]
S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-01-21 128280]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-04-07 5352960]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2012-02-16 1695040]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-01-21 363800]
S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [2011-12-30 158880]
S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe [2011-12-27 76960]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-10-26 10496512]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-10-26 326656]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-12-30 36000]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-10-18 93712]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-12-30 338592]
S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2011-12-30 110752]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-12-30 30368]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-12-30 167584]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-12-30 68256]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-12-30 280992]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-12-30 548000]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-27 356120]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-27 787736]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2011-11-11 60184]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-17 03:47]
.
2012-07-25 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-05-22 07:16]
.
2012-08-05 c:\windows\Tasks\SpeedyPC Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2012-08-05 c:\windows\Tasks\SpeedyPC Update Version3 Startup Task.job
- c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-07-06 20:52]
.
2012-07-24 c:\windows\Tasks\SpeedyPC Update Version3.job
- c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-07-06 20:52]
.
2012-08-05 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-05-22 07:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-12-23 6457960]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-11-16 1156712]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-08-10 4030008]
"AtherosBtStack"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" [2011-12-30 1014432]
"AthBtTray"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe" [2011-12-30 800416]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mStart Page = about:blank
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\05\00\14\12\03\10?"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-08-04 20:21:46 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-05 03:21
ComboFix2.txt 2012-08-04 23:53
ComboFix3.txt 2012-07-26 00:15
.
Pre-Run: 809,419,026,432 bytes free
Post-Run: 809,284,837,376 bytes free
.
- - End Of File - - 44E20586411605E1F213BB8A9A1F0536
Upload was successful

Attached Files

  • Attached File  mbr.zip   2.2KB   1 downloads


#9 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:02:58 AM

Posted 06 August 2012 - 10:07 AM

r8der,

I'd like to see a new FRST log. Please delete the FRST.exe file on your USB flashdrive, along with FRST.txt


Please download a NEW Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

- OR -

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#10 r8der

r8der
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 06 August 2012 - 02:56 PM

New frst log as you requested


Scan result of Farbar Recovery Scan Tool Version: 05-08-2012 03
Ran by SYSTEM at 06-08-2012 12:53:19
Running from I:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet002

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s [6457960 2011-12-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX4 [1156712 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice [4030008 2011-08-09] (ESET)
HKLM\...\Run: [AtherosBtStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" [1014432 2011-12-29] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe" [800416 2011-12-29] (Atheros Commnucations)
HKLM-x32\...\Run: [IAStorIcon] "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-02-16] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-10-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2012-04-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot [1233856 2012-07-24] (Simply Super Software)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
HKU\Sickness5150\...\Run: [Remote Mouse] "C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe" [1020416 2012-03-19] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

==================== Services (Whitelisted) ======

2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [106144 2011-12-29] (Atheros Commnucations)
2 DellDigitalDelivery; "C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe" [173056 2012-06-19] (Dell Products, LP.)
2 ekrn; "C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe" [974944 2011-08-09] (ESET)
2 Intel® Capability Licensing Service Interface; "C:\Program Files\Intel\iCLS Client\HeciServer.exe" [627936 2012-01-10] (Intel® Corporation)
2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-01-21] ()
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [363800 2012-01-21] (Intel Corporation)
2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-12-29] (Atheros)
2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [76960 2011-12-26] (Atheros)

========================== Drivers (Whitelisted) =============

3 AthBTPort; C:\Windows\System32\DRIVERS\btath_flt.sys [36000 2011-12-29] (Atheros)
3 BTATH_A2DP; C:\Windows\System32\Drivers\BTATH_A2DP.sys [338592 2011-12-29] (Atheros)
3 btath_avdt; C:\Windows\System32\Drivers\btath_avdt.sys [110752 2011-12-29] (Atheros)
3 BTATH_BUS; C:\Windows\System32\Drivers\BTATH_BUS.sys [30368 2011-12-29] (Atheros)
3 BTATH_HCRP; C:\Windows\System32\Drivers\BTATH_HCRP.sys [167584 2011-12-29] (Atheros)
3 BTATH_LWFLT; C:\Windows\System32\Drivers\BTATH_LWFLT.sys [68256 2011-12-29] (Atheros)
3 BTATH_RCP; C:\Windows\System32\Drivers\BTATH_RCP.sys [280992 2011-12-29] (Atheros)
3 BtFilter; C:\Windows\System32\Drivers\BtFilter.sys [548000 2011-12-29] (Atheros)
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-05-20] (DT Soft Ltd)
2 eamonm; C:\Windows\System32\Drivers\eamonm.sys [202576 2011-08-09] (ESET)
1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [146432 2011-08-04] (ESET)
2 epfw; C:\Windows\System32\Drivers\epfw.sys [187632 2011-08-04] (ESET)
1 EpfwLWF; C:\Windows\System32\Drivers\EpfwLWF.sys [38288 2011-08-04] (ESET)
0 epfwwfp; C:\Windows\System32\Drivers\epfwwfp.sys [62496 2011-08-04] (ESET)
0 iusb3hcs; C:\Windows\System32\Drivers\iusb3hcs.sys [16152 2012-01-26] (Intel Corporation)
3 iusb3hub; C:\Windows\System32\Drivers\iusb3hub.sys [356120 2012-01-26] (Intel Corporation)
3 iusb3xhc; C:\Windows\System32\Drivers\iusb3xhc.sys [787736 2012-01-26] (Intel Corporation)
1 kl1; C:\Windows\System32\Drivers\kl1.sys [460888 2010-08-09] (Kaspersky Lab ZAO)
1 KLIF; C:\Windows\System32\Drivers\KLIF.sys [354320 2010-05-28] (Kaspersky Lab)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
3 rspSanity; C:\Windows\System32\DRIVERS\rspSanity64.sys [29752 2011-05-04] (Resplendence Software Projects Sp.)
0 ssfs0bbc; C:\Windows\System32\Drivers\ssfs0bbc.sys [37488 2009-11-06] (Webroot Software, Inc. (www.webroot.com))
0 ssidrv; C:\Windows\System32\Drivers\ssidrv.sys [135280 2009-11-06] (Webroot Software, Inc. (www.webroot.com))
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 efavdrv; \??\C:\Windows\system32\drivers\efavdrv.sys [x]
0 efpnfd; C:\Windows\System32\drivers\kkkbxtaw.sys [x]
1 IPSec; C:\Windows\System32\DRIVERS\ipsec.sys [x]
0 lfwsbi; C:\Windows\System32\drivers\udczvw.sys [x]
0 nbbod; C:\Windows\System32\drivers\npaiii.sys [x]
3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-06 11:39 - 2012-08-06 11:39 - 01439659 ____A (Farbar) C:\Users\Sickness5150\Downloads\FRST64.exe
2012-08-05 11:36 - 2012-08-05 11:36 - 00000000 ____D C:\Users\Sickness5150\Desktop\burncdcc
2012-08-05 11:00 - 2012-08-05 11:35 - 139005952 ____A C:\Users\Sickness5150\Desktop\lupu-528.005.iso
2012-08-04 19:21 - 2012-08-04 19:22 - 00039091 ____A C:\ComboFix.txt
2012-07-30 16:36 - 2012-07-30 16:36 - 00000000 ____D C:\Windows\pss
2012-07-30 16:29 - 2012-08-04 19:17 - 00001474 ____A C:\Windows\PFRO.log
2012-07-30 16:28 - 2012-07-30 16:28 - 00000161 ____A C:\Windows\clnqhosts.txt
2012-07-30 16:28 - 2012-07-30 16:28 - 00000000 ____D C:\BrownSW
2012-07-30 16:28 - 2003-10-03 10:55 - 00000734 ____A C:\Windows\System32\Drivers\etc\hosts.{00}.SAV
2012-07-30 15:25 - 2012-07-30 15:25 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys
2012-07-30 15:22 - 2012-07-30 15:22 - 00000000 ___HD C:\Windows\AxInstSV
2012-07-30 15:22 - 2012-07-30 15:22 - 00000000 ____D C:\Program Files (x86)\ESET
2012-07-30 15:20 - 2012-07-30 15:20 - 00000168 ____A C:\Users\Sickness5150\defogger_reenable
2012-07-30 14:05 - 2012-08-06 11:39 - 00168950 ____A C:\Windows\WindowsUpdate.log
2012-07-30 14:03 - 2012-08-06 11:51 - 00001960 ____A C:\Windows\setupact.log
2012-07-30 14:03 - 2012-07-30 14:03 - 00000000 ____A C:\Windows\setuperr.log
2012-07-30 13:54 - 2012-07-30 13:54 - 00000000 ____D C:\Program Files\CCleaner
2012-07-30 13:24 - 2012-07-30 13:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-30 13:24 - 2012-07-03 12:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-29 20:34 - 2012-07-29 20:34 - 00000000 ____D C:\FRST
2012-07-29 20:02 - 2012-07-29 20:02 - 00000000 ____D C:\Users\Sickness5150\Local Settings\Application Data\Adobe
2012-07-29 20:02 - 2012-07-29 20:02 - 00000000 ____D C:\Users\Sickness5150\Local Settings\Adobe
2012-07-29 20:02 - 2012-07-29 20:02 - 00000000 ____D C:\Users\Sickness5150\AppData\Local\Adobe
2012-07-29 19:47 - 2012-07-29 19:47 - 00000000 ____D C:\Users\All Users\Sophos
2012-07-29 19:47 - 2012-07-29 19:47 - 00000000 ____D C:\Users\All Users\Application Data\Sophos
2012-07-29 19:09 - 2012-07-30 13:17 - 00000395 ____A C:\rkill.log
2012-07-28 00:13 - 2012-07-29 15:34 - 00000000 ____D C:\Users\All Users\PLAV
2012-07-28 00:13 - 2012-07-29 15:34 - 00000000 ____D C:\Users\All Users\Application Data\PLAV
2012-07-28 00:12 - 2012-07-28 00:12 - 00000000 ____D C:\Users\All Users\ParetoLogic Anti-Virus PLUS
2012-07-28 00:12 - 2012-07-28 00:12 - 00000000 ____D C:\Users\All Users\Application Data\ParetoLogic Anti-Virus PLUS
2012-07-27 20:15 - 2012-07-27 20:15 - 00001147 ____A C:\temp52.bat
2012-07-27 20:15 - 2012-07-27 20:15 - 00000815 ____A C:\temp188.bat
2012-07-27 20:13 - 2004-06-11 15:33 - 00290304 ____A (Microsoft Corporation) C:\subinacl.exe
2012-07-27 20:07 - 2012-07-27 20:15 - 00000042 ____A C:\repairs_running.dat
2012-07-27 19:15 - 2012-07-29 18:51 - 00000000 ____D C:\Users\All Users\Atheros
2012-07-27 19:15 - 2012-07-29 18:51 - 00000000 ____D C:\Users\All Users\Application Data\Atheros
2012-07-27 19:11 - 2012-07-27 19:11 - 00000000 ____D C:\Users\Sickness5150\Application Data\Atheros
2012-07-27 19:11 - 2012-07-27 19:11 - 00000000 ____D C:\Users\Sickness5150\AppData\Roaming\Atheros
2012-07-27 16:57 - 2012-07-27 16:57 - 00000000 ____D C:\Users\All Users\Kaspersky Lab
2012-07-27 16:57 - 2012-07-27 16:57 - 00000000 ____D C:\Users\All Users\Application Data\Kaspersky Lab
2012-07-27 16:10 - 2012-07-27 16:10 - 00000000 ____D C:\Users\Sickness5150\Application Data\TestApp
2012-07-27 16:10 - 2012-07-27 16:10 - 00000000 ____D C:\Users\Sickness5150\AppData\Roaming\TestApp
2012-07-27 16:10 - 2012-07-27 16:10 - 00000000 ____D C:\Users\All Users\PC Tools
2012-07-27 16:10 - 2012-07-27 16:10 - 00000000 ____D C:\Users\All Users\Application Data\PC Tools
2012-07-27 16:03 - 2012-07-27 16:03 - 00000000 ____D C:\Users\Sickness5150\Application Data\Malwarebytes
2012-07-27 16:03 - 2012-07-27 16:03 - 00000000 ____D C:\Users\Sickness5150\AppData\Roaming\Malwarebytes
2012-07-27 16:03 - 2012-07-27 16:03 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-07-27 16:03 - 2012-07-27 16:03 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2012-07-27 15:37 - 2012-07-27 15:37 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2012-07-27 14:54 - 2012-07-27 14:54 - 00000000 ____D C:\Users\Sickness5150\Application Data\Safer Networking
2012-07-27 14:54 - 2012-07-27 14:54 - 00000000 ____D C:\Users\Sickness5150\AppData\Roaming\Safer Networking
2012-07-27 14:44 - 2012-07-27 14:44 - 00008097 ____A C:\Users\Sickness5150\Local Settings\Temp24.html
2012-07-27 14:44 - 2012-07-27 14:44 - 00008097 ____A C:\Users\Sickness5150\Local Settings\Application Data\Temp24.html
2012-07-27 14:44 - 2012-07-27 14:44 - 00008097 ____A C:\Users\Sickness5150\AppData\Local\Temp24.html
2012-07-27 14:42 - 2012-07-27 14:43 - 00001293 ____A C:\Users\Sickness5150\Local Settings\Temp1.html
2012-07-27 14:42 - 2012-07-27 14:43 - 00001293 ____A C:\Users\Sickness5150\Local Settings\Application Data\Temp1.html
2012-07-27 14:42 - 2012-07-27 14:43 - 00001293 ____A C:\Users\Sickness5150\AppData\Local\Temp1.html
2012-07-27 14:41 - 2011-05-04 10:36 - 00029752 ____A (Resplendence Software Projects Sp.) C:\Windows\System32\Drivers\rspSanity64.sys
2012-07-27 14:35 - 2012-07-29 19:44 - 00000000 ____D C:\Users\Sickness5150\Pavark
2012-07-27 14:21 - 2012-07-27 14:21 - 00000000 ____D C:\Windows\Microsoft Antimalware
2012-07-27 12:45 - 2012-07-27 12:45 - 00000000 ____D C:\Users\Sickness5150\Downloads\Baby Einstein -Baby Mozart_BY LUISAH_
2012-07-27 12:45 - 2012-07-27 12:45 - 00000000 ____D C:\Users\Sickness5150\Downloads\Baby Einstein - Lullaby Classics_BY LUISAH_
2012-07-27 12:42 - 2012-07-27 12:44 - 00000000 ____D C:\Users\Sickness5150\Downloads\Baby.Einstein[Baby Mozart]DVDRip[Eng]Xvid-10vol
2012-07-25 22:04 - 2012-07-25 22:04 - 00955888 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-07-25 22:04 - 2012-07-25 22:04 - 00839152 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-07-25 22:04 - 2012-07-25 22:04 - 00268784 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-07-25 22:04 - 2012-07-25 22:04 - 00189424 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-07-25 22:04 - 2012-07-25 22:04 - 00188912 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-07-25 22:03 - 2012-07-25 22:03 - 00045161 ____A C:\JavaRa.log
2012-07-25 22:03 - 2012-07-25 22:03 - 00000000 ____D C:\Program Files\Java
2012-07-25 20:27 - 2012-07-25 20:27 - 00061440 ____N C:\Windows\SysWOW64\Drivers\npaiii.sys
2012-07-25 20:27 - 2012-07-25 20:27 - 00000050 ____A C:\Program Files (x86)\cjpzdu.txt
2012-07-25 20:24 - 2012-07-25 20:24 - 00061440 ____N C:\Windows\SysWOW64\Drivers\kkkbxtaw.sys
2012-07-25 20:24 - 2012-07-25 20:24 - 00000050 ____A C:\Windows\jwam.txt
2012-07-25 20:19 - 2012-07-25 20:19 - 00061440 ____N C:\Windows\SysWOW64\Drivers\udczvw.sys
2012-07-25 20:19 - 2012-07-25 20:19 - 00000050 ____A C:\Program Files (x86)\rghiax.txt
2012-07-25 19:43 - 2012-07-30 15:05 - 00000021 _RASH C:\Windows\System32\Drivers\etc\hosts.ORI
2012-07-25 19:41 - 2012-07-25 19:42 - 00000833 ____A C:\Windows\System32\Drivers\etc\hosts.txt
2012-07-25 18:59 - 2012-07-25 18:59 - 00000000 ____D C:\Users\Sickness5150\Application Data\SUPERAntiSpyware.com
2012-07-25 18:59 - 2012-07-25 18:59 - 00000000 ____D C:\Users\Sickness5150\AppData\Roaming\SUPERAntiSpyware.com
2012-07-25 16:05 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-07-25 16:05 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-07-25 16:05 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-07-25 16:05 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-07-25 16:05 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-07-25 16:05 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-07-25 16:05 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-07-25 16:05 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-07-25 15:58 - 2012-05-04 03:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-07-25 15:58 - 2012-05-04 01:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-07-24 21:01 - 2012-07-24 21:01 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2012-07-24 20:56 - 2012-06-21 22:34 - 00468592 ____A (Sysinternals - www.sysinternals.com) C:\Windows\System32\pskill.exe
2012-07-24 20:56 - 2012-03-22 14:53 - 00232232 ____A (Sysinternals - www.sysinternals.com) C:\Windows\System32\pslist.exe
2012-07-24 20:56 - 2010-04-27 10:04 - 00390520 ____A (Sysinternals - www.sysinternals.com) C:\Windows\System32\PsInfo.exe
2012-07-24 20:56 - 2010-04-27 10:04 - 00381816 ____A (Sysinternals - www.sysinternals.com) C:\Windows\System32\PsExec.exe
2012-07-24 20:56 - 2010-04-27 10:04 - 00333176 ____A (Sysinternals - www.sysinternals.com) C:\Windows\System32\PsGetsid.exe
2012-07-24 20:56 - 2010-04-27 10:04 - 00183160 ____A (Sysinternals - www.sysinternals.com) C:\Windows\System32\PsLoggedon.exe
2012-07-24 20:56 - 2010-04-27 10:04 - 00178040 ____A (Sysinternals - www.sysinternals.com) C:\Windows\System32\psloglist.exe
2012-07-24 20:56 - 2010-04-27 10:04 - 00169848 ____A (Sysinternals - www.sysinternals.com) C:\Windows\System32\PsService.exe
2012-07-24 20:56 - 2007-11-06 08:17 - 00000039 ____A C:\Windows\System32\psversion.txt
2012-07-24 20:56 - 2007-02-10 08:46 - 00064126 ____A C:\Windows\System32\Pstools.chm
2012-07-24 20:56 - 2006-12-04 16:53 - 00207664 ____A (Sysinternals - www.sysinternals.com) C:\Windows\System32\psshutdown.exe
2012-07-24 20:56 - 2006-12-04 16:53 - 00187184 ____A (Sysinternals) C:\Windows\System32\pssuspend.exe
2012-07-24 20:56 - 2006-12-04 16:53 - 00105264 ____A (Sysinternals) C:\Windows\System32\psfile.exe
2012-07-24 20:56 - 2006-12-04 16:53 - 00105264 ____A (Sysinternals - www.sysinternals.com) C:\Windows\System32\pspasswd.exe
2012-07-24 20:56 - 2006-07-28 08:32 - 00007005 ____A C:\Windows\System32\Eula.txt
2012-07-24 19:58 - 2012-07-24 22:28 - 00000000 ____D C:\Users\Sickness5150\Application Data\Simply Super Software
2012-07-24 19:58 - 2012-07-24 22:28 - 00000000 ____D C:\Users\Sickness5150\AppData\Roaming\Simply Super Software
2012-07-24 19:58 - 2006-06-19 12:01 - 00069632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ztvcabinet.dll
2012-07-24 19:58 - 2006-05-25 14:52 - 00162304 ____A C:\Windows\SysWOW64\ztvunrar36.dll
2012-07-24 19:58 - 2005-08-26 00:50 - 00077312 ____A C:\Windows\SysWOW64\ztvunace26.dll
2012-07-24 19:58 - 2003-02-02 19:06 - 00153088 ____A C:\Windows\SysWOW64\UNRAR3.dll
2012-07-24 19:58 - 2002-03-06 00:00 - 00075264 ____A C:\Windows\SysWOW64\unacev2.dll
2012-07-23 22:36 - 2012-07-23 22:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B163531DD5A9CE67
2012-07-23 22:35 - 2012-07-23 22:35 - 00872477 ____A C:\Users\Sickness5150\Local Settings\census.cache
2012-07-23 22:35 - 2012-07-23 22:35 - 00872477 ____A C:\Users\Sickness5150\Local Settings\Application Data\census.cache
2012-07-23 22:35 - 2012-07-23 22:35 - 00872477 ____A C:\Users\Sickness5150\AppData\Local\census.cache
2012-07-23 22:35 - 2012-07-23 22:35 - 00129024 ____A C:\Windows\RegBootClean64.exe
2012-07-23 22:35 - 2012-07-23 22:35 - 00114957 ____A C:\Users\Sickness5150\Local Settings\ars.cache
2012-07-23 22:35 - 2012-07-23 22:35 - 00114957 ____A C:\Users\Sickness5150\Local Settings\Application Data\ars.cache
2012-07-23 22:35 - 2012-07-23 22:35 - 00114957 ____A C:\Users\Sickness5150\AppData\Local\ars.cache
2012-07-23 22:19 - 2012-07-23 22:19 - 00000036 ____A C:\Users\Sickness5150\Local Settings\housecall.guid.cache
2012-07-23 22:19 - 2012-07-23 22:19 - 00000036 ____A C:\Users\Sickness5150\Local Settings\Application Data\housecall.guid.cache
2012-07-23 22:19 - 2012-07-23 22:19 - 00000036 ____A C:\Users\Sickness5150\AppData\Local\housecall.guid.cache
2012-07-23 22:14 - 2012-07-25 18:00 - 00000000 ____D C:\Program Files (x86)\stinger
2012-07-23 21:57 - 2012-07-30 13:55 - 00000000 ____D C:\Windows\Minidump
2012-07-23 21:55 - 2012-07-24 19:10 - 00000524 ____A C:\Windows\System32\.crusader
2012-07-23 21:52 - 2012-07-23 21:55 - 00000000 ____D C:\Users\All Users\HitmanPro
2012-07-23 21:52 - 2012-07-23 21:55 - 00000000 ____D C:\Users\All Users\Application Data\HitmanPro
2012-07-23 21:27 - 2012-07-23 21:27 - 00000000 ____D C:\Program Files (x86)\Citrix
2012-07-23 21:12 - 2012-07-23 21:12 - 00000000 ____D C:\Users\Sickness5150\Application Data\QuickScan
2012-07-23 21:12 - 2012-07-23 21:12 - 00000000 ____D C:\Users\Sickness5150\AppData\Roaming\QuickScan
2012-07-23 21:07 - 2012-07-27 19:23 - 00000000 ____D C:\Users\Sickness5150\Application Data\GetRightToGo
2012-07-23 21:07 - 2012-07-27 19:23 - 00000000 ____D C:\Users\Sickness5150\AppData\Roaming\GetRightToGo
2012-07-23 20:43 - 2012-08-06 11:51 - 00000530 ____A C:\Windows\Tasks\SpeedyPC Update Version3 Startup Task.job
2012-07-23 20:43 - 2012-08-05 17:00 - 00000506 ____A C:\Windows\Tasks\SpeedyPC Registration3.job
2012-07-23 20:43 - 2012-07-23 21:57 - 00000478 ____A C:\Windows\Tasks\SpeedyPC Update Version3.job
2012-07-23 20:43 - 2012-07-23 20:43 - 00000000 ____D C:\Users\Sickness5150\Application Data\SpeedyPC Software
2012-07-23 20:43 - 2012-07-23 20:43 - 00000000 ____D C:\Users\Sickness5150\Application Data\DriverCure
2012-07-23 20:43 - 2012-07-23 20:43 - 00000000 ____D C:\Users\Sickness5150\AppData\Roaming\SpeedyPC Software
2012-07-23 20:43 - 2012-07-23 20:43 - 00000000 ____D C:\Users\Sickness5150\AppData\Roaming\DriverCure
2012-07-23 20:43 - 2012-07-23 20:43 - 00000000 ____D C:\Users\All Users\SpeedyPC Software
2012-07-23 20:43 - 2012-07-23 20:43 - 00000000 ____D C:\Users\All Users\Application Data\SpeedyPC Software
2012-07-23 20:43 - 2012-07-23 20:43 - 00000000 ____D C:\Program Files (x86)\SpeedyPC Software
2012-07-23 20:34 - 2012-07-24 19:36 - 00000000 ____D C:\Users\Sickness5150\Local Settings\Deployment
2012-07-23 20:34 - 2012-07-24 19:36 - 00000000 ____D C:\Users\Sickness5150\Local Settings\Application Data\Deployment
2012-07-23 20:34 - 2012-07-24 19:36 - 00000000 ____D C:\Users\Sickness5150\AppData\Local\Deployment
2012-07-23 20:34 - 2012-07-23 20:34 - 00000000 ____D C:\Users\Sickness5150\AppData\Local\Apps\2.0
2012-07-23 20:23 - 2012-07-23 20:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3A2312A40FD809D1
2012-07-23 20:16 - 2012-07-23 20:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.88D6BEFE027D546D
2012-07-23 20:12 - 2012-07-23 20:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.90D5EDF0015B9C2F
2012-07-23 20:04 - 2012-07-23 20:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.041952EDB02A1C04
2012-07-23 19:43 - 2012-08-04 19:22 - 00000000 ____D C:\Qoobox
2012-07-23 19:43 - 2012-08-04 19:17 - 00000000 ____D C:\Windows\erdnt
2012-07-23 18:43 - 2012-07-24 19:14 - 00000000 ____D C:\Users\Sickness5150\Local Settings\NPE
2012-07-23 18:43 - 2012-07-24 19:14 - 00000000 ____D C:\Users\Sickness5150\Local Settings\Application Data\NPE
2012-07-23 18:43 - 2012-07-24 19:14 - 00000000 ____D C:\Users\Sickness5150\AppData\Local\NPE
2012-07-23 18:43 - 2012-07-23 18:43 - 00000000 ____D C:\Users\All Users\Norton
2012-07-23 18:43 - 2012-07-23 18:43 - 00000000 ____D C:\Users\All Users\Application Data\Norton
2012-07-23 18:25 - 2012-07-24 19:23 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-07-23 18:24 - 2012-07-24 19:23 - 00000000 ____D C:\Users\All Users\Application Data\Alwil Software
2012-07-23 18:24 - 2012-07-24 19:23 - 00000000 ____D C:\Users\All Users\Alwil Software
2012-07-23 18:24 - 2012-07-24 19:23 - 00000000 ____D C:\Program Files\Alwil Software
2012-07-23 18:24 - 2010-06-28 12:57 - 00165032 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-07-23 18:24 - 2010-06-28 12:57 - 00038848 ____A (ALWIL Software) C:\Windows\avastSS.scr
2012-07-23 18:11 - 2012-07-23 18:14 - 00027760 ____A C:\Windows\SysWOW64\epfwdata.bin
2012-07-23 18:10 - 2012-07-23 18:10 - 00000000 ____D C:\Users\Sickness5150\Local Settings\ESET
2012-07-23 18:10 - 2012-07-23 18:10 - 00000000 ____D C:\Users\Sickness5150\Local Settings\Application Data\ESET
2012-07-23 18:10 - 2012-07-23 18:10 - 00000000 ____D C:\Users\Sickness5150\Application Data\ESET
2012-07-23 18:10 - 2012-07-23 18:10 - 00000000 ____D C:\Users\Sickness5150\AppData\Roaming\ESET
2012-07-23 18:10 - 2012-07-23 18:10 - 00000000 ____D C:\Users\Sickness5150\AppData\Local\ESET
2012-07-23 17:48 - 2012-07-27 15:45 - 00000000 ____D C:\Users\All Users\ESET
2012-07-23 17:48 - 2012-07-27 15:45 - 00000000 ____D C:\Users\All Users\Application Data\ESET
2012-07-23 17:48 - 2012-07-23 17:48 - 00000000 ____D C:\Program Files\ESET
2012-07-23 16:48 - 2012-07-23 16:48 - 00000000 ____D C:\Users\All Users\Webroot
2012-07-23 16:48 - 2012-07-23 16:48 - 00000000 ____D C:\Users\All Users\Application Data\Webroot
2012-07-23 15:48 - 2012-07-23 15:48 - 00017264 ____A (Webroot Software, Inc. (www.webroot.com)) C:\Windows\System32\SsiEfr.exe
2012-07-23 15:48 - 2012-07-23 15:48 - 00000000 ____D C:\Program Files (x86)\MSSOAP
2012-07-23 15:44 - 2012-07-21 12:22 - 00000975 ____A C:\Windows\System32\Drivers\etc\hosts.20120723-164421.backup
2012-07-23 15:32 - 2012-07-23 16:48 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-07-23 15:32 - 2012-07-23 16:48 - 00000000 ____D C:\Users\All Users\Application Data\Spybot - Search & Destroy
2012-07-23 15:32 - 2012-07-23 16:48 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-07-20 15:39 - 2011-12-22 15:11 - 00000833 ____A C:\Windows\System32\Drivers\etc\hosts.trb
2012-07-20 15:37 - 2012-07-24 19:58 - 00000000 ____D C:\Program Files (x86)\Trojan Remover
2012-07-20 15:37 - 2012-07-20 15:37 - 00000000 ____D C:\Users\Sickness5150\My Documents\Simply Super Software
2012-07-20 15:37 - 2012-07-20 15:37 - 00000000 ____D C:\Users\Sickness5150\Documents\Simply Super Software
2012-07-20 15:37 - 2012-07-20 15:37 - 00000000 ____D C:\Users\All Users\Simply Super Software
2012-07-20 15:37 - 2012-07-20 15:37 - 00000000 ____D C:\Users\All Users\Application Data\Simply Super Software
2012-07-18 19:49 - 2012-07-18 19:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.46DA573FA569C3D0
2012-07-18 19:39 - 2012-07-18 19:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.517AF7A202A9B1D2
2012-07-18 19:35 - 2012-07-18 19:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FEE330994FFFB9D3
2012-07-18 19:32 - 2012-07-29 15:32 - 00001945 ____A C:\Windows\epplauncher.mif
2012-07-18 19:18 - 2012-07-18 19:18 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2012-07-17 19:52 - 2012-07-17 19:52 - 00000000 ____D C:\Users\Sickness5150\My Documents\iZotope RX 2 Presets
2012-07-17 19:52 - 2012-07-17 19:52 - 00000000 ____D C:\Users\Sickness5150\Documents\iZotope RX 2 Presets
2012-07-17 19:52 - 2012-07-17 19:52 - 00000000 ____D C:\Program Files\VstPlugins
2012-07-16 17:18 - 2012-07-16 17:18 - 53116460 ____A C:\Users\Sickness5150\Downloads\09 Fantasy.wav
2012-07-16 17:02 - 2012-07-16 17:02 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-07-16 16:58 - 2006-04-06 18:41 - 00233472 ____A (Propellerhead Software AB) C:\Windows\SysWOW64\REX Shared Library.dll
2012-07-11 20:07 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 20:05 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-11 20:05 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-11 20:05 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-11 20:05 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-11 20:05 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-11 20:05 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-11 20:05 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-11 20:05 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-11 20:05 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-11 20:05 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-11 20:05 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-11 20:05 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-11 20:05 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-11 20:05 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-11 20:05 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-11 20:05 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-11 20:05 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-11 20:05 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-11 20:05 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-11 20:05 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-11 20:05 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-11 20:05 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-11 20:05 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-11 20:05 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-11 20:05 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-11 20:05 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-11 20:05 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-11 20:05 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-11 19:41 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-11 19:41 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-11 19:41 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-11 19:41 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-11 19:41 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-11 19:41 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-07-11 19:40 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-11 19:40 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-11 19:40 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-11 19:40 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-11 19:40 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-11 19:40 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-11 19:40 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-11 19:40 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-11 19:40 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-11 19:40 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-11 19:40 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-11 19:39 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-11 19:39 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll

============ 3 Months Modified Files ========================

2012-08-06 11:51 - 2012-07-30 14:03 - 00001960 ____A C:\Windows\setupact.log
2012-08-06 11:51 - 2012-07-23 20:43 - 00000530 ____A C:\Windows\Tasks\SpeedyPC Update Version3 Startup Task.job
2012-08-06 11:51 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-06 11:48 - 2009-07-13 20:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-06 11:48 - 2009-07-13 20:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-06 11:47 - 2012-05-16 20:32 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-06 11:39 - 2012-08-06 11:39 - 01439659 ____A (Farbar) C:\Users\Sickness5150\Downloads\FRST64.exe
2012-08-06 11:39 - 2012-07-30 14:05 - 00168950 ____A C:\Windows\WindowsUpdate.log
2012-08-06 11:33 - 2012-05-24 15:53 - 00000506 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
2012-08-05 17:00 - 2012-07-23 20:43 - 00000506 ____A C:\Windows\Tasks\SpeedyPC Registration3.job
2012-08-05 11:49 - 2009-07-13 21:13 - 00778834 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-05 11:35 - 2012-08-05 11:00 - 139005952 ____A C:\Users\Sickness5150\Desktop\lupu-528.005.iso
2012-08-04 19:22 - 2012-08-04 19:21 - 00039091 ____A C:\ComboFix.txt
2012-08-04 19:18 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-08-04 19:17 - 2012-07-30 16:29 - 00001474 ____A C:\Windows\PFRO.log
2012-07-30 16:28 - 2012-07-30 16:28 - 00000161 ____A C:\Windows\clnqhosts.txt
2012-07-30 15:25 - 2012-07-30 15:25 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys
2012-07-30 15:20 - 2012-07-30 15:20 - 00000168 ____A C:\Users\Sickness5150\defogger_reenable
2012-07-30 15:05 - 2012-07-25 19:43 - 00000021 _RASH C:\Windows\System32\Drivers\etc\hosts.ORI
2012-07-30 14:03 - 2012-07-30 14:03 - 00000000 ____A C:\Windows\setuperr.log
2012-07-30 13:17 - 2012-07-29 19:09 - 00000395 ____A C:\rkill.log
2012-07-29 15:32 - 2012-07-18 19:32 - 00001945 ____A C:\Windows\epplauncher.mif
2012-07-27 23:53 - 2011-02-10 08:10 - 00795928 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-07-27 23:15 - 2009-07-13 18:34 - 00000583 ____A C:\Windows\win.ini
2012-07-27 20:15 - 2012-07-27 20:15 - 00001147 ____A C:\temp52.bat
2012-07-27 20:15 - 2012-07-27 20:15 - 00000815 ____A C:\temp188.bat
2012-07-27 20:15 - 2012-07-27 20:07 - 00000042 ____A C:\repairs_running.dat
2012-07-27 19:13 - 2012-05-16 20:49 - 00001849 ____A C:\Users\Public\Desktop\HotSpot.lnk
2012-07-27 19:13 - 2012-05-16 20:49 - 00001849 ____A C:\Users\All Users\Desktop\HotSpot.lnk
2012-07-27 19:13 - 2012-05-16 20:49 - 00001826 ____A C:\Users\Public\Desktop\asav.lnk
2012-07-27 19:13 - 2012-05-16 20:49 - 00001826 ____A C:\Users\All Users\Desktop\asav.lnk
2012-07-27 19:11 - 2011-12-29 15:50 - 00246804 ____A C:\Windows\System32\Drivers\AtherosBt.bin
2012-07-27 19:11 - 2011-12-29 15:50 - 00001796 ____A C:\Windows\System32\Drivers\ramps_0x11020000_40.dfu
2012-07-27 19:11 - 2011-12-29 15:50 - 00001242 ____A C:\Windows\System32\Drivers\ramps_0x01020200_40_0x01.dfu
2012-07-27 19:11 - 2011-12-29 15:50 - 00001214 ____A C:\Windows\System32\Drivers\ramps_0x01020200_40_0x03.dfu
2012-07-27 19:11 - 2011-12-29 15:50 - 00001204 ____A C:\Windows\System32\Drivers\ramps_0x01020200_40_0x02.dfu
2012-07-27 19:11 - 2011-12-29 15:50 - 00001204 ____A C:\Windows\System32\Drivers\ramps_0x01020200_40.dfu
2012-07-27 19:11 - 2011-12-29 15:50 - 00001198 ____A C:\Windows\System32\Drivers\ramps_0x01020200_26.dfu
2012-07-27 19:11 - 2011-12-29 15:50 - 00001192 ____A C:\Windows\System32\Drivers\ramps_0x01020200_26_0x01.dfu
2012-07-27 15:37 - 2012-07-27 15:37 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2012-07-27 14:44 - 2012-07-27 14:44 - 00008097 ____A C:\Users\Sickness5150\Local Settings\Temp24.html
2012-07-27 14:44 - 2012-07-27 14:44 - 00008097 ____A C:\Users\Sickness5150\Local Settings\Application Data\Temp24.html
2012-07-27 14:44 - 2012-07-27 14:44 - 00008097 ____A C:\Users\Sickness5150\AppData\Local\Temp24.html
2012-07-27 14:43 - 2012-07-27 14:42 - 00001293 ____A C:\Users\Sickness5150\Local Settings\Temp1.html
2012-07-27 14:43 - 2012-07-27 14:42 - 00001293 ____A C:\Users\Sickness5150\Local Settings\Application Data\Temp1.html
2012-07-27 14:43 - 2012-07-27 14:42 - 00001293 ____A C:\Users\Sickness5150\AppData\Local\Temp1.html
2012-07-25 22:04 - 2012-07-25 22:04 - 00955888 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-07-25 22:04 - 2012-07-25 22:04 - 00839152 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-07-25 22:04 - 2012-07-25 22:04 - 00268784 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-07-25 22:04 - 2012-07-25 22:04 - 00189424 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-07-25 22:04 - 2012-07-25 22:04 - 00188912 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-07-25 22:03 - 2012-07-25 22:03 - 00045161 ____A C:\JavaRa.log
2012-07-25 20:39 - 2009-07-13 21:08 - 00032644 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-25 20:27 - 2012-07-25 20:27 - 00061440 ____N C:\Windows\SysWOW64\Drivers\npaiii.sys
2012-07-25 20:27 - 2012-07-25 20:27 - 00000050 ____A C:\Program Files (x86)\cjpzdu.txt
2012-07-25 20:24 - 2012-07-25 20:24 - 00061440 ____N C:\Windows\SysWOW64\Drivers\kkkbxtaw.sys
2012-07-25 20:24 - 2012-07-25 20:24 - 00000050 ____A C:\Windows\jwam.txt
2012-07-25 20:19 - 2012-07-25 20:19 - 00061440 ____N C:\Windows\SysWOW64\Drivers\udczvw.sys
2012-07-25 20:19 - 2012-07-25 20:19 - 00000050 ____A C:\Program Files (x86)\rghiax.txt
2012-07-25 19:42 - 2012-07-25 19:41 - 00000833 ____A C:\Windows\System32\Drivers\etc\hosts.txt
2012-07-25 16:11 - 2009-07-13 18:34 - 00000027 ____A C:\Windows\System32\Drivers\etc\hosts.old 2
2012-07-24 20:21 - 2012-05-24 15:53 - 00000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2012-07-24 19:23 - 2012-07-23 18:25 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-07-24 19:10 - 2012-07-23 21:55 - 00000524 ____A C:\Windows\System32\.crusader
2012-07-23 22:36 - 2012-07-23 22:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B163531DD5A9CE67
2012-07-23 22:35 - 2012-07-23 22:35 - 00872477 ____A C:\Users\Sickness5150\Local Settings\census.cache
2012-07-23 22:35 - 2012-07-23 22:35 - 00872477 ____A C:\Users\Sickness5150\Local Settings\Application Data\census.cache
2012-07-23 22:35 - 2012-07-23 22:35 - 00872477 ____A C:\Users\Sickness5150\AppData\Local\census.cache
2012-07-23 22:35 - 2012-07-23 22:35 - 00129024 ____A C:\Windows\RegBootClean64.exe
2012-07-23 22:35 - 2012-07-23 22:35 - 00114957 ____A C:\Users\Sickness5150\Local Settings\ars.cache
2012-07-23 22:35 - 2012-07-23 22:35 - 00114957 ____A C:\Users\Sickness5150\Local Settings\Application Data\ars.cache
2012-07-23 22:35 - 2012-07-23 22:35 - 00114957 ____A C:\Users\Sickness5150\AppData\Local\ars.cache
2012-07-23 22:19 - 2012-07-23 22:19 - 00000036 ____A C:\Users\Sickness5150\Local Settings\housecall.guid.cache
2012-07-23 22:19 - 2012-07-23 22:19 - 00000036 ____A C:\Users\Sickness5150\Local Settings\Application Data\housecall.guid.cache
2012-07-23 22:19 - 2012-07-23 22:19 - 00000036 ____A C:\Users\Sickness5150\AppData\Local\housecall.guid.cache
2012-07-23 21:57 - 2012-07-23 20:43 - 00000478 ____A C:\Windows\Tasks\SpeedyPC Update Version3.job
2012-07-23 20:23 - 2012-07-23 20:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3A2312A40FD809D1
2012-07-23 20:16 - 2012-07-23 20:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.88D6BEFE027D546D
2012-07-23 20:12 - 2012-07-23 20:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.90D5EDF0015B9C2F
2012-07-23 20:04 - 2012-07-23 20:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.041952EDB02A1C04
2012-07-23 18:14 - 2012-07-23 18:11 - 00027760 ____A C:\Windows\SysWOW64\epfwdata.bin
2012-07-23 15:48 - 2012-07-23 15:48 - 00017264 ____A (Webroot Software, Inc. (www.webroot.com)) C:\Windows\System32\SsiEfr.exe
2012-07-23 15:44 - 2009-07-13 18:34 - 00443729 ____A C:\Windows\System32\Drivers\etc\hosts.old
2012-07-23 15:37 - 2012-05-26 18:34 - 00000032 ____A C:\Windows\SysWOW64\w3data.vss
2012-07-23 15:37 - 2012-05-26 18:34 - 00000032 ____A C:\Windows\msocreg32.dat
2012-07-22 14:03 - 2012-05-26 20:27 - 00000219 ____A C:\Windows\SysWOW64\lsprst7.tgz
2012-07-22 14:03 - 2012-05-26 20:27 - 00000087 ____A C:\Windows\SysWOW64\ssprs.tgz
2012-07-21 12:22 - 2012-07-23 15:44 - 00000975 ____A C:\Windows\System32\Drivers\etc\hosts.20120723-164421.backup
2012-07-18 19:49 - 2012-07-18 19:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.46DA573FA569C3D0
2012-07-18 19:39 - 2012-07-18 19:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.517AF7A202A9B1D2
2012-07-18 19:35 - 2012-07-18 19:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FEE330994FFFB9D3
2012-07-17 18:13 - 2012-05-21 14:07 - 00000033 ____A C:\Windows\SysWOW64\deck.ini
2012-07-16 17:18 - 2012-07-16 17:18 - 53116460 ____A C:\Users\Sickness5150\Downloads\09 Fantasy.wav
2012-07-11 22:12 - 2009-07-13 20:45 - 00274320 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-11 19:47 - 2012-05-16 20:32 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-11 19:47 - 2012-05-16 20:32 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-03 12:46 - 2012-07-30 13:24 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-03 02:19 - 2012-05-23 15:01 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-02 14:26 - 2012-07-02 12:51 - 00001011 ____A C:\Users\Public\Desktop\Reaktor 5.lnk
2012-07-02 14:26 - 2012-07-02 12:51 - 00001011 ____A C:\Users\All Users\Desktop\Reaktor 5.lnk
2012-07-02 14:25 - 2012-07-02 14:25 - 00001016 ____A C:\Users\Public\Desktop\Kontakt 5.lnk
2012-07-02 14:25 - 2012-07-02 14:25 - 00001016 ____A C:\Users\All Users\Desktop\Kontakt 5.lnk
2012-07-02 14:20 - 2012-07-02 14:20 - 00001016 ____A C:\Users\Public\Desktop\Kontakt 4.lnk
2012-07-02 14:20 - 2012-07-02 14:20 - 00001016 ____A C:\Users\All Users\Desktop\Kontakt 4.lnk
2012-07-02 14:17 - 2012-07-02 14:17 - 00001046 ____A C:\Users\Public\Desktop\Guitar Rig 5.lnk
2012-07-02 14:17 - 2012-07-02 14:17 - 00001046 ____A C:\Users\All Users\Desktop\Guitar Rig 5.lnk
2012-07-02 14:09 - 2012-07-02 14:09 - 00001096 ____A C:\Users\Public\Desktop\Controller Editor.lnk
2012-07-02 14:09 - 2012-07-02 14:09 - 00001096 ____A C:\Users\All Users\Desktop\Controller Editor.lnk
2012-07-02 12:45 - 2012-07-02 12:45 - 00001061 ____A C:\Users\Public\Desktop\Service Center.lnk
2012-07-02 12:45 - 2012-07-02 12:45 - 00001061 ____A C:\Users\All Users\Desktop\Service Center.lnk
2012-07-01 22:48 - 2012-07-01 22:36 - 00000375 ____A C:\Windows\System32\Drivers\etc\hosts.ics
2012-06-23 16:35 - 2012-06-23 16:35 - 28193646 ____A C:\Users\Sickness5150\My Documents\A La Orilla De Un Palmar.wav
2012-06-23 16:35 - 2012-06-23 16:35 - 28193646 ____A C:\Users\Sickness5150\Documents\A La Orilla De Un Palmar.wav
2012-06-23 16:30 - 2012-06-23 16:30 - 37640378 ____A C:\Users\Sickness5150\My Documents\Cruz Negra.wav
2012-06-23 16:30 - 2012-06-23 16:30 - 37640378 ____A C:\Users\Sickness5150\Documents\Cruz Negra.wav
2012-06-23 16:25 - 2012-06-23 16:25 - 37345246 ____A C:\Users\Sickness5150\My Documents\Prietita Linda.wav
2012-06-23 16:25 - 2012-06-23 16:25 - 37345246 ____A C:\Users\Sickness5150\Documents\Prietita Linda.wav
2012-06-23 16:18 - 2012-06-23 16:18 - 32567178 ____A C:\Users\Sickness5150\My Documents\Dejame Verte Llorando.wav
2012-06-23 16:18 - 2012-06-23 16:18 - 32567178 ____A C:\Users\Sickness5150\Documents\Dejame Verte Llorando.wav
2012-06-23 16:14 - 2012-06-23 16:14 - 28905182 ____A C:\Users\Sickness5150\My Documents\Serenata Sin Luna.wav
2012-06-23 16:14 - 2012-06-23 16:14 - 28905182 ____A C:\Users\Sickness5150\Documents\Serenata Sin Luna.wav
2012-06-23 16:07 - 2012-06-23 16:07 - 19484746 ____A C:\Users\Sickness5150\My Documents\Cuatro Vidas.wav
2012-06-23 16:07 - 2012-06-23 16:07 - 19484746 ____A C:\Users\Sickness5150\Documents\Cuatro Vidas.wav
2012-06-23 16:02 - 2012-06-23 16:02 - 27019062 ____A C:\Users\Sickness5150\My Documents\Palomita Blanca.wav
2012-06-23 16:02 - 2012-06-23 16:02 - 27019062 ____A C:\Users\Sickness5150\Documents\Palomita Blanca.wav
2012-06-23 15:54 - 2012-06-23 15:54 - 30229030 ____A C:\Users\Sickness5150\My Documents\Mexico Lindo Y Querido.wav
2012-06-23 15:54 - 2012-06-23 15:54 - 30229030 ____A C:\Users\Sickness5150\Documents\Mexico Lindo Y Querido.wav
2012-06-23 15:45 - 2012-06-23 15:45 - 37271462 ____A C:\Users\Sickness5150\My Documents\Solo Dios.wav
2012-06-23 15:45 - 2012-06-23 15:45 - 37271462 ____A C:\Users\Sickness5150\Documents\Solo Dios.wav
2012-06-21 22:34 - 2012-07-24 20:56 - 00468592 ____A (Sysinternals - www.sysinternals.com) C:\Windows\System32\pskill.exe
2012-06-13 18:51 - 2012-06-13 18:51 - 00772592 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-06-13 18:51 - 2012-06-13 18:51 - 00687600 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-06-13 18:51 - 2012-06-13 18:51 - 00227824 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-06-13 18:51 - 2012-06-13 18:51 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-06-13 18:51 - 2012-06-13 18:51 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-06-11 19:08 - 2012-07-11 20:07 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 21:43 - 2012-07-11 19:40 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-11 19:40 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-05 22:06 - 2012-07-11 19:41 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-07-11 19:41 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-07-11 19:39 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-07-11 19:41 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-07-11 19:41 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-07-11 19:39 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-02 14:19 - 2012-06-18 13:55 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-18 13:55 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-18 13:55 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 14:19 - 2012-06-18 13:55 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-18 13:55 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-18 13:55 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-18 13:55 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-18 13:55 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:15 - 2012-06-18 13:55 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 04:49 - 2012-07-11 20:05 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-11 20:05 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-11 20:05 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-11 20:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:05 - 2012-07-11 20:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:04 - 2012-07-11 20:05 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:04 - 2012-07-11 20:05 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:03 - 2012-07-11 20:05 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-11 20:05 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-11 20:05 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-11 20:05 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-11 20:05 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-11 20:05 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-11 20:05 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-11 20:05 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-11 20:05 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-11 20:05 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-11 20:05 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-11 20:05 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-11 20:05 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-11 20:05 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-11 20:05 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-11 20:05 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-11 20:05 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-11 20:05 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-11 20:05 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-11 20:05 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-11 20:05 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 21:50 - 2012-07-11 19:40 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:48 - 2012-07-11 19:40 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:48 - 2012-07-11 19:40 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:45 - 2012-07-11 19:40 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:44 - 2012-07-11 19:40 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:40 - 2012-07-11 19:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:40 - 2012-07-11 19:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:39 - 2012-07-11 19:40 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:34 - 2012-07-11 19:40 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-31 11:25 - 2010-11-20 19:27 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-05-26 20:27 - 2012-05-26 20:27 - 00001025 ____A C:\Windows\SysWOW64\sysprs7.tgz
2012-05-26 20:27 - 2012-05-26 20:27 - 00001025 ____A C:\Windows\SysWOW64\sysprs7.dll
2012-05-26 20:27 - 2012-05-26 20:27 - 00001025 ____A C:\Windows\SysWOW64\clauth2.dll
2012-05-26 20:27 - 2012-05-26 20:27 - 00001025 ____A C:\Windows\SysWOW64\clauth1.dll
2012-05-24 16:42 - 2012-05-24 16:28 - 00000051 ____A C:\Windows\SysWOW64\SYNSOPOS.exe.cfg
2012-05-24 16:29 - 2012-05-24 16:29 - 00002892 ____A () C:\Windows\SysWOW64\audcon.sys
2012-05-23 16:26 - 2012-05-23 16:26 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2012-05-21 14:08 - 2012-05-21 14:08 - 00002021 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2012-05-21 14:08 - 2012-05-21 14:08 - 00002021 ____A C:\Users\All Users\Desktop\Adobe Reader X.lnk
2012-05-21 14:05 - 2012-05-21 14:05 - 00000704 ____A C:\Windows\SysWOW64\checkOS.txt
2012-05-21 14:05 - 2012-05-21 14:05 - 00000384 ____A C:\Windows\SysWOW64\checkOS.bat
2012-05-21 14:05 - 2012-05-21 14:05 - 00000000 ____A C:\Windows\SysWOW64\x64.txt
2012-05-21 14:05 - 2012-05-21 14:05 - 00000000 ____A C:\Windows\SysWOW64\version.txt
2012-05-20 15:47 - 2012-05-20 15:47 - 01700352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
2012-05-20 15:43 - 2012-05-20 15:43 - 00001769 ____A C:\Users\Public\Desktop\GTR 3.lnk
2012-05-20 15:43 - 2012-05-20 15:43 - 00001769 ____A C:\Users\All Users\Desktop\GTR 3.lnk
2012-05-20 15:34 - 2012-05-20 15:34 - 00001140 ____A C:\Users\Sickness5150\Desktop\ASIO4ALL v2 Instruction Manual.lnk
2012-05-20 10:29 - 2012-05-20 10:29 - 00283200 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
2012-05-20 10:03 - 2012-05-20 10:03 - 00001850 ____A C:\Users\Public\Desktop\Vuze.lnk
2012-05-20 10:03 - 2012-05-20 10:03 - 00001850 ____A C:\Users\All Users\Desktop\Vuze.lnk
2012-05-20 08:52 - 2012-05-20 08:52 - 00057560 ____A C:\Users\Sickness5150\Local Settings\GDIPFONTCACHEV1.DAT
2012-05-20 08:52 - 2012-05-20 08:52 - 00057560 ____A C:\Users\Sickness5150\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-05-20 08:52 - 2012-05-20 08:52 - 00057560 ____A C:\Users\Sickness5150\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-20 08:52 - 2012-05-20 08:52 - 00000000 ____A C:\Users\Sickness5150\agent.log
2012-05-20 08:51 - 2012-05-20 08:51 - 00000020 ___SH C:\Users\Sickness5150\ntuser.ini
2012-05-16 22:27 - 2012-05-16 22:27 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2012-05-16 22:27 - 2012-05-16 22:27 - 00000000 ____A C:\Windows\ativpsrm.bin
2012-05-16 22:24 - 2012-05-16 22:24 - 00029684 ___RA C:\dell.sdr
2012-05-16 22:24 - 2012-05-16 22:24 - 00000012 ____A C:\Windows\csup.txt
2012-05-16 22:21 - 2012-05-16 22:21 - 02871808 ____A (Microsoft Corporation) C:\Windows\explorer.exe
2012-05-16 22:21 - 2012-05-16 22:21 - 02616320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2012-05-16 22:21 - 2012-05-16 22:21 - 02565632 ____A (Microsoft Corporation) C:\Windows\System32\esent.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 02315776 ____A (Microsoft Corporation) C:\Windows\System32\tquery.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 02223616 ____A (Microsoft Corporation) C:\Windows\System32\mssrch.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 01731920 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 01699328 ____A (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 01659776 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-05-16 22:21 - 2012-05-16 22:21 - 01572864 ____A (Microsoft Corporation) C:\Windows\System32\quartz.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 01549312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 01447936 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 01401344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 01395712 ____A (Microsoft Corporation) C:\Windows\System32\mfc42.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 01359872 ____A (Microsoft Corporation) C:\Windows\System32\mfc42u.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 01328128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 01292080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 01164288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 01162752 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 01139200 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 01137664 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 01118720 ____A (Microsoft Corporation) C:\Windows\System32\sbe.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00976896 ____A (Microsoft Corporation) C:\Windows\System32\inetcomm.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00961024 ____A (Microsoft Corporation) C:\Windows\System32\CPFilters.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00951680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-05-16 22:21 - 2012-05-16 22:21 - 00902656 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00861696 ____A (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00850944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sbe.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00800256 ____A (Microsoft Corporation) C:\Windows\System32\usp10.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00778752 ____A (Microsoft Corporation) C:\Windows\System32\mssvp.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00741376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00739840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00723456 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00666624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00642944 ____A (Microsoft Corporation) C:\Windows\System32\winload.efi
2012-05-16 22:21 - 2012-05-16 22:21 - 00642048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00634880 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00626176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00613888 ____A (Microsoft Corporation) C:\Windows\System32\psisdecd.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00605552 ____A (Microsoft Corporation) C:\Windows\System32\winload.exe
2012-05-16 22:21 - 2012-05-16 22:21 - 00591872 ____A (Microsoft Corporation) C:\Windows\System32\SearchIndexer.exe
2012-05-16 22:21 - 2012-05-16 22:21 - 00571904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00566208 ____A (Microsoft Corporation) C:\Windows\System32\winresume.efi
2012-05-16 22:21 - 2012-05-16 22:21 - 00552960 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
2012-05-16 22:21 - 2012-05-16 22:21 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00534528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00518672 ____A (Microsoft Corporation) C:\Windows\System32\winresume.exe
2012-05-16 22:21 - 2012-05-16 22:21 - 00515584 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl
2012-05-16 22:21 - 2012-05-16 22:21 - 00509952 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00498688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2012-05-16 22:21 - 2012-05-16 22:21 - 00491520 ____A (Microsoft Corporation) C:\Windows\System32\mssph.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00478720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2012-05-16 22:21 - 2012-05-16 22:21 - 00476160 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00467456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv.sys
2012-05-16 22:21 - 2012-05-16 22:21 - 00465408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00427520 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2012-05-16 22:21 - 2012-05-16 22:21 - 00421888 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00419744 ____A C:\Windows\SysWOW64\locale.nls
2012-05-16 22:21 - 2012-05-16 22:21 - 00419744 ____A C:\Windows\System32\locale.nls
2012-05-16 22:21 - 2012-05-16 22:21 - 00410496 ____A (Intel Corporation) C:\Windows\System32\Drivers\iaStorV.sys
2012-05-16 22:21 - 2012-05-16 22:21 - 00410112 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2012-05-16 22:21 - 2012-05-16 22:21 - 00404480 ____A (Microsoft Corporation) C:\Windows\System32\umpnpmgr.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00395776 ____A (Microsoft Corporation) C:\Windows\System32\webio.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00357888 ____A (Microsoft Corporation) C:\Windows\System32\dnsapi.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00343040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2012-05-16 22:21 - 2012-05-16 22:21 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-05-16 22:21 - 2012-05-16 22:21 - 00337408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00331776 ____A (Microsoft Corporation) C:\Windows\System32\oleacc.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00325120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2012-05-16 22:21 - 2012-05-16 22:21 - 00319488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbcjt32.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00314880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00294912 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00288768 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2012-05-16 22:21 - 2012-05-16 22:21 - 00288256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00288256 ____A (Microsoft Corporation) C:\Windows\System32\mssphtb.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00272384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00270336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\FXSCOVER.exe
2012-05-16 22:21 - 2012-05-16 22:21 - 00259072 ____A (Microsoft Corporation) C:\Windows\System32\mpg2splt.ax
2012-05-16 22:21 - 2012-05-16 22:21 - 00257024 ____A (Microsoft Corporation) C:\Windows\System32\mfreadwrite.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00252928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\drvinst.exe
2012-05-16 22:21 - 2012-05-16 22:21 - 00249856 ____A (Microsoft Corporation) C:\Windows\System32\SearchProtocolHost.exe
2012-05-16 22:21 - 2012-05-16 22:21 - 00246784 ____A (Microsoft Corporation) C:\Windows\System32\input.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00233472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00214528 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00212992 ____A (Microsoft Corporation) C:\Windows\System32\odbctrac.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00202240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00199680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mpg2splt.ax
2012-05-16 22:21 - 2012-05-16 22:21 - 00199680 ____A (Microsoft Corporation) C:\Windows\System32\xmllite.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00197120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00196608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00189824 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\storport.sys
2012-05-16 22:21 - 2012-05-16 22:21 - 00183296 ____A (Microsoft Corporation) C:\Windows\System32\dnsrslvr.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xmllite.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00168448 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
2012-05-16 22:21 - 2012-05-16 22:21 - 00166272 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvstor.sys
2012-05-16 22:21 - 2012-05-16 22:21 - 00164352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2012-05-16 22:21 - 2012-05-16 22:21 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbctrac.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\umpo.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\odbccp32.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00158208 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2012-05-16 22:21 - 2012-05-16 22:21 - 00148352 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvraid.sys
2012-05-16 22:21 - 2012-05-16 22:21 - 00145920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cfgmgr32.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00128000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2012-05-16 22:21 - 2012-05-16 22:21 - 00122880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccp32.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00113664 ____A (Microsoft Corporation) C:\Windows\System32\SearchFilterHost.exe
2012-05-16 22:21 - 2012-05-16 22:21 - 00108032 ____A (Microsoft Corporation) C:\Windows\System32\psisrndr.ax
2012-05-16 22:21 - 2012-05-16 22:21 - 00107904 ____A (Advanced Micro Devices) C:\Windows\System32\Drivers\amdsata.sys
2012-05-16 22:21 - 2012-05-16 22:21 - 00106496 ____A (Microsoft Corporation) C:\Windows\System32\odbccu32.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00106496 ____A (Microsoft Corporation) C:\Windows\System32\odbccr32.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00100864 ____A (Microsoft Corporation) C:\Windows\System32\fontsub.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00099328 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2012-05-16 22:21 - 2012-05-16 22:21 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\fsutil.exe
2012-05-16 22:21 - 2012-05-16 22:21 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\USBSTOR.SYS
2012-05-16 22:21 - 2012-05-16 22:21 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2012-05-16 22:21 - 2012-05-16 22:21 - 00086016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccu32.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00081920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccr32.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00080384 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\BTHUSB.SYS
2012-05-16 22:21 - 2012-05-16 22:21 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\packager.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00075776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax
2012-05-16 22:21 - 2012-05-16 22:21 - 00075264 ____A (Microsoft Corporation) C:\Windows\System32\msscntrs.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\fsutil.exe
2012-05-16 22:21 - 2012-05-16 22:21 - 00070656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\devobj.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00059392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00052736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2012-05-16 22:21 - 2012-05-16 22:21 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\devrtl.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00031232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
2012-05-16 22:21 - 2012-05-16 22:21 - 00031232 ____A (Microsoft Corporation) C:\Windows\System32\prevhost.exe
2012-05-16 22:21 - 2012-05-16 22:21 - 00031232 ____A (Microsoft Corporation) C:\Windows\System32\lsass.exe
2012-05-16 22:21 - 2012-05-16 22:21 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2012-05-16 22:21 - 2012-05-16 22:21 - 00030208 ____A (Microsoft Corporation) C:\Windows\System32\dnscacheugc.exe
2012-05-16 22:21 - 2012-05-16 22:21 - 00029184 ____A (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00028672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dnscacheugc.exe
2012-05-16 22:21 - 2012-05-16 22:21 - 00028160 ____A (Microsoft Corporation) C:\Windows\System32\secur32.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00027520 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Diskdump.sys
2012-05-16 22:21 - 2012-05-16 22:21 - 00027008 ____A (Advanced Micro Devices) C:\Windows\System32\Drivers\amdxata.sys
2012-05-16 22:21 - 2012-05-16 22:21 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-05-16 22:21 - 2012-05-16 22:21 - 00025600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys
2012-05-16 22:21 - 2012-05-16 22:21 - 00020352 ____A (Microsoft Corporation) C:\Windows\System32\kdusb.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00019328 ____A (Microsoft Corporation) C:\Windows\System32\kd1394.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00017792 ____A (Microsoft Corporation) C:\Windows\System32\kdcom.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00007936 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2012-05-16 22:21 - 2012-05-16 22:21 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-05-16 22:21 - 2012-05-16 22:21 - 00007680 ____A (Microsoft Corporation) C:\Windows\System32\KBDINTAM.DLL
2012-05-16 22:21 - 2012-05-16 22:21 - 00007680 ____A (Microsoft Corporation) C:\Windows\System32\KBDINMAL.DLL
2012-05-16 22:21 - 2012-05-16 22:21 - 00007680 ____A (Microsoft Corporation) C:\Windows\System32\KBDINDEV.DLL
2012-05-16 22:21 - 2012-05-16 22:21 - 00007680 ____A (Microsoft Corporation) C:\Windows\System32\KBDINBEN.DLL
2012-05-16 22:21 - 2012-05-16 22:21 - 00007168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINTAM.DLL
2012-05-16 22:21 - 2012-05-16 22:21 - 00007168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINORI.DLL
2012-05-16 22:21 - 2012-05-16 22:21 - 00007168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINMAR.DLL
2012-05-16 22:21 - 2012-05-16 22:21 - 00007168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINMAL.DLL
2012-05-16 22:21 - 2012-05-16 22:21 - 00007168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINKAN.DLL
2012-05-16 22:21 - 2012-05-16 22:21 - 00007168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINHIN.DLL
2012-05-16 22:21 - 2012-05-16 22:21 - 00007168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINDEV.DLL
2012-05-16 22:21 - 2012-05-16 22:21 - 00007168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINBEN.DLL
2012-05-16 22:21 - 2012-05-16 22:21 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDINTEL.DLL
2012-05-16 22:21 - 2012-05-16 22:21 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDINPUN.DLL
2012-05-16 22:21 - 2012-05-16 22:21 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDINORI.DLL
2012-05-16 22:21 - 2012-05-16 22:21 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDINMAR.DLL
2012-05-16 22:21 - 2012-05-16 22:21 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDINKAN.DLL
2012-05-16 22:21 - 2012-05-16 22:21 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDINHIN.DLL
2012-05-16 22:21 - 2012-05-16 22:21 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDINGUJ.DLL
2012-05-16 22:21 - 2012-05-16 22:21 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDINEN.DLL
2012-05-16 22:21 - 2012-05-16 22:21 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDINBE2.DLL
2012-05-16 22:21 - 2012-05-16 22:21 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDINBE1.DLL
2012-05-16 22:21 - 2012-05-16 22:21 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDINASA.DLL
2012-05-16 22:21 - 2012-05-16 22:21 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINTEL.DLL
2012-05-16 22:21 - 2012-05-16 22:21 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINPUN.DLL
2012-05-16 22:21 - 2012-05-16 22:21 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINGUJ.DLL
2012-05-16 22:21 - 2012-05-16 22:21 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINBE2.DLL
2012-05-16 22:21 - 2012-05-16 22:21 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINBE1.DLL
2012-05-16 22:21 - 2012-05-16 22:21 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINASA.DLL
2012-05-16 22:21 - 2012-05-16 22:21 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-05-16 22:21 - 2012-05-16 22:21 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-05-16 22:21 - 2012-05-16 22:21 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-05-16 22:01 - 2012-05-16 22:01 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-05-16 22:01 - 2012-05-16 22:01 - 00697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-05-16 22:01 - 2012-05-16 22:01 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-05-16 22:01 - 2012-05-16 22:01 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-05-16 22:01 - 2012-05-16 22:01 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-05-16 22:01 - 2012-05-16 22:01 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-05-16 22:01 - 2012-05-16 22:01 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-05-16 22:01 - 2012-05-16 22:01 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-05-16 22:01 - 2012-05-16 22:01 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-05-16 22:01 - 2012-05-16 22:01 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-05-16 22:01 - 2012-05-16 22:01 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-05-16 22:01 - 2012-05-16 22:01 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-05-16 22:01 - 2012-05-16 22:01 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-05-16 22:01 - 2012-05-16 22:01 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-05-16 22:01 - 2012-05-16 22:01 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-05-16 22:01 - 2012-05-16 22:01 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-05-16 22:01 - 2012-05-16 22:01 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-05-16 22:01 - 2012-05-16 22:01 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-05-16 22:01 - 2012-05-16 22:01 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-05-16 22:01 - 2012-05-16 22:01 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-05-16 22:01 - 2012-05-16 22:01 - 00003440 ____A C:\Windows\SysWOW64\Drivers\1028_Dell_XPS_8500.mrk
2012-05-16 22:01 - 2012-05-16 22:01 - 00003440 ____A C:\Windows\System32\Drivers\1028_Dell_XPS_8500.mrk
2012-05-16 21:58 - 2009-07-13 21:38 - 00025600 __ASH C:\Windows\System32\config\BCD-Template.LOG
2012-05-16 21:58 - 2009-07-13 21:32 - 00028672 ____A C:\Windows\System32\config\BCD-Template
2012-05-16 20:48 - 2012-05-16 20:48 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_btath_hcrp_01009.Wdf
2012-05-16 20:45 - 2012-05-16 20:45 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_iusb3hcs_01009.Wdf
2012-05-16 20:29 - 2012-05-16 22:26 - 00164480 ____A C:\Windows\System32\Drivers\RTWAVES40.dat

ZeroAccess:
C:\Windows\Installer\{639f942b-ed58-6584-d63f-f1c93a10823f}
C:\Windows\Installer\{639f942b-ed58-6584-d63f-f1c93a10823f}\L
C:\Windows\Installer\{639f942b-ed58-6584-d63f-f1c93a10823f}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 10%
Total physical RAM: 8155.28 MB
Available physical RAM: 7329.97 MB
Total Pagefile: 8153.48 MB
Available Pagefile: 7320.03 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:919.22 GB) (Free:753.09 GB) NTFS
3 Drive e: (RECOVERY) (Fixed) (Total:12.25 GB) (Free:5.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
7 Drive i: (WDO_MEDIA64) (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT32
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 Online 1924 MB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 12 GB 40 MB
Partition 3 Primary 919 GB 12 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 FAT Partition 39 MB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 E RECOVERY NTFS Partition 12 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 919 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1907 MB 64 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 I WDO_MEDIA64 FAT32 Removable 1907 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-30 17:24

======================= End Of Log ==========================

#11 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:02:58 AM

Posted 06 August 2012 - 06:26 PM

r8der,

:step1: Rerun FRST

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

3 efavdrv; \??\C:\Windows\system32\drivers\efavdrv.sys
0 efpnfd; C:\Windows\System32\drivers\kkkbxtaw.sys
0 lfwsbi; C:\Windows\System32\drivers\udczvw.sys
0 nbbod; C:\Windows\System32\drivers\npaiii.sys
C:\Windows\SysWOW64\Drivers\kkkbxtaw.sys
C:\Windows\SysWOW64\Drivers\udczvw.sys
C:\Windows\system32\drivers\efavdrv.sys
C:\Windows\System32\drivers\npaiii.sys
C:\Windows\Installer\{639f942b-ed58-6584-d63f-f1c93a10823f}
C:\Windows\Installer\{639f942b-ed58-6584-d63f-f1c93a10823f}\L
C:\Windows\Installer\{639f942b-ed58-6584-d63f-f1c93a10823f}\U

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Please enter System Recovery Options, as we did previously.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

:step2: FSS

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


In your next reply, please include:
  • Fixlog.txt
  • FSS log
  • How's your computer running now? Are you able to access the Internet successfully?

Edited by jntkwx, 06 August 2012 - 06:27 PM.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#12 r8der

r8der
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 06 August 2012 - 07:46 PM

Ran both programs but still cannot access the internet :/

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 05-08-2012 03
Ran by SYSTEM at 2012-08-06 17:42:13 Run:1
Running from I:\

==============================================

efavdrv service deleted successfully.
efpnfd service deleted successfully.
lfwsbi service deleted successfully.
nbbod service deleted successfully.
C:\Windows\SysWOW64\Drivers\kkkbxtaw.sys moved successfully.
C:\Windows\SysWOW64\Drivers\udczvw.sys moved successfully.
C:\Windows\system32\drivers\efavdrv.sys not found.
C:\Windows\System32\drivers\npaiii.sys not found.
C:\Windows\Installer\{639f942b-ed58-6584-d63f-f1c93a10823f} moved successfully.
C:\Windows\Installer\{639f942b-ed58-6584-d63f-f1c93a10823f}\L not found.
C:\Windows\Installer\{639f942b-ed58-6584-d63f-f1c93a10823f}\U not found.

==== End of Fixlog ====



Farbar Service Scanner Version: 06-08-2012
Ran by Sickness5150 (administrator) on 06-08-2012 at 17:44:41
Running from "C:\Users\Sickness5150\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
LAN connected.
Attempt to access Google IP returned error: Other errors
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#13 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:02:58 AM

Posted 06 August 2012 - 08:15 PM

Please run Farbar Service Scanner.
Type the following in the edit box after "Search:".

ipsec.sys

Click Search Files button and post the log (FSS.txt) it makes to your reply.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#14 r8der

r8der
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 06 August 2012 - 10:35 PM

Farbar Service Scanner Version: 06-08-2012
Ran by Sickness5150 (administrator) on 06-08-2012 at 20:32:23
Microsoft Windows 7 Home Premium Service Pack 1 (X64)

************************************************
======== Search: "ipsec.sys" =========

====== End Of Search ======

#15 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:02:58 AM

Posted 07 August 2012 - 07:30 AM

r8der,

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users