Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with 63.209.69.107 SCOUR redirect


  • This topic is locked This topic is locked
18 replies to this topic

#1 geeknurse

geeknurse

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 04 August 2012 - 01:31 AM

Firefox intermittently redirects google searches to Scour. MSE won't run as well. Tried numerous fixes, scanners...etc..

Here is the DDS.txt

Thanks in advance for any help!!!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by FAMILY at 2:22:29 on 2012-08-04
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4000.1716 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\FBAgent.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files\ASUS\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Users\FAMILY\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\IO3O LLC\Who Is On My Wifi\mywifi.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\FAMILY\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://asus.msn.com
uDefault_Page_URL = hxxp://asus.msn.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://asus.msn.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit=userinit.exe,
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\FAMILY\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
uRun: [Spotify] "C:\Users\FAMILY\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
uRun: [Spotify Web Helper] "C:\Users\FAMILY\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S
mRun: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
mRun: [SAOB Monitor] C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
mRun: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WHOISO~1.LNK - C:\Program Files (x86)\IO3O LLC\Who Is On My Wifi\mywifi.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: mswsock.dll
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{5788B863-B221-42C0-AE70-56C3A249BC6D} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{5788B863-B221-42C0-AE70-56C3A249BC6D}\A433A47534 : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
mRun-x64: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
mRun-x64: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun-x64: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S
mRun-x64: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
mRun-x64: [SAOB Monitor] C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
mRun-x64: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
mRun-x64: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\FAMILY\AppData\Roaming\Mozilla\Firefox\Profiles\ccj0u7z7.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
FF - plugin: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll
FF - plugin: C:\Users\FAMILY\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Users\FAMILY\AppData\Roaming\Mozilla\Firefox\Profiles\ccj0u7z7.default\extensions\{9EB34849-81D3-4841-939D-666D522B889A}\plugins\npSlingPlayer.dll
FF - plugin: C:\Users\FAMILY\AppData\Roaming\Mozilla\Firefox\Profiles\ccj0u7z7.default\extensions\LogMeInClient@logmein.com\plugins\npLMI64.dll
FF - plugin: C:\Users\FAMILY\AppData\Roaming\Mozilla\Firefox\Profiles\ccj0u7z7.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: C:\Users\FAMILY\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\FAMILY\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R1 ATKWMIACPIIO_;ATKWMIACPI Driver_;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R3 afcdp;afcdp;C:\Windows\system32\DRIVERS\afcdp.sys --> C:\Windows\system32\DRIVERS\afcdp.sys [?]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys --> C:\Windows\system32\DRIVERS\asmthub3.sys [?]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys --> C:\Windows\system32\DRIVERS\asmtxhci.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
.
=============== Created Last 30 ================
.
2012-08-03 16:57:44 -------- d-----w- C:\ProgramData\vsosdk
2012-08-03 15:06:52 65602 ----a-w- C:\Windows\SysWow64\cook3260.dll
2012-08-03 15:06:52 626688 ----a-w- C:\Windows\SysWow64\vp7vfw.dll
2012-08-03 15:06:52 217127 ----a-w- C:\Windows\SysWow64\drv43260.dll
2012-08-03 15:06:52 208935 ----a-w- C:\Windows\SysWow64\drv33260.dll
2012-08-03 15:06:52 176165 ----a-w- C:\Windows\SysWow64\drv23260.dll
2012-08-03 15:06:52 1184984 ----a-w- C:\Windows\SysWow64\wvc1dmod.dll
2012-08-03 15:06:52 102439 ----a-w- C:\Windows\SysWow64\sipr3260.dll
2012-08-03 15:06:48 -------- d-----w- C:\Program Files (x86)\VSO
2012-08-02 06:42:09 -------- d-----w- C:\Program Files (x86)\IO3O LLC
2012-08-02 04:42:16 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-31 02:36:01 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-07-31 02:06:42 20480 ----a-w- C:\Windows\svchost.exe
2012-07-30 20:12:07 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A1B976F0-4369-412D-9A6B-D3E417D4D5E7}\mpengine.dll
2012-07-26 04:52:17 -------- d-----w- C:\Users\FAMILY\AppData\Local\ApplicationHistory
2012-07-26 04:50:36 -------- d-----w- C:\Windows\SysWow64\URTTEMP
2012-07-26 04:49:25 -------- d-----w- C:\Users\FAMILY\AppData\Local\Turbine
2012-07-26 04:47:45 -------- d-----w- C:\ProgramData\HappyCloud
2012-07-26 01:47:17 -------- d-----w- C:\Program Files (x86)\Activision
2012-07-25 04:17:59 81768 ----a-w- C:\Windows\SysWow64\xinput1_3.dll
2012-07-24 13:04:29 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-22 23:02:38 -------- d-----w- C:\PERRLA
2012-07-20 04:13:53 -------- d-----w- C:\Users\FAMILY\.amokexifsorter
2012-07-20 04:13:34 -------- d-----w- C:\Program Files (x86)\AmoK Exif Sorter
2012-07-19 19:42:13 -------- d-----w- C:\Program Files (x86)\Raven
2012-07-19 19:31:43 306688 ----a-w- C:\Windows\IsUninst.exe
2012-07-19 19:10:52 -------- d-----w- C:\Users\FAMILY\AppData\Local\Spotify
2012-07-19 19:10:43 -------- d-----w- C:\Users\FAMILY\AppData\Roaming\Spotify
2012-07-19 17:19:06 -------- d-----w- C:\Users\FAMILY\AppData\Roaming\iFunbox_UserCache
2012-07-19 17:19:00 -------- d-----w- C:\Program Files (x86)\i-Funbox DevTeam
2012-07-19 08:44:16 -------- d-----w- C:\Users\FAMILY\AppData\Roaming\Malwarebytes
2012-07-19 08:44:09 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-19 08:44:08 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-19 08:44:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-19 08:17:45 -------- d-----w- C:\ProgramData\7531CCA9027AD54AC8DD8DBAF875F002
2012-07-19 08:17:26 -------- d-----w- C:\Users\FAMILY\AppData\Local\{2806971A-D17A-11E1-8270-B8AC6F996F26}
2012-07-19 08:17:26 -------- d-----w- C:\Users\FAMILY\AppData\Local\{280665F1-D17A-11E1-8270-B8AC6F996F26}
2012-07-19 08:16:20 311296 ----a-w- C:\Users\FAMILY\AppData\Local\kvgcdkhl.exe
2012-07-18 06:57:29 -------- d-----w- C:\Program Files (x86)\Common Files\IVA
2012-07-18 06:57:04 -------- d-----w- C:\Program Files (x86)\Common Files\Nuance
2012-07-18 05:47:51 -------- d-----w- C:\Users\FAMILY\AppData\Roaming\HandBrake
2012-07-12 21:48:41 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-12 19:42:07 -------- d-----w- C:\Users\FAMILY\AppData\Local\FANiSO
2012-07-11 15:40:36 -------- d-----w- C:\Users\FAMILY\AppData\Local\Diagnostics
2012-07-11 01:22:22 -------- d-----w- C:\Users\FAMILY\AppData\Roaming\Sling Media
.
==================== Find3M ====================
.
2012-08-03 06:41:11 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-03 06:41:11 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-12 02:25:48 87488 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2012-07-12 02:25:47 80800 ----a-w- C:\Windows\System32\LMIinit.dll
2012-07-12 02:25:47 34720 ----a-w- C:\Windows\System32\LMIport.dll
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-17 19:52:06 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll.000.bak
2012-05-17 19:52:05 80768 ----a-w- C:\Windows\System32\LMIinit.dll.000.bak
.
============= FINISH: 2:27:02.16 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:04 AM

Posted 06 August 2012 - 03:04 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 geeknurse

geeknurse
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 06 August 2012 - 03:38 PM

Everything seems to be working well.
No more redirects.
I uninstalled and reinstalled MSE after I ran ComboFix


Here are the log files as per your request.

Thanks!
Paul

Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
(On Access scanning disabled!)
Error obtaining update status for antivirus!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
JavaFX 2.1.0
Java™ 7 Update 4
Java version out of Date!
Mozilla Firefox (14.0.1)
Google Chrome 20.0.1132.57
Google Chrome 21.0.1180.60
Google Chrome VisualElementsManifest.xml..
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials msseces.exe
Acronis OnlineBackupStandalone TrueImageMonitor.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

ComboFix 12-08-05.02 - FAMILY 08/06/2012 14:46:16.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4000.2430 [GMT -4:00]
Running from: c:\users\FAMILY\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\FAMILY\AppData\Local\kvgcdkhl.exe
c:\users\FAMILY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum
c:\users\FAMILY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum\Live Security Platinum.lnk
c:\users\FAMILY\AppData\Roaming\vso_ts_preview.xml
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{3c42eb88-3e76-c42f-e757-e3ec8d556822}\@
c:\windows\Installer\{3c42eb88-3e76-c42f-e757-e3ec8d556822}\L\00000004.@
c:\windows\Installer\{3c42eb88-3e76-c42f-e757-e3ec8d556822}\L\201d3dde
c:\windows\Installer\{3c42eb88-3e76-c42f-e757-e3ec8d556822}\n
c:\windows\Installer\{3c42eb88-3e76-c42f-e757-e3ec8d556822}\U\00000004.@
c:\windows\Installer\{3c42eb88-3e76-c42f-e757-e3ec8d556822}\U\00000008.@
c:\windows\Installer\{3c42eb88-3e76-c42f-e757-e3ec8d556822}\U\000000cb.@
c:\windows\Installer\{3c42eb88-3e76-c42f-e757-e3ec8d556822}\U\80000000.@
c:\windows\Installer\{3c42eb88-3e76-c42f-e757-e3ec8d556822}\U\80000032.@
c:\windows\Installer\{3c42eb88-3e76-c42f-e757-e3ec8d556822}\U\80000064.@
c:\windows\msvcr71.dll
c:\windows\svchost.exe
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
Infected copy of c:\windows\system32\services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-06 to 2012-08-06 )))))))))))))))))))))))))))))))
.
.
2012-08-06 18:53 . 2012-08-06 18:53 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2012-08-06 18:53 . 2012-08-06 18:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-06 01:02 . 2012-08-06 01:02 -------- d-----w- c:\users\FAMILY\AppData\Local\TechSmith
2012-08-06 01:01 . 2012-08-06 01:01 -------- d-----w- c:\users\FAMILY\AppData\Roaming\TechSmith
2012-08-06 01:00 . 2012-08-06 01:00 -------- d-----w- c:\program files (x86)\QuickTime
2012-08-06 01:00 . 2012-08-06 01:00 -------- d-----w- c:\program files (x86)\Common Files\TechSmith Shared
2012-08-06 01:00 . 2012-08-06 01:00 -------- d-----w- c:\programdata\TechSmith
2012-08-06 00:59 . 2012-08-06 00:59 -------- d-----w- c:\program files (x86)\TechSmith
2012-08-04 21:10 . 2012-08-04 21:15 -------- d-----w- c:\program files (x86)\GetFLV
2012-08-03 16:57 . 2012-08-03 16:57 -------- d-----w- c:\programdata\vsosdk
2012-08-03 15:07 . 2012-08-05 01:15 -------- d-----w- c:\users\FAMILY\AppData\Roaming\Vso
2012-08-03 15:06 . 2009-09-02 17:44 65602 ----a-w- c:\windows\SysWow64\cook3260.dll
2012-08-03 15:06 . 2009-09-02 17:44 626688 ----a-w- c:\windows\SysWow64\vp7vfw.dll
2012-08-03 15:06 . 2009-09-02 17:44 217127 ----a-w- c:\windows\SysWow64\drv43260.dll
2012-08-03 15:06 . 2009-09-02 17:44 208935 ----a-w- c:\windows\SysWow64\drv33260.dll
2012-08-03 15:06 . 2009-09-02 17:44 176165 ----a-w- c:\windows\SysWow64\drv23260.dll
2012-08-03 15:06 . 2009-09-02 17:44 1184984 ----a-w- c:\windows\SysWow64\wvc1dmod.dll
2012-08-03 15:06 . 2009-09-02 17:44 102439 ----a-w- c:\windows\SysWow64\sipr3260.dll
2012-08-03 15:06 . 2012-08-03 15:06 -------- d-----w- c:\program files (x86)\VSO
2012-08-02 06:58 . 2012-08-02 06:59 -------- d-----w- c:\users\Paul
2012-08-02 06:42 . 2012-08-02 06:42 -------- d-----w- c:\program files (x86)\IO3O LLC
2012-08-02 04:42 . 2012-08-02 04:42 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-31 02:36 . 2012-07-31 02:36 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-30 20:12 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A1B976F0-4369-412D-9A6B-D3E417D4D5E7}\mpengine.dll
2012-07-27 00:24 . 2012-07-27 00:24 -------- d-----w- c:\users\FAMILY\AppData\Roaming\ImgBurn
2012-07-27 00:13 . 2012-07-27 00:13 -------- d-----w- c:\program files (x86)\ImgBurn
2012-07-26 04:52 . 2012-07-26 15:32 -------- d-----w- c:\users\FAMILY\AppData\Local\ApplicationHistory
2012-07-26 04:49 . 2012-07-26 15:24 -------- d-----w- c:\users\FAMILY\AppData\Local\Turbine
2012-07-26 04:47 . 2012-07-26 15:32 -------- d-----w- c:\programdata\HappyCloud
2012-07-26 01:47 . 2012-07-26 01:47 -------- d-----w- c:\program files (x86)\Activision
2012-07-25 04:17 . 2007-04-04 22:54 107368 ----a-w- c:\windows\system32\xinput1_3.dll
2012-07-25 04:14 . 2012-07-25 04:14 -------- d-----w- c:\users\Public\Games
2012-07-24 13:04 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-22 23:02 . 2012-08-06 03:04 -------- d-----w- C:\PERRLA
2012-07-20 04:13 . 2012-07-20 04:13 -------- d-----w- c:\users\FAMILY\.amokexifsorter
2012-07-20 04:13 . 2012-07-20 04:13 -------- d-----w- c:\program files (x86)\AmoK Exif Sorter
2012-07-19 23:49 . 2012-07-19 23:52 -------- d-----w- c:\users\FAMILY\AppData\Roaming\Download Manager
2012-07-19 23:49 . 2012-07-19 23:49 -------- d-----w- c:\windows\Sun
2012-07-19 19:42 . 2012-07-19 19:42 -------- d-----w- c:\program files (x86)\Raven
2012-07-19 19:31 . 2001-05-24 19:00 306688 ----a-w- c:\windows\IsUninst.exe
2012-07-19 19:10 . 2012-08-06 18:47 -------- d-----w- c:\users\FAMILY\AppData\Local\Spotify
2012-07-19 19:10 . 2012-08-06 18:46 -------- d-----w- c:\users\FAMILY\AppData\Roaming\Spotify
2012-07-19 17:19 . 2012-07-19 17:19 -------- d-----w- c:\users\FAMILY\AppData\Roaming\iFunbox_UserCache
2012-07-19 17:19 . 2012-07-19 17:19 -------- d-----w- c:\program files (x86)\i-Funbox DevTeam
2012-07-19 08:44 . 2012-07-19 08:44 -------- d-----w- c:\users\FAMILY\AppData\Roaming\Malwarebytes
2012-07-19 08:44 . 2012-07-19 08:44 -------- d-----w- c:\programdata\Malwarebytes
2012-07-19 08:44 . 2012-07-19 08:44 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-19 08:44 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-19 08:17 . 2012-07-19 08:47 -------- d-----w- c:\programdata\7531CCA9027AD54AC8DD8DBAF875F002
2012-07-19 08:17 . 2012-07-19 08:17 -------- d-----w- c:\users\FAMILY\AppData\Local\{2806971A-D17A-11E1-8270-B8AC6F996F26}
2012-07-19 08:17 . 2012-07-19 08:17 -------- d-----w- c:\users\FAMILY\AppData\Local\{280665F1-D17A-11E1-8270-B8AC6F996F26}
2012-07-18 06:57 . 2012-07-18 06:57 -------- d-----w- c:\program files (x86)\Common Files\IVA
2012-07-18 06:57 . 2012-07-18 07:05 -------- d-----w- c:\program files (x86)\Common Files\Nuance
2012-07-18 05:47 . 2012-07-18 05:47 -------- d-----w- c:\users\FAMILY\AppData\Roaming\HandBrake
2012-07-12 21:48 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-12 21:43 . 2012-06-02 12:49 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-07-12 21:43 . 2012-06-02 12:17 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-07-12 19:42 . 2012-07-12 19:42 -------- d-----w- c:\users\FAMILY\AppData\Local\FANiSO
2012-07-11 15:40 . 2012-07-11 15:40 -------- d-----w- c:\users\FAMILY\AppData\Local\Diagnostics
2012-07-11 01:22 . 2012-07-11 01:22 -------- d-----w- c:\users\FAMILY\AppData\Roaming\Sling Media
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 06:41 . 2012-04-27 18:07 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-03 06:41 . 2012-02-28 23:52 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 21:45 . 2012-03-31 19:54 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-12 02:25 . 2012-01-29 05:27 87488 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-07-12 02:25 . 2012-01-29 05:27 34720 ----a-w- c:\windows\system32\LMIport.dll
2012-07-12 02:25 . 2012-01-29 05:27 80800 ----a-w- c:\windows\system32\LMIinit.dll
2012-06-02 22:19 . 2012-06-21 05:28 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 05:29 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 05:29 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 05:29 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 05:28 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 05:29 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 05:28 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-21 05:28 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-21 05:28 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-18 10:40 . 2012-05-18 10:40 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-17 19:52 . 2012-01-29 05:27 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2012-05-17 19:52 . 2012-01-29 05:27 80768 ----a-w- c:\windows\system32\LMIinit.dll.000.bak
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
"Spotify"="c:\users\FAMILY\AppData\Roaming\Spotify\Spotify.exe" [2012-07-19 7601880]
"Spotify Web Helper"="c:\users\FAMILY\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-19 1193176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-10-18 3331312]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-07-29 737104]
"SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]
"SAOB Monitor"="c:\program files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe" [2010-09-02 2536440]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-09-08 5479424]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-08-23 206240]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2011-12-22 318080]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2011-10-24 174720]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-10-18 2319536]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"DNS7reminder"="c:\program files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" [2007-04-16 259624]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-10-18 549040]
FancyStart daemon.lnk - c:\windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe [2011-12-7 12862]
Who Is On My Wifi.lnk - c:\program files (x86)\IO3O LLC\Who Is On My Wifi\mywifi.exe [2012-8-2 369152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2011-03-18 74840]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
R3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28ux.sys [2009-09-15 1061888]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-20 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [2012-01-19 1263200]
S1 ATKWMIACPIIO_;ATKWMIACPI Driver_;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-09-07 17536]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-01-27 283200]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-03-04 379520]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-01-19 3975088]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2012-02-16 277120]
S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [2010-07-23 296808]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-07-12 375208]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2011-09-16 15928]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2012-01-19 279136]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-11-22 130024]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-11-22 395752]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-11-03 317440]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-27 06:41]
.
2012-08-06 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2012-01-27 03:03]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1051807519-3263120102-3672729157-1000Core.job
- c:\users\FAMILY\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-07 20:41]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1051807519-3263120102-3672729157-1000UA.job
- c:\users\FAMILY\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-07 20:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-03-21 361984]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-09-08 390736]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2011-09-16 57928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-11-03 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-11-03 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-11-03 416024]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://asus.msn.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\FAMILY\AppData\Roaming\Mozilla\Firefox\Profiles\ccj0u7z7.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-MsMpSvc
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:d5,cb,55,6b,01,6f,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\FaceLogon\sensorsrv.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
c:\program files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-08-06 15:02:12 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-06 19:02
.
Pre-Run: 44,485,492,736 bytes free
Post-Run: 45,403,271,168 bytes free
.
- - End Of File - - 666A8A414DFB7F3D509D69AE0E1B5566

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:04 AM

Posted 06 August 2012 - 06:27 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 geeknurse

geeknurse
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 08 August 2012 - 10:30 AM

Looks like I still have the redirect issue.

Here are the logs per your request.

21:03:42.0792 5136 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
21:03:43.0026 5136 ============================================================
21:03:43.0026 5136 Current date / time: 2012/08/07 21:03:43.0026
21:03:43.0026 5136 SystemInfo:
21:03:43.0026 5136
21:03:43.0026 5136 OS Version: 6.1.7601 ServicePack: 1.0
21:03:43.0026 5136 Product type: Workstation
21:03:43.0026 5136 ComputerName: FAMILY-PC
21:03:43.0026 5136 UserName: FAMILY
21:03:43.0026 5136 Windows directory: C:\Windows
21:03:43.0026 5136 System windows directory: C:\Windows
21:03:43.0026 5136 Running under WOW64
21:03:43.0026 5136 Processor architecture: Intel x64
21:03:43.0026 5136 Number of processors: 4
21:03:43.0026 5136 Page size: 0x1000
21:03:43.0026 5136 Boot type: Normal boot
21:03:43.0026 5136 ============================================================
21:03:43.0931 5136 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:03:43.0946 5136 ============================================================
21:03:43.0946 5136 \Device\Harddisk0\DR0:
21:03:43.0946 5136 MBR partitions:
21:03:43.0946 5136 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3200800, BlocksNum 0xEE79000
21:03:43.0946 5136 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x12079800, BlocksNum 0x133B4800
21:03:43.0946 5136 ============================================================
21:03:43.0978 5136 C: <-> \Device\Harddisk0\DR0\Partition0
21:03:44.0024 5136 D: <-> \Device\Harddisk0\DR0\Partition1
21:03:44.0024 5136 ============================================================
21:03:44.0024 5136 Initialize success
21:03:44.0024 5136 ============================================================
21:03:46.0208 6428 ============================================================
21:03:46.0208 6428 Scan started
21:03:46.0208 6428 Mode: Manual;
21:03:46.0208 6428 ============================================================
21:03:46.0739 6428 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:03:46.0754 6428 1394ohci - ok
21:03:46.0801 6428 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:03:46.0801 6428 ACPI - ok
21:03:46.0817 6428 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:03:46.0817 6428 AcpiPmi - ok
21:03:47.0051 6428 AcrSch2Svc (b745f1f947623adfecde0905180610da) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
21:03:47.0051 6428 AcrSch2Svc - ok
21:03:47.0269 6428 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:03:47.0269 6428 AdobeFlashPlayerUpdateSvc - ok
21:03:47.0488 6428 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
21:03:47.0503 6428 adp94xx - ok
21:03:47.0581 6428 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
21:03:47.0597 6428 adpahci - ok
21:03:47.0628 6428 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
21:03:47.0628 6428 adpu320 - ok
21:03:47.0722 6428 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:03:47.0722 6428 AeLookupSvc - ok
21:03:47.0800 6428 AFBAgent (69fd46fac0d9c4a8ecd522ac6a7481f5) C:\Windows\system32\FBAgent.exe
21:03:47.0800 6428 AFBAgent - ok
21:03:47.0893 6428 afcdp (3cb8a6bb25eb8b8d5e56123b52df9412) C:\Windows\system32\DRIVERS\afcdp.sys
21:03:47.0909 6428 afcdp - ok
21:03:48.0252 6428 afcdpsrv (e6e182bdaad59cee0339f0474a558015) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
21:03:48.0314 6428 afcdpsrv - ok
21:03:48.0517 6428 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
21:03:48.0517 6428 AFD - ok
21:03:48.0564 6428 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:03:48.0564 6428 agp440 - ok
21:03:48.0611 6428 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:03:48.0611 6428 ALG - ok
21:03:48.0642 6428 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:03:48.0642 6428 aliide - ok
21:03:48.0658 6428 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:03:48.0673 6428 amdide - ok
21:03:48.0689 6428 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
21:03:48.0689 6428 AmdK8 - ok
21:03:48.0704 6428 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
21:03:48.0704 6428 AmdPPM - ok
21:03:48.0720 6428 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:03:48.0720 6428 amdsata - ok
21:03:48.0751 6428 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
21:03:48.0751 6428 amdsbs - ok
21:03:48.0767 6428 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:03:48.0767 6428 amdxata - ok
21:03:48.0829 6428 AmUStor (92a848f962da91c631147d566414bb7e) C:\Windows\system32\drivers\AmUStor.SYS
21:03:48.0829 6428 AmUStor - ok
21:03:48.0860 6428 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:03:48.0860 6428 AppID - ok
21:03:48.0876 6428 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
21:03:48.0876 6428 AppIDSvc - ok
21:03:48.0907 6428 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
21:03:48.0923 6428 Appinfo - ok
21:03:49.0016 6428 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:03:49.0016 6428 Apple Mobile Device - ok
21:03:49.0079 6428 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
21:03:49.0079 6428 arc - ok
21:03:49.0110 6428 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
21:03:49.0126 6428 arcsas - ok
21:03:49.0235 6428 ASLDRService (a3626c6d3f2dc95497f3f61842d7fd89) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
21:03:49.0235 6428 ASLDRService - ok
21:03:49.0250 6428 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
21:03:49.0250 6428 ASMMAP64 - ok
21:03:49.0313 6428 asmthub3 (8569af4c73747671194ea9ebb2f2d6cf) C:\Windows\system32\DRIVERS\asmthub3.sys
21:03:49.0328 6428 asmthub3 - ok
21:03:49.0375 6428 asmtxhci (073716fbffac7057cd5ff00a1b558331) C:\Windows\system32\DRIVERS\asmtxhci.sys
21:03:49.0391 6428 asmtxhci - ok
21:03:49.0500 6428 aspnet_state - ok
21:03:49.0594 6428 ASUS InstantOn (52436245aaef3b65df7859949ab6a14e) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
21:03:49.0609 6428 ASUS InstantOn - ok
21:03:49.0640 6428 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:03:49.0640 6428 AsyncMac - ok
21:03:49.0687 6428 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:03:49.0687 6428 atapi - ok
21:03:49.0937 6428 athr (b4174564ad5834a1680610572477878c) C:\Windows\system32\DRIVERS\athrx.sys
21:03:50.0030 6428 athr - ok
21:03:50.0108 6428 ATKGFNEXSrv (dbc598e47e7a382e60e2a4745d41fef9) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
21:03:50.0108 6428 ATKGFNEXSrv - ok
21:03:50.0155 6428 ATKWMIACPIIO_ (41ceaffcf3550785e59e3ec9bee8d97a) C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
21:03:50.0171 6428 ATKWMIACPIIO_ - ok
21:03:50.0374 6428 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:03:50.0389 6428 AudioEndpointBuilder - ok
21:03:50.0405 6428 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:03:50.0420 6428 AudioSrv - ok
21:03:50.0467 6428 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
21:03:50.0467 6428 AxInstSV - ok
21:03:50.0561 6428 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
21:03:50.0561 6428 b06bdrv - ok
21:03:50.0623 6428 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:03:50.0639 6428 b57nd60a - ok
21:03:50.0686 6428 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
21:03:50.0701 6428 BDESVC - ok
21:03:50.0717 6428 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:03:50.0732 6428 Beep - ok
21:03:50.0810 6428 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
21:03:50.0826 6428 BFE - ok
21:03:50.0888 6428 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:03:50.0888 6428 blbdrive - ok
21:03:50.0982 6428 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
21:03:50.0998 6428 Bonjour Service - ok
21:03:51.0029 6428 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:03:51.0029 6428 bowser - ok
21:03:51.0060 6428 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
21:03:51.0076 6428 BrFiltLo - ok
21:03:51.0076 6428 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
21:03:51.0076 6428 BrFiltUp - ok
21:03:51.0122 6428 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
21:03:51.0122 6428 BridgeMP - ok
21:03:51.0154 6428 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
21:03:51.0154 6428 Browser - ok
21:03:51.0185 6428 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:03:51.0200 6428 Brserid - ok
21:03:51.0200 6428 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:03:51.0200 6428 BrSerWdm - ok
21:03:51.0216 6428 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:03:51.0216 6428 BrUsbMdm - ok
21:03:51.0216 6428 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:03:51.0216 6428 BrUsbSer - ok
21:03:51.0232 6428 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
21:03:51.0247 6428 BthEnum - ok
21:03:51.0247 6428 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
21:03:51.0247 6428 BTHMODEM - ok
21:03:51.0263 6428 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
21:03:51.0263 6428 BthPan - ok
21:03:51.0325 6428 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
21:03:51.0341 6428 BTHPORT - ok
21:03:51.0388 6428 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
21:03:51.0388 6428 bthserv - ok
21:03:51.0419 6428 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
21:03:51.0419 6428 BTHUSB - ok
21:03:51.0434 6428 catchme - ok
21:03:51.0481 6428 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:03:51.0481 6428 cdfs - ok
21:03:51.0544 6428 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
21:03:51.0559 6428 cdrom - ok
21:03:51.0606 6428 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:03:51.0606 6428 CertPropSvc - ok
21:03:51.0637 6428 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
21:03:51.0637 6428 circlass - ok
21:03:51.0700 6428 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:03:51.0731 6428 CLFS - ok
21:03:51.0824 6428 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:03:51.0824 6428 clr_optimization_v2.0.50727_32 - ok
21:03:51.0902 6428 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:03:51.0902 6428 clr_optimization_v2.0.50727_64 - ok
21:03:51.0980 6428 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:03:52.0012 6428 clr_optimization_v4.0.30319_32 - ok
21:03:52.0074 6428 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:03:52.0074 6428 clr_optimization_v4.0.30319_64 - ok
21:03:52.0121 6428 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:03:52.0121 6428 CmBatt - ok
21:03:52.0136 6428 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:03:52.0136 6428 cmdide - ok
21:03:52.0230 6428 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
21:03:52.0246 6428 CNG - ok
21:03:52.0277 6428 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
21:03:52.0277 6428 Compbatt - ok
21:03:52.0308 6428 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
21:03:52.0308 6428 CompositeBus - ok
21:03:52.0324 6428 COMSysApp - ok
21:03:52.0339 6428 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
21:03:52.0339 6428 crcdisk - ok
21:03:52.0386 6428 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
21:03:52.0402 6428 CryptSvc - ok
21:03:52.0464 6428 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:03:52.0480 6428 DcomLaunch - ok
21:03:52.0542 6428 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
21:03:52.0558 6428 defragsvc - ok
21:03:52.0604 6428 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:03:52.0604 6428 DfsC - ok
21:03:52.0682 6428 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
21:03:52.0682 6428 Dhcp - ok
21:03:52.0729 6428 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:03:52.0729 6428 discache - ok
21:03:52.0760 6428 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
21:03:52.0760 6428 Disk - ok
21:03:52.0792 6428 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
21:03:52.0807 6428 Dnscache - ok
21:03:52.0838 6428 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
21:03:52.0854 6428 dot3svc - ok
21:03:52.0901 6428 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
21:03:52.0901 6428 DPS - ok
21:03:52.0994 6428 DragonSvc (f7bda38afbda04f0a89deba767eeda79) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
21:03:53.0010 6428 DragonSvc - ok
21:03:53.0026 6428 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:03:53.0026 6428 drmkaud - ok
21:03:53.0104 6428 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
21:03:53.0119 6428 dtsoftbus01 - ok
21:03:53.0213 6428 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:03:53.0244 6428 DXGKrnl - ok
21:03:53.0275 6428 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
21:03:53.0275 6428 EapHost - ok
21:03:53.0494 6428 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
21:03:53.0603 6428 ebdrv - ok
21:03:53.0790 6428 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
21:03:53.0790 6428 EFS - ok
21:03:53.0915 6428 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
21:03:53.0930 6428 ehRecvr - ok
21:03:53.0962 6428 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
21:03:53.0977 6428 ehSched - ok
21:03:54.0086 6428 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
21:03:54.0118 6428 elxstor - ok
21:03:54.0118 6428 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:03:54.0118 6428 ErrDev - ok
21:03:54.0196 6428 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
21:03:54.0196 6428 EventSystem - ok
21:03:54.0258 6428 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:03:54.0274 6428 exfat - ok
21:03:54.0305 6428 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:03:54.0320 6428 fastfat - ok
21:03:54.0398 6428 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
21:03:54.0414 6428 Fax - ok
21:03:54.0430 6428 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
21:03:54.0430 6428 fdc - ok
21:03:54.0445 6428 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
21:03:54.0445 6428 fdPHost - ok
21:03:54.0461 6428 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
21:03:54.0461 6428 FDResPub - ok
21:03:54.0492 6428 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:03:54.0492 6428 FileInfo - ok
21:03:54.0508 6428 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:03:54.0508 6428 Filetrace - ok
21:03:54.0617 6428 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
21:03:54.0648 6428 FLEXnet Licensing Service - ok
21:03:54.0679 6428 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
21:03:54.0679 6428 flpydisk - ok
21:03:54.0710 6428 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:03:54.0726 6428 FltMgr - ok
21:03:54.0851 6428 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
21:03:54.0898 6428 FontCache - ok
21:03:54.0991 6428 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:03:54.0991 6428 FontCache3.0.0.0 - ok
21:03:55.0069 6428 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:03:55.0069 6428 FsDepends - ok
21:03:55.0132 6428 fssfltr (dc0dce4ec2c5d2cf6472f9fd6aa9a7dc) C:\Windows\system32\DRIVERS\fssfltr.sys
21:03:55.0132 6428 fssfltr - ok
21:03:55.0334 6428 fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
21:03:55.0397 6428 fsssvc - ok
21:03:55.0553 6428 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
21:03:55.0568 6428 Fs_Rec - ok
21:03:55.0615 6428 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:03:55.0631 6428 fvevol - ok
21:03:55.0678 6428 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
21:03:55.0678 6428 gagp30kx - ok
21:03:55.0724 6428 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:03:55.0724 6428 GEARAspiWDM - ok
21:03:55.0818 6428 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
21:03:55.0834 6428 gpsvc - ok
21:03:55.0896 6428 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
21:03:55.0912 6428 gusvc - ok
21:03:55.0943 6428 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:03:55.0943 6428 hcw85cir - ok
21:03:56.0005 6428 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:03:56.0021 6428 HdAudAddService - ok
21:03:56.0068 6428 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:03:56.0083 6428 HDAudBus - ok
21:03:56.0099 6428 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
21:03:56.0114 6428 HidBatt - ok
21:03:56.0130 6428 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
21:03:56.0130 6428 HidBth - ok
21:03:56.0146 6428 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
21:03:56.0146 6428 HidIr - ok
21:03:56.0177 6428 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
21:03:56.0177 6428 hidserv - ok
21:03:56.0208 6428 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
21:03:56.0208 6428 HidUsb - ok
21:03:56.0255 6428 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
21:03:56.0255 6428 hkmsvc - ok
21:03:56.0302 6428 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
21:03:56.0317 6428 HomeGroupListener - ok
21:03:56.0364 6428 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
21:03:56.0380 6428 HomeGroupProvider - ok
21:03:56.0426 6428 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:03:56.0426 6428 HpSAMD - ok
21:03:56.0504 6428 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:03:56.0536 6428 HTTP - ok
21:03:56.0551 6428 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:03:56.0551 6428 hwpolicy - ok
21:03:56.0567 6428 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
21:03:56.0582 6428 i8042prt - ok
21:03:56.0660 6428 iaStor (26cf4275034214ecedd8ec17b0a18a99) C:\Windows\system32\DRIVERS\iaStor.sys
21:03:56.0660 6428 iaStor - ok
21:03:56.0707 6428 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:03:56.0723 6428 iaStorV - ok
21:03:56.0879 6428 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:03:56.0894 6428 idsvc - ok
21:03:57.0550 6428 igfx (0089b53f1befd34b7d8ca4ab021335fa) C:\Windows\system32\DRIVERS\igdkmd64.sys
21:03:57.0799 6428 igfx - ok
21:03:57.0971 6428 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
21:03:57.0971 6428 iirsp - ok
21:03:58.0080 6428 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
21:03:58.0096 6428 IKEEXT - ok
21:03:58.0345 6428 IntcAzAudAddService (651972b4061f940dc154c6f7b948b76a) C:\Windows\system32\drivers\RTKVHD64.sys
21:03:58.0439 6428 IntcAzAudAddService - ok
21:03:58.0626 6428 IntcDAud (ae594cc17c33ac146739494615e14851) C:\Windows\system32\DRIVERS\IntcDAud.sys
21:03:58.0626 6428 IntcDAud - ok
21:03:58.0673 6428 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:03:58.0673 6428 intelide - ok
21:03:58.0720 6428 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:03:58.0720 6428 intelppm - ok
21:03:58.0813 6428 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
21:03:58.0813 6428 IntuitUpdateServiceV4 - ok
21:03:58.0860 6428 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
21:03:58.0891 6428 IPBusEnum - ok
21:03:58.0922 6428 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:03:58.0922 6428 IpFilterDriver - ok
21:03:59.0016 6428 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
21:03:59.0032 6428 iphlpsvc - ok
21:03:59.0063 6428 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:03:59.0063 6428 IPMIDRV - ok
21:03:59.0125 6428 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:03:59.0141 6428 IPNAT - ok
21:03:59.0266 6428 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
21:03:59.0297 6428 iPod Service - ok
21:03:59.0328 6428 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:03:59.0328 6428 IRENUM - ok
21:03:59.0328 6428 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:03:59.0328 6428 isapnp - ok
21:03:59.0375 6428 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:03:59.0390 6428 iScsiPrt - ok
21:03:59.0422 6428 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:03:59.0422 6428 kbdclass - ok
21:03:59.0453 6428 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
21:03:59.0453 6428 kbdhid - ok
21:03:59.0484 6428 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
21:03:59.0484 6428 kbfiltr - ok
21:03:59.0531 6428 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:03:59.0546 6428 KeyIso - ok
21:03:59.0593 6428 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
21:03:59.0593 6428 KSecDD - ok
21:03:59.0656 6428 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
21:03:59.0656 6428 KSecPkg - ok
21:03:59.0702 6428 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:03:59.0702 6428 ksthunk - ok
21:03:59.0780 6428 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
21:03:59.0827 6428 KtmRm - ok
21:03:59.0874 6428 L1C (a4a9ca24e54e81c6c3e469eaeb4b3f42) C:\Windows\system32\DRIVERS\L1C62x64.sys
21:03:59.0890 6428 L1C - ok
21:03:59.0952 6428 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
21:03:59.0968 6428 LanmanServer - ok
21:04:00.0030 6428 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
21:04:00.0030 6428 LanmanWorkstation - ok
21:04:00.0077 6428 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:04:00.0077 6428 lltdio - ok
21:04:00.0139 6428 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
21:04:00.0139 6428 lltdsvc - ok
21:04:00.0186 6428 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
21:04:00.0186 6428 lmhosts - ok
21:04:00.0326 6428 LMIGuardianSvc (98b0fcc176dfb711b67651becb88c445) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
21:04:00.0326 6428 LMIGuardianSvc - ok
21:04:00.0358 6428 LMIInfo (0317335b15ff3bda8e10197e3434cfc0) C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
21:04:00.0358 6428 LMIInfo - ok
21:04:00.0404 6428 LMIMaint (b712511029cbd68645a90a241fd6ae43) C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
21:04:00.0404 6428 LMIMaint - ok
21:04:00.0420 6428 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
21:04:00.0420 6428 lmimirr - ok
21:04:00.0436 6428 LMIRfsClientNP - ok
21:04:00.0467 6428 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
21:04:00.0467 6428 LMIRfsDriver - ok
21:04:00.0560 6428 LMS (7f32d4c47a50e7223491e8fb9359907d) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
21:04:00.0560 6428 LMS - ok
21:04:00.0623 6428 LogMeIn (d3760bc17e1755091b7120cf32dbf56b) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
21:04:00.0623 6428 LogMeIn - ok
21:04:00.0670 6428 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
21:04:00.0701 6428 LSI_FC - ok
21:04:00.0716 6428 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
21:04:00.0716 6428 LSI_SAS - ok
21:04:00.0732 6428 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
21:04:00.0732 6428 LSI_SAS2 - ok
21:04:00.0748 6428 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
21:04:00.0763 6428 LSI_SCSI - ok
21:04:00.0794 6428 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:04:00.0826 6428 luafv - ok
21:04:00.0857 6428 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
21:04:00.0888 6428 Mcx2Svc - ok
21:04:00.0888 6428 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
21:04:00.0888 6428 megasas - ok
21:04:00.0935 6428 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
21:04:00.0950 6428 MegaSR - ok
21:04:00.0982 6428 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
21:04:00.0982 6428 MEIx64 - ok
21:04:01.0091 6428 Microsoft SharePoint Workspace Audit Service - ok
21:04:01.0138 6428 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:04:01.0138 6428 MMCSS - ok
21:04:01.0169 6428 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:04:01.0169 6428 Modem - ok
21:04:01.0200 6428 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:04:01.0200 6428 monitor - ok
21:04:01.0247 6428 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:04:01.0247 6428 mouclass - ok
21:04:01.0294 6428 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:04:01.0294 6428 mouhid - ok
21:04:01.0325 6428 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:04:01.0325 6428 mountmgr - ok
21:04:01.0387 6428 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:04:01.0403 6428 MozillaMaintenance - ok
21:04:01.0512 6428 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
21:04:01.0528 6428 MpFilter - ok
21:04:01.0574 6428 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:04:01.0621 6428 mpio - ok
21:04:01.0652 6428 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:04:01.0652 6428 mpsdrv - ok
21:04:01.0777 6428 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
21:04:01.0808 6428 MpsSvc - ok
21:04:01.0824 6428 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:04:01.0824 6428 MRxDAV - ok
21:04:01.0855 6428 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:04:01.0855 6428 mrxsmb - ok
21:04:01.0886 6428 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:04:01.0886 6428 mrxsmb10 - ok
21:04:01.0902 6428 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:04:01.0902 6428 mrxsmb20 - ok
21:04:01.0918 6428 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:04:01.0918 6428 msahci - ok
21:04:01.0949 6428 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:04:01.0964 6428 msdsm - ok
21:04:01.0996 6428 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
21:04:02.0011 6428 MSDTC - ok
21:04:02.0042 6428 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:04:02.0042 6428 Msfs - ok
21:04:02.0074 6428 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:04:02.0074 6428 mshidkmdf - ok
21:04:02.0105 6428 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:04:02.0105 6428 msisadrv - ok
21:04:02.0152 6428 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
21:04:02.0167 6428 MSiSCSI - ok
21:04:02.0167 6428 msiserver - ok
21:04:02.0198 6428 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:04:02.0198 6428 MSKSSRV - ok
21:04:02.0308 6428 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) C:\Program Files\Microsoft Security Client\MsMpEng.exe
21:04:02.0308 6428 MsMpSvc - ok
21:04:02.0323 6428 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:04:02.0323 6428 MSPCLOCK - ok
21:04:02.0339 6428 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:04:02.0339 6428 MSPQM - ok
21:04:02.0386 6428 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:04:02.0401 6428 MsRPC - ok
21:04:02.0432 6428 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
21:04:02.0432 6428 mssmbios - ok
21:04:02.0448 6428 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:04:02.0448 6428 MSTEE - ok
21:04:02.0464 6428 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
21:04:02.0464 6428 MTConfig - ok
21:04:02.0479 6428 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:04:02.0479 6428 Mup - ok
21:04:02.0542 6428 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
21:04:02.0557 6428 napagent - ok
21:04:02.0620 6428 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:04:02.0620 6428 NativeWifiP - ok
21:04:02.0729 6428 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
21:04:02.0760 6428 NDIS - ok
21:04:02.0791 6428 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:04:02.0791 6428 NdisCap - ok
21:04:02.0807 6428 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:04:02.0822 6428 NdisTapi - ok
21:04:02.0854 6428 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:04:02.0854 6428 Ndisuio - ok
21:04:02.0885 6428 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:04:02.0900 6428 NdisWan - ok
21:04:02.0916 6428 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:04:02.0916 6428 NDProxy - ok
21:04:02.0932 6428 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:04:02.0932 6428 NetBIOS - ok
21:04:02.0963 6428 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:04:02.0963 6428 NetBT - ok
21:04:03.0010 6428 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:04:03.0010 6428 Netlogon - ok
21:04:03.0088 6428 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
21:04:03.0103 6428 Netman - ok
21:04:03.0197 6428 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:04:03.0228 6428 NetMsmqActivator - ok
21:04:03.0228 6428 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:04:03.0228 6428 NetPipeActivator - ok
21:04:03.0306 6428 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
21:04:03.0322 6428 netprofm - ok
21:04:03.0478 6428 netr28ux (eed1fbde98cf5f6d5c0c5b27ab1f68ec) C:\Windows\system32\DRIVERS\netr28ux.sys
21:04:03.0509 6428 netr28ux - ok
21:04:03.0680 6428 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:04:03.0696 6428 NetTcpActivator - ok
21:04:03.0696 6428 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:04:03.0712 6428 NetTcpPortSharing - ok
21:04:03.0868 6428 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
21:04:03.0868 6428 nfrd960 - ok
21:04:03.0961 6428 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
21:04:03.0961 6428 NisDrv - ok
21:04:04.0180 6428 NisSrv (10a43829a9e606af3eef25a1c1665923) C:\Program Files\Microsoft Security Client\NisSrv.exe
21:04:04.0180 6428 NisSrv - ok
21:04:04.0258 6428 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
21:04:04.0304 6428 NlaSvc - ok
21:04:04.0351 6428 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:04:04.0351 6428 Npfs - ok
21:04:04.0367 6428 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
21:04:04.0382 6428 nsi - ok
21:04:04.0398 6428 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:04:04.0398 6428 nsiproxy - ok
21:04:04.0585 6428 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:04:04.0632 6428 Ntfs - ok
21:04:04.0835 6428 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:04:04.0835 6428 Null - ok
21:04:04.0882 6428 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:04:04.0882 6428 nvraid - ok
21:04:04.0897 6428 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:04:04.0913 6428 nvstor - ok
21:04:04.0928 6428 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:04:04.0928 6428 nv_agp - ok
21:04:04.0944 6428 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:04:04.0944 6428 ohci1394 - ok
21:04:05.0038 6428 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:04:05.0053 6428 ose - ok
21:04:05.0412 6428 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:04:05.0537 6428 osppsvc - ok
21:04:05.0802 6428 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:04:05.0802 6428 p2pimsvc - ok
21:04:05.0880 6428 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
21:04:05.0896 6428 p2psvc - ok
21:04:05.0958 6428 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
21:04:05.0958 6428 Parport - ok
21:04:05.0989 6428 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
21:04:05.0989 6428 partmgr - ok
21:04:06.0020 6428 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
21:04:06.0020 6428 PcaSvc - ok
21:04:06.0052 6428 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:04:06.0067 6428 pci - ok
21:04:06.0098 6428 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:04:06.0098 6428 pciide - ok
21:04:06.0130 6428 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
21:04:06.0145 6428 pcmcia - ok
21:04:06.0176 6428 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:04:06.0176 6428 pcw - ok
21:04:06.0239 6428 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:04:06.0270 6428 PEAUTH - ok
21:04:06.0348 6428 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
21:04:06.0364 6428 PerfHost - ok
21:04:06.0520 6428 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
21:04:06.0566 6428 pla - ok
21:04:06.0707 6428 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
21:04:06.0707 6428 PlugPlay - ok
21:04:06.0738 6428 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
21:04:06.0754 6428 PNRPAutoReg - ok
21:04:06.0925 6428 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:04:06.0925 6428 PNRPsvc - ok
21:04:07.0066 6428 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
21:04:07.0066 6428 PolicyAgent - ok
21:04:07.0112 6428 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
21:04:07.0112 6428 Power - ok
21:04:07.0190 6428 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:04:07.0222 6428 PptpMiniport - ok
21:04:07.0237 6428 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
21:04:07.0237 6428 Processor - ok
21:04:07.0300 6428 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
21:04:07.0300 6428 ProfSvc - ok
21:04:07.0331 6428 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:04:07.0346 6428 ProtectedStorage - ok
21:04:07.0378 6428 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:04:07.0393 6428 Psched - ok
21:04:07.0518 6428 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
21:04:07.0565 6428 ql2300 - ok
21:04:07.0752 6428 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
21:04:07.0768 6428 ql40xx - ok
21:04:07.0814 6428 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
21:04:07.0830 6428 QWAVE - ok
21:04:07.0846 6428 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:04:07.0861 6428 QWAVEdrv - ok
21:04:07.0861 6428 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:04:07.0861 6428 RasAcd - ok
21:04:07.0908 6428 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:04:07.0924 6428 RasAgileVpn - ok
21:04:07.0939 6428 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
21:04:07.0939 6428 RasAuto - ok
21:04:07.0970 6428 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:04:07.0986 6428 Rasl2tp - ok
21:04:08.0033 6428 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
21:04:08.0048 6428 RasMan - ok
21:04:08.0080 6428 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:04:08.0095 6428 RasPppoe - ok
21:04:08.0142 6428 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:04:08.0142 6428 RasSstp - ok
21:04:08.0173 6428 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:04:08.0173 6428 rdbss - ok
21:04:08.0173 6428 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
21:04:08.0189 6428 rdpbus - ok
21:04:08.0204 6428 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:04:08.0204 6428 RDPCDD - ok
21:04:08.0220 6428 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:04:08.0220 6428 RDPENCDD - ok
21:04:08.0236 6428 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:04:08.0236 6428 RDPREFMP - ok
21:04:08.0282 6428 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
21:04:08.0298 6428 RDPWD - ok
21:04:08.0329 6428 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:04:08.0329 6428 rdyboost - ok
21:04:08.0392 6428 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
21:04:08.0407 6428 RemoteAccess - ok
21:04:08.0470 6428 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
21:04:08.0485 6428 RemoteRegistry - ok
21:04:08.0532 6428 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
21:04:08.0532 6428 RFCOMM - ok
21:04:08.0563 6428 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
21:04:08.0563 6428 RpcEptMapper - ok
21:04:08.0610 6428 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
21:04:08.0610 6428 RpcLocator - ok
21:04:08.0672 6428 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:04:08.0672 6428 RpcSs - ok
21:04:08.0719 6428 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:04:08.0735 6428 rspndr - ok
21:04:08.0750 6428 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:04:08.0766 6428 SamSs - ok
21:04:08.0782 6428 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:04:08.0782 6428 sbp2port - ok
21:04:08.0813 6428 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
21:04:08.0828 6428 SCardSvr - ok
21:04:08.0891 6428 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:04:08.0891 6428 scfilter - ok
21:04:09.0000 6428 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
21:04:09.0031 6428 Schedule - ok
21:04:09.0078 6428 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:04:09.0078 6428 SCPolicySvc - ok
21:04:09.0109 6428 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
21:04:09.0109 6428 SDRSVC - ok
21:04:09.0187 6428 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:04:09.0187 6428 secdrv - ok
21:04:09.0203 6428 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
21:04:09.0218 6428 seclogon - ok
21:04:09.0234 6428 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
21:04:09.0234 6428 SENS - ok
21:04:09.0250 6428 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
21:04:09.0250 6428 SensrSvc - ok
21:04:09.0265 6428 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
21:04:09.0281 6428 Serenum - ok
21:04:09.0296 6428 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
21:04:09.0296 6428 Serial - ok
21:04:09.0312 6428 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
21:04:09.0312 6428 sermouse - ok
21:04:09.0359 6428 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
21:04:09.0359 6428 SessionEnv - ok
21:04:09.0406 6428 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:04:09.0406 6428 sffdisk - ok
21:04:09.0406 6428 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:04:09.0406 6428 sffp_mmc - ok
21:04:09.0421 6428 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:04:09.0421 6428 sffp_sd - ok
21:04:09.0421 6428 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
21:04:09.0421 6428 sfloppy - ok
21:04:09.0749 6428 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
21:04:09.0764 6428 SharedAccess - ok
21:04:09.0874 6428 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
21:04:09.0889 6428 ShellHWDetection - ok
21:04:10.0014 6428 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
21:04:10.0045 6428 SiSGbeLH - ok
21:04:10.0061 6428 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
21:04:10.0061 6428 SiSRaid2 - ok
21:04:10.0092 6428 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
21:04:10.0092 6428 SiSRaid4 - ok
21:04:10.0108 6428 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:04:10.0108 6428 Smb - ok
21:04:10.0186 6428 snapman (b2c19ae46c5a109679b4fb38058df05a) C:\Windows\system32\DRIVERS\snapman.sys
21:04:10.0217 6428 snapman - ok
21:04:10.0279 6428 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
21:04:10.0279 6428 SNMPTRAP - ok
21:04:10.0310 6428 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:04:10.0310 6428 spldr - ok
21:04:10.0357 6428 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
21:04:10.0373 6428 Spooler - ok
21:04:10.0669 6428 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
21:04:10.0778 6428 sppsvc - ok
21:04:10.0903 6428 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
21:04:10.0903 6428 sppuinotify - ok
21:04:10.0966 6428 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:04:10.0981 6428 srv - ok
21:04:11.0012 6428 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:04:11.0012 6428 srv2 - ok
21:04:11.0028 6428 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:04:11.0044 6428 srvnet - ok
21:04:11.0090 6428 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
21:04:11.0106 6428 SSDPSRV - ok
21:04:11.0106 6428 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
21:04:11.0106 6428 SstpSvc - ok
21:04:11.0137 6428 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
21:04:11.0137 6428 stexstor - ok
21:04:11.0215 6428 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
21:04:11.0231 6428 stisvc - ok
21:04:11.0246 6428 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
21:04:11.0246 6428 swenum - ok
21:04:11.0309 6428 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
21:04:11.0324 6428 swprv - ok
21:04:11.0496 6428 SynTP (7e8902f9929a5d9ffd0f545332ce0f10) C:\Windows\system32\DRIVERS\SynTP.sys
21:04:11.0543 6428 SynTP - ok
21:04:11.0870 6428 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
21:04:11.0917 6428 SysMain - ok
21:04:11.0980 6428 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
21:04:11.0995 6428 TabletInputService - ok
21:04:12.0026 6428 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
21:04:12.0042 6428 TapiSrv - ok
21:04:12.0058 6428 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
21:04:12.0058 6428 TBS - ok
21:04:12.0276 6428 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
21:04:12.0323 6428 Tcpip - ok
21:04:12.0588 6428 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
21:04:12.0619 6428 TCPIP6 - ok
21:04:12.0728 6428 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:04:12.0728 6428 tcpipreg - ok
21:04:12.0760 6428 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:04:12.0760 6428 TDPIPE - ok
21:04:12.0900 6428 tdrpman273 (99527d49ee0a96fc25537c61b270a372) C:\Windows\system32\DRIVERS\tdrpm273.sys
21:04:12.0931 6428 tdrpman273 - ok
21:04:12.0978 6428 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
21:04:12.0978 6428 TDTCP - ok
21:04:13.0009 6428 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:04:13.0040 6428 tdx - ok
21:04:13.0056 6428 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
21:04:13.0056 6428 TermDD - ok
21:04:13.0150 6428 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
21:04:13.0165 6428 TermService - ok
21:04:13.0196 6428 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
21:04:13.0196 6428 Themes - ok
21:04:13.0243 6428 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:04:13.0243 6428 THREADORDER - ok
21:04:13.0352 6428 timounter (ebbaea02f0095a798000c7e06b16d41b) C:\Windows\system32\DRIVERS\timntr.sys
21:04:13.0384 6428 timounter - ok
21:04:13.0415 6428 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys
21:04:13.0415 6428 TPM - ok
21:04:13.0430 6428 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
21:04:13.0462 6428 TrkWks - ok
21:04:13.0540 6428 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
21:04:13.0540 6428 TrustedInstaller - ok
21:04:13.0602 6428 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:04:13.0602 6428 tssecsrv - ok
21:04:13.0618 6428 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:04:13.0618 6428 TsUsbFlt - ok
21:04:13.0633 6428 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
21:04:13.0633 6428 TsUsbGD - ok
21:04:13.0664 6428 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:04:13.0696 6428 tunnel - ok
21:04:13.0711 6428 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
21:04:13.0711 6428 uagp35 - ok
21:04:13.0758 6428 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:04:13.0789 6428 udfs - ok
21:04:13.0820 6428 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
21:04:13.0836 6428 UI0Detect - ok
21:04:13.0852 6428 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:04:13.0852 6428 uliagpkx - ok
21:04:13.0883 6428 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
21:04:13.0883 6428 umbus - ok
21:04:13.0898 6428 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
21:04:13.0898 6428 UmPass - ok
21:04:14.0195 6428 UNS (2c16648a12999ae69a9ebf41974b0ba2) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
21:04:14.0273 6428 UNS - ok
21:04:14.0460 6428 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
21:04:14.0460 6428 upnphost - ok
21:04:14.0522 6428 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
21:04:14.0522 6428 USBAAPL64 - ok
21:04:14.0569 6428 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:04:14.0569 6428 usbccgp - ok
21:04:14.0632 6428 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:04:14.0632 6428 usbcir - ok
21:04:14.0647 6428 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
21:04:14.0647 6428 usbehci - ok
21:04:14.0741 6428 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:04:14.0772 6428 usbhub - ok
21:04:14.0850 6428 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
21:04:14.0850 6428 usbohci - ok
21:04:14.0866 6428 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
21:04:14.0866 6428 usbprint - ok
21:04:14.0897 6428 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:04:14.0897 6428 USBSTOR - ok
21:04:14.0897 6428 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
21:04:14.0912 6428 usbuhci - ok
21:04:14.0944 6428 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
21:04:14.0959 6428 usbvideo - ok
21:04:14.0975 6428 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
21:04:14.0990 6428 UxSms - ok
21:04:15.0022 6428 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:04:15.0022 6428 VaultSvc - ok
21:04:15.0053 6428 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:04:15.0053 6428 vdrvroot - ok
21:04:15.0115 6428 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
21:04:15.0131 6428 vds - ok
21:04:15.0162 6428 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:04:15.0162 6428 vga - ok
21:04:15.0178 6428 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:04:15.0178 6428 VgaSave - ok
21:04:15.0209 6428 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:04:15.0224 6428 vhdmp - ok
21:04:15.0240 6428 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:04:15.0240 6428 viaide - ok
21:04:15.0271 6428 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:04:15.0271 6428 volmgr - ok
21:04:15.0318 6428 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:04:15.0318 6428 volmgrx - ok
21:04:15.0349 6428 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\Windows\system32\drivers\volsnap.sys
21:04:15.0365 6428 volsnap - ok
21:04:15.0412 6428 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
21:04:15.0412 6428 vsmraid - ok
21:04:15.0614 6428 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
21:04:15.0708 6428 VSS - ok
21:04:15.0864 6428 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
21:04:15.0880 6428 vwifibus - ok
21:04:15.0895 6428 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:04:15.0895 6428 vwififlt - ok
21:04:15.0942 6428 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
21:04:15.0958 6428 W32Time - ok
21:04:15.0989 6428 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
21:04:15.0989 6428 WacomPen - ok
21:04:16.0020 6428 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:04:16.0020 6428 WANARP - ok
21:04:16.0036 6428 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:04:16.0036 6428 Wanarpv6 - ok
21:04:16.0192 6428 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
21:04:16.0238 6428 WatAdminSvc - ok
21:04:16.0363 6428 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
21:04:16.0410 6428 wbengine - ok
21:04:16.0566 6428 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
21:04:16.0582 6428 WbioSrvc - ok
21:04:16.0613 6428 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
21:04:16.0628 6428 wcncsvc - ok
21:04:16.0660 6428 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
21:04:16.0660 6428 WcsPlugInService - ok
21:04:16.0706 6428 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
21:04:16.0722 6428 Wd - ok
21:04:16.0784 6428 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:04:16.0800 6428 Wdf01000 - ok
21:04:16.0831 6428 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:04:16.0847 6428 WdiServiceHost - ok
21:04:16.0847 6428 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:04:16.0847 6428 WdiSystemHost - ok
21:04:16.0878 6428 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
21:04:16.0878 6428 WebClient - ok
21:04:16.0909 6428 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
21:04:16.0925 6428 Wecsvc - ok
21:04:16.0925 6428 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
21:04:16.0925 6428 wercplsupport - ok
21:04:16.0972 6428 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
21:04:16.0972 6428 WerSvc - ok
21:04:17.0050 6428 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:04:17.0065 6428 WfpLwf - ok
21:04:17.0128 6428 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
21:04:17.0128 6428 WimFltr - ok
21:04:17.0143 6428 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:04:17.0143 6428 WIMMount - ok
21:04:17.0206 6428 WinDefend - ok
21:04:17.0221 6428 WinHttpAutoProxySvc - ok
21:04:17.0299 6428 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
21:04:17.0299 6428 Winmgmt - ok
21:04:17.0486 6428 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
21:04:17.0549 6428 WinRM - ok
21:04:17.0736 6428 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
21:04:17.0736 6428 WinUsb - ok
21:04:17.0845 6428 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
21:04:17.0861 6428 Wlansvc - ok
21:04:17.0954 6428 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
21:04:17.0954 6428 wlcrasvc - ok
21:04:18.0173 6428 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:04:18.0235 6428 wlidsvc - ok
21:04:18.0407 6428 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:04:18.0407 6428 WmiAcpi - ok
21:04:18.0469 6428 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
21:04:18.0500 6428 wmiApSrv - ok
21:04:18.0532 6428 WMPNetworkSvc - ok
21:04:18.0563 6428 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
21:04:18.0578 6428 WPCSvc - ok
21:04:18.0610 6428 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
21:04:18.0610 6428 WPDBusEnum - ok
21:04:18.0641 6428 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:04:18.0641 6428 ws2ifsl - ok
21:04:18.0688 6428 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
21:04:18.0703 6428 wscsvc - ok
21:04:18.0703 6428 WSearch - ok
21:04:18.0937 6428 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
21:04:19.0015 6428 wuauserv - ok
21:04:19.0187 6428 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:04:19.0202 6428 WudfPf - ok
21:04:19.0265 6428 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:04:19.0296 6428 WUDFRd - ok
21:04:19.0327 6428 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
21:04:19.0327 6428 wudfsvc - ok
21:04:19.0358 6428 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
21:04:19.0374 6428 WwanSvc - ok
21:04:19.0421 6428 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:04:19.0733 6428 \Device\Harddisk0\DR0 - ok
21:04:19.0733 6428 Boot (0x1200) (e14a76216885b5f2297461fd64106ebf) \Device\Harddisk0\DR0\Partition0
21:04:19.0748 6428 \Device\Harddisk0\DR0\Partition0 - ok
21:04:19.0764 6428 Boot (0x1200) (60be20816a7b037719c2529439d338b2) \Device\Harddisk0\DR0\Partition1
21:04:19.0764 6428 \Device\Harddisk0\DR0\Partition1 - ok
21:04:19.0764 6428 ============================================================
21:04:19.0764 6428 Scan finished
21:04:19.0764 6428 ============================================================
21:04:19.0795 6088 Detected object count: 0
21:04:19.0795 6088 Actual detected object count: 0

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-07 21:04:39
-----------------------------
21:04:39.919 OS Version: Windows x64 6.1.7601 Service Pack 1
21:04:39.919 Number of processors: 4 586 0x2A07
21:04:39.919 ComputerName: FAMILY-PC UserName: FAMILY
21:04:40.668 Initialize success
21:04:50.122 AVAST engine defs: 12080601
21:05:01.510 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:05:01.510 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
21:05:01.525 Disk 0 MBR read successfully
21:05:01.525 Disk 0 MBR scan
21:05:01.603 Disk 0 Windows 7 default MBR code
21:05:01.619 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 25600 MB offset 2048
21:05:01.634 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 122098 MB offset 52430848
21:05:01.681 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 157545 MB offset 302487552
21:05:01.790 Disk 0 scanning C:\Windows\system32\drivers
21:05:14.411 Service scanning
21:05:47.187 Modules scanning
21:05:47.202 Disk 0 trace - called modules:
21:05:47.233 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
21:05:47.249 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007059060]
21:05:47.265 3 CLASSPNP.SYS[fffff880019b543f] -> nt!IofCallDriver -> [0xfffffa8004ba8550]
21:05:47.265 5 ACPI.sys[fffff88000f937a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004bac050]
21:05:48.310 AVAST engine scan C:\Windows
21:05:53.520 AVAST engine scan C:\Windows\system32
21:10:40.483 AVAST engine scan C:\Windows\system32\drivers
21:10:52.604 AVAST engine scan C:\Users\FAMILY
21:14:01.224 File: C:\Users\FAMILY\AppData\Local\{3c42eb88-3e76-c42f-e757-e3ec8d556822}\U\00000001.@ **INFECTED** Win32:Malware-gen
21:15:38.584 Disk 0 MBR has been saved successfully to "C:\Users\FAMILY\Desktop\MBR.dat"
21:15:38.584 The log file has been saved successfully to "C:\Users\FAMILY\Desktop\aswMBR.txt"





aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-07 21:04:39
-----------------------------
21:04:39.919 OS Version: Windows x64 6.1.7601 Service Pack 1
21:04:39.919 Number of processors: 4 586 0x2A07
21:04:39.919 ComputerName: FAMILY-PC UserName: FAMILY
21:04:40.668 Initialize success
21:04:50.122 AVAST engine defs: 12080601
21:05:01.510 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:05:01.510 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
21:05:01.525 Disk 0 MBR read successfully
21:05:01.525 Disk 0 MBR scan
21:05:01.603 Disk 0 Windows 7 default MBR code
21:05:01.619 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 25600 MB offset 2048
21:05:01.634 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 122098 MB offset 52430848
21:05:01.681 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 157545 MB offset 302487552
21:05:01.790 Disk 0 scanning C:\Windows\system32\drivers
21:05:14.411 Service scanning
21:05:47.187 Modules scanning
21:05:47.202 Disk 0 trace - called modules:
21:05:47.233 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
21:05:47.249 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007059060]
21:05:47.265 3 CLASSPNP.SYS[fffff880019b543f] -> nt!IofCallDriver -> [0xfffffa8004ba8550]
21:05:47.265 5 ACPI.sys[fffff88000f937a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004bac050]
21:05:48.310 AVAST engine scan C:\Windows
21:05:53.520 AVAST engine scan C:\Windows\system32
21:10:40.483 AVAST engine scan C:\Windows\system32\drivers
21:10:52.604 AVAST engine scan C:\Users\FAMILY
21:14:01.224 File: C:\Users\FAMILY\AppData\Local\{3c42eb88-3e76-c42f-e757-e3ec8d556822}\U\00000001.@ **INFECTED** Win32:Malware-gen
21:15:38.584 Disk 0 MBR has been saved successfully to "C:\Users\FAMILY\Desktop\MBR.dat"
21:15:38.584 The log file has been saved successfully to "C:\Users\FAMILY\Desktop\aswMBR.txt"
21:19:58.837 AVAST engine scan C:\ProgramData
21:23:01.950 Scan finished successfully
05:01:37.589 Disk 0 MBR has been saved successfully to "C:\Users\FAMILY\Desktop\MBR.dat"
05:01:37.652 The log file has been saved successfully to "C:\Users\FAMILY\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:04 AM

Posted 08 August 2012 - 10:32 AM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.

[*]First Press the Scan button.
[*]It will make a log (FRST.txt)

[*]Second Type the following in the edit box after "Search:". services.exe
[*]Click the Search button
[*]It will make a log (Search.txt)
[/list]
I want you to poste Both the FRST.txt report and the Search.txt into your reply to me

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 geeknurse

geeknurse
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 08 August 2012 - 05:43 PM

Scan result of Farbar Recovery Scan Tool Version: 08-08-2012 02
Ran by SYSTEM at 08-08-2012 18:32:56
Running from D:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2785064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)
HKLM\...\Run: [SynAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 [2277480 2011-08-15] (Realtek Semiconductor)
HKLM\...\Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [390736 2010-09-07] (Acronis)
HKLM\...\Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" [57928 2011-09-16] (LogMeIn, Inc.)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [167704 2011-11-03] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [392472 2011-11-03] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [416024 2011-11-03] (Intel Corporation)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini" [371 2012-08-08] ()
HKLM-x32\...\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE" [3331312 2011-10-17] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S [737104 2011-07-29] (ecareme)
HKLM-x32\...\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [SAOB Monitor] C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe [2536440 2010-09-02] (Acronis)
HKLM-x32\...\Run: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [5479424 2010-09-07] (Acronis)
HKLM-x32\...\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-23] (CANON INC.)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [318080 2011-12-22] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174720 2011-10-24] (ASUS)
HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2319536 2011-10-18] (ASUS)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKLM-x32\...\Run: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini [329 2012-08-08] ()
HKU\FAMILY\...\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [222496 2009-05-05] (Acresso Corporation)
HKU\FAMILY\...\Run: [Spotify] "C:\Users\FAMILY\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart [7601880 2012-07-19] (Spotify Ltd)
HKU\FAMILY\...\Run: [Spotify Web Helper] "C:\Users\FAMILY\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1193176 2012-07-19] ()
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe ()
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Who Is On My Wifi.lnk
ShortcutTarget: Who Is On My Wifi.lnk -> C:\Program Files (x86)\IO3O LLC\Who Is On My Wifi\mywifi.exe ()

==================== Services (Whitelisted) ======

2 AcrSch2Svc; "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe" [1078968 2010-09-07] (Acronis)
2 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [3975088 2012-01-18] (Acronis)
2 ASLDRService; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [80512 2011-11-21] (ASUS)
2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-02-16] (ASUS)
2 ATKGFNEXSrv; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2011-11-21] (ASUS)
2 DragonSvc; C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [296808 2010-07-23] (Nuance Communications, Inc.)
2 LMIGuardianSvc; "C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe" [375208 2012-07-11] (LogMeIn, Inc.)
2 LMIMaint; "C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe" [147368 2012-07-11] (LogMeIn, Inc.)
2 LogMeIn; "C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe" [407424 2011-09-16] (LogMeIn, Inc.)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2656280 2010-12-20] (Intel Corporation)
3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]

========================== Drivers (Whitelisted) =============

3 afcdp; C:\Windows\System32\Drivers\afcdp.sys [279136 2012-01-18] (Acronis)
2 ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [15416 2009-07-02] (ASUS)
1 ATKWMIACPIIO_; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-09-07] (ASUS)
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-01-26] (DT Soft Ltd)
3 kbfiltr; C:\Windows\System32\Drivers\kbfiltr.sys [15416 2009-07-20] ( )
2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [15928 2011-09-16] (LogMeIn, Inc.)
3 lmimirr; C:\Windows\System32\Drivers\lmimirr.sys [11552 2011-09-16] (LogMeIn, Inc.)
2 LMIRfsDriver; C:\Windows\System32\Drivers\LMIRfsDriver.sys [72216 2011-09-16] (LogMeIn, Inc.)
3 netr28ux; C:\Windows\System32\Drivers\netr28ux.sys [1061888 2009-09-15] (Ralink Technology Corp.)
0 snapman; C:\Windows\System32\Drivers\snapman.sys [277088 2012-01-18] (Acronis)
0 tdrpman273; C:\Windows\System32\DRIVERS\tdrpm273.sys [1263200 2012-01-18] (Acronis)
0 timounter; C:\Windows\System32\DRIVERS\timntr.sys [970336 2012-01-18] (Acronis)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
4 LMIRfsClientNP; [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-08 18:32 - 2012-08-08 18:32 - 00000000 ____D C:\FRST
2012-08-07 17:15 - 2012-08-08 01:01 - 00004393 ____A C:\Users\FAMILY\Desktop\aswMBR.txt
2012-08-07 17:15 - 2012-08-08 01:01 - 00000512 ____A C:\Users\FAMILY\Desktop\MBR.dat
2012-08-07 17:04 - 2012-08-07 17:04 - 00065792 ____A C:\Users\FAMILY\Desktop\tddskiller.txt
2012-08-07 16:24 - 2012-08-07 16:24 - 00000000 ____D C:\Program Files (x86)\Oracle
2012-08-07 16:23 - 2012-07-05 18:06 - 00227760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-08-07 16:23 - 2012-06-26 21:43 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-08-07 16:23 - 2012-06-26 21:43 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-08-07 16:22 - 2012-08-07 16:23 - 00002954 ____A C:\Windows\SysWOW64\jupdate-1.7.0_05-b06.log
2012-08-07 16:22 - 2012-08-07 16:22 - 00000000 ____D C:\Users\All Users\McAfee
2012-08-06 16:54 - 2012-08-06 16:55 - 00262144 ____A C:\Windows\Minidump\080612-33275-01.dmp
2012-08-06 16:32 - 2012-08-06 16:33 - 04731392 ____A (AVAST Software) C:\Users\FAMILY\Desktop\aswMBR.exe
2012-08-06 16:32 - 2012-08-06 16:32 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\FAMILY\Desktop\tdsskiller.exe
2012-08-06 12:32 - 2012-08-06 12:32 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-08-06 12:32 - 2012-08-06 12:32 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-08-06 11:02 - 2012-08-06 11:02 - 00027024 ____A C:\ComboFix.txt
2012-08-06 10:43 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-08-06 10:43 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-08-06 10:43 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-08-06 10:43 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-08-06 10:43 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-08-06 10:43 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-08-06 10:43 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-08-06 10:43 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-08-05 17:02 - 2012-08-05 17:02 - 00000000 ____D C:\Users\FAMILY\AppData\Local\TechSmith
2012-08-05 17:01 - 2012-08-05 17:01 - 00000000 ____D C:\Users\FAMILY\Documents\Camtasia Studio
2012-08-05 17:01 - 2012-08-05 17:01 - 00000000 ____D C:\Users\FAMILY\AppData\Roaming\TechSmith
2012-08-05 17:00 - 2012-08-05 17:00 - 00001170 ____A C:\Users\Public\Desktop\Camtasia Studio 8.lnk
2012-08-05 17:00 - 2012-08-05 17:00 - 00000000 ____D C:\Users\All Users\TechSmith
2012-08-05 17:00 - 2012-08-05 17:00 - 00000000 ____D C:\Program Files (x86)\QuickTime
2012-08-05 16:59 - 2012-08-05 16:59 - 00000000 ____D C:\Program Files (x86)\TechSmith
2012-08-05 16:32 - 2012-08-05 16:33 - 1236420608 ____A C:\Users\Public\Downloads\pm-rs2012..iso
2012-08-05 16:31 - 2012-08-05 16:32 - 04642676 ____A C:\Users\Public\Downloads\pm-rs2012.vol01+02.par2
2012-08-05 16:31 - 2012-08-05 16:32 - 02321388 ____A C:\Users\Public\Downloads\pm-rs2012.vol00+01.par2
2012-08-05 16:31 - 2012-08-05 16:31 - 00000600 ____A C:\Users\Public\Downloads\pm-rs2012.sfv
2012-08-05 16:28 - 2012-08-05 16:28 - 00007572 ____A C:\Users\Public\Downloads\postmortem.nfo
2012-08-05 03:07 - 2012-08-05 03:07 - 00000000 ____D C:\Users\FAMILY\Desktop\2012.07.14
2012-08-05 03:06 - 2012-08-05 03:06 - 00000000 ____D C:\Users\FAMILY\Desktop\2012.07.11
2012-08-05 03:06 - 2012-08-05 03:06 - 00000000 ____D C:\Users\FAMILY\Desktop\2012.07.10
2012-08-04 13:10 - 2012-08-04 13:15 - 00000000 ____D C:\Program Files (x86)\GetFLV
2012-08-03 22:20 - 2012-08-03 22:20 - 00000168 ____A C:\Users\FAMILY\defogger_reenable
2012-08-03 19:45 - 2012-08-06 11:02 - 00000000 ____D C:\Qoobox
2012-08-03 19:45 - 2012-08-06 11:00 - 00000000 ____D C:\Windows\erdnt
2012-08-03 18:51 - 2012-08-03 18:51 - 00000000 ____D C:\Users\FAMILY\Documents\ASUS
2012-08-03 13:44 - 2012-08-03 13:44 - 00000000 ____D C:\Users\FAMILY\Desktop\melissaschroederharmlessseries
2012-08-03 13:43 - 2012-08-03 13:43 - 02741631 ____A C:\Users\FAMILY\Desktop\melissaschroederharmlessseries.zip
2012-08-03 11:23 - 2012-08-03 11:23 - 00048953 ____A C:\Users\FAMILY\Documents\walking.dead.s02.e08-10.XtoDVD
2012-08-03 08:57 - 2012-08-03 08:57 - 00000000 ____D C:\Users\All Users\vsosdk
2012-08-03 07:14 - 2012-08-04 15:30 - 00000000 ____D C:\Users\FAMILY\Documents\ConvertXToDVD
2012-08-03 07:07 - 2012-08-04 17:15 - 00000000 ____D C:\Users\FAMILY\AppData\Roaming\Vso
2012-08-03 07:06 - 2012-08-03 07:06 - 00001234 ____A C:\Users\FAMILY\Desktop\ConvertXtoDVD 4.lnk
2012-08-03 07:06 - 2012-08-03 07:06 - 00000000 ____D C:\Program Files (x86)\VSO
2012-08-03 07:06 - 2009-09-02 09:44 - 01184984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wvc1dmod.dll
2012-08-03 07:06 - 2009-09-02 09:44 - 00626688 ____A (On2.com) C:\Windows\SysWOW64\vp7vfw.dll
2012-08-03 07:06 - 2009-09-02 09:44 - 00273408 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\Pncrt.dll
2012-08-03 07:06 - 2009-09-02 09:44 - 00217127 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\drv43260.dll
2012-08-03 07:06 - 2009-09-02 09:44 - 00208935 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\drv33260.dll
2012-08-03 07:06 - 2009-09-02 09:44 - 00176165 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\drv23260.dll
2012-08-03 07:06 - 2009-09-02 09:44 - 00102439 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\sipr3260.dll
2012-08-03 07:06 - 2009-09-02 09:44 - 00065602 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\cook3260.dll
2012-08-02 16:50 - 2012-08-02 16:50 - 00000000 ____D C:\Users\FAMILY\Desktop\tsMuxeR_1.10.6
2012-08-01 22:59 - 2012-08-01 22:59 - 00115904 ____A C:\Users\Paul\AppData\Local\GDIPFONTCACHEV1.DAT
2012-08-01 22:59 - 2012-08-01 22:59 - 00000000 ____D C:\Users\Paul\AppData\Roaming\Macromedia
2012-08-01 22:59 - 2012-08-01 22:59 - 00000000 ____D C:\Users\Paul\AppData\Roaming\Apple Computer
2012-08-01 22:59 - 2012-08-01 22:59 - 00000000 ____D C:\Users\Paul\AppData\Roaming\Adobe
2012-08-01 22:59 - 2012-08-01 22:59 - 00000000 ____D C:\Users\Paul\AppData\Local\LogMeIn
2012-08-01 22:59 - 2012-08-01 22:59 - 00000000 ____D C:\Users\Paul\AppData\Local\ASUS
2012-08-01 22:58 - 2012-08-01 22:59 - 00000000 ____D C:\users\Paul
2012-08-01 22:58 - 2012-08-01 22:58 - 00000020 __ASH C:\Users\Paul\ntuser.ini
2012-08-01 22:58 - 2012-01-28 00:01 - 00000000 ____D C:\Users\Paul\AppData\Local\Microsoft Help
2012-08-01 22:42 - 2012-08-01 22:42 - 00000000 ____D C:\Program Files (x86)\IO3O LLC
2012-08-01 22:41 - 2012-08-01 22:41 - 00034308 ____A C:\Windows\SysWOW64\bassmod.dll
2012-08-01 20:42 - 2012-08-01 20:42 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-07-30 18:36 - 2012-07-30 18:36 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-07-26 16:24 - 2012-07-26 16:24 - 00000000 ____D C:\Users\FAMILY\AppData\Roaming\ImgBurn
2012-07-26 16:13 - 2012-07-26 16:13 - 00001871 ____A C:\Users\Public\Desktop\ImgBurn.lnk
2012-07-26 16:13 - 2012-07-26 16:13 - 00000000 ____D C:\Program Files (x86)\ImgBurn
2012-07-25 21:07 - 2012-07-25 21:07 - 00000094 ____A C:\Users\FAMILY\AppData\Local\fusioncache.dat
2012-07-25 20:49 - 2012-07-26 07:39 - 00000000 ____D C:\Users\FAMILY\Documents\Dungeons and Dragons Online
2012-07-25 20:49 - 2012-07-26 07:32 - 00001041 ____A C:\Users\FAMILY\Desktop\Dungeons and Dragons Online™.lnk
2012-07-25 20:49 - 2012-07-26 07:24 - 00000000 ____D C:\Users\FAMILY\AppData\Local\Turbine
2012-07-25 20:47 - 2012-07-26 07:32 - 00000000 ____D C:\Users\All Users\HappyCloud
2012-07-25 17:50 - 2012-07-25 17:50 - 00002112 ____A C:\Users\Public\Desktop\Star Trek Bridge Commander.lnk
2012-07-25 17:48 - 2012-07-25 17:49 - 00000920 ____A C:\Windows\STBC.ini
2012-07-25 17:47 - 2012-07-25 17:47 - 00000000 ____D C:\Program Files (x86)\Activision
2012-07-25 13:32 - 2012-07-25 13:32 - 00065368 ____A C:\Users\Public\Downloads\The Dark Knight Rises TS XViD UNiQUE.par2
2012-07-25 11:15 - 2012-07-25 11:15 - 00616651 ____A C:\Users\Public\Downloads\the.lorax.2012.720p.bluray.x264-sinners.nzb
2012-07-24 20:36 - 2012-07-24 20:36 - 00001268 ____A C:\Users\FAMILY\Desktop\Star Trek Online.lnk
2012-07-24 20:18 - 2009-09-04 13:44 - 00517960 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_5.dll
2012-07-24 20:18 - 2009-09-04 13:44 - 00238936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2012-07-24 20:18 - 2009-09-04 13:44 - 00176968 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_5.dll
2012-07-24 20:18 - 2009-09-04 13:44 - 00073544 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_3.dll
2012-07-24 20:18 - 2009-09-04 13:29 - 05554512 ____A (Microsoft Corporation) C:\Windows\System32\d3dcsx_42.dll
2012-07-24 20:18 - 2009-09-04 13:29 - 05501792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2012-07-24 20:18 - 2009-09-04 13:29 - 02582888 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_42.dll
2012-07-24 20:18 - 2009-09-04 13:29 - 02475352 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_42.dll
2012-07-24 20:18 - 2009-09-04 13:29 - 01974616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2012-07-24 20:18 - 2009-09-04 13:29 - 01892184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2012-07-24 20:18 - 2009-09-04 13:29 - 00285024 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_42.dll
2012-07-24 20:18 - 2009-09-04 13:29 - 00235344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2012-07-24 20:18 - 2009-03-16 10:18 - 00521560 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_4.dll
2012-07-24 20:18 - 2009-03-16 10:18 - 00517448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2012-07-24 20:18 - 2009-03-16 10:18 - 00235352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2012-07-24 20:18 - 2009-03-16 10:18 - 00174936 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_4.dll
2012-07-24 20:18 - 2009-03-16 10:18 - 00024920 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_6.dll
2012-07-24 20:18 - 2009-03-16 10:18 - 00022360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2012-07-24 20:18 - 2009-03-09 11:27 - 05425496 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_41.dll
2012-07-24 20:18 - 2009-03-09 11:27 - 04178264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2012-07-24 20:18 - 2009-03-09 11:27 - 02430312 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_41.dll
2012-07-24 20:18 - 2009-03-09 11:27 - 00520544 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_41.dll
2012-07-24 20:18 - 2008-10-27 06:04 - 00518480 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_3.dll
2012-07-24 20:18 - 2008-10-27 06:04 - 00514384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2012-07-24 20:18 - 2008-10-27 06:04 - 00235856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2012-07-24 20:18 - 2008-10-27 06:04 - 00175440 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_3.dll
2012-07-24 20:18 - 2008-10-27 06:04 - 00074576 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_2.dll
2012-07-24 20:18 - 2008-10-27 06:04 - 00070992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2012-07-24 20:18 - 2008-10-27 06:04 - 00025936 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_5.dll
2012-07-24 20:18 - 2008-10-27 06:04 - 00023376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2012-07-24 20:18 - 2008-10-15 02:22 - 05631312 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_40.dll
2012-07-24 20:18 - 2008-10-15 02:22 - 04379984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2012-07-24 20:18 - 2008-10-15 02:22 - 02605920 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_40.dll
2012-07-24 20:18 - 2008-10-15 02:22 - 02036576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2012-07-24 20:18 - 2008-10-15 02:22 - 00519000 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_40.dll
2012-07-24 20:18 - 2008-10-15 02:22 - 00452440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2012-07-24 20:18 - 2008-07-31 06:41 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2012-07-24 20:18 - 2008-07-31 06:41 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_2.dll
2012-07-24 20:18 - 2008-07-31 06:41 - 00072200 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_1.dll
2012-07-24 20:18 - 2008-07-31 06:41 - 00068616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2012-07-24 20:18 - 2008-07-31 06:40 - 00513544 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_2.dll
2012-07-24 20:18 - 2008-07-31 06:40 - 00509448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2012-07-24 20:18 - 2008-07-10 07:01 - 00467984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2012-07-24 20:18 - 2008-07-10 07:00 - 04992520 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_39.dll
2012-07-24 20:18 - 2008-07-10 07:00 - 03851784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2012-07-24 20:18 - 2008-07-10 07:00 - 01942552 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_39.dll
2012-07-24 20:18 - 2008-07-10 07:00 - 01493528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2012-07-24 20:18 - 2008-07-10 07:00 - 00540688 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_39.dll
2012-07-24 20:18 - 2008-05-30 10:19 - 00511496 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_1.dll
2012-07-24 20:18 - 2008-05-30 10:19 - 00507400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2012-07-24 20:18 - 2008-05-30 10:18 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2012-07-24 20:18 - 2008-05-30 10:18 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_1.dll
2012-07-24 20:18 - 2008-05-30 10:17 - 00068104 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_0.dll
2012-07-24 20:18 - 2008-05-30 10:17 - 00065032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2012-07-24 20:18 - 2008-05-30 10:17 - 00025608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2012-07-24 20:18 - 2008-05-30 10:16 - 00028168 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_4.dll
2012-07-24 20:18 - 2008-05-30 10:11 - 04991496 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_38.dll
2012-07-24 20:18 - 2008-05-30 10:11 - 03850760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2012-07-24 20:18 - 2008-05-30 10:11 - 01941528 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_38.dll
2012-07-24 20:18 - 2008-05-30 10:11 - 01491992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2012-07-24 20:18 - 2008-05-30 10:11 - 00540688 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_38.dll
2012-07-24 20:18 - 2008-05-30 10:11 - 00467984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2012-07-24 20:18 - 2008-03-05 12:04 - 00489480 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_0.dll
2012-07-24 20:18 - 2008-03-05 12:03 - 00479752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2012-07-24 20:18 - 2008-03-05 12:03 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2012-07-24 20:18 - 2008-03-05 12:03 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_0.dll
2012-07-24 20:18 - 2008-03-05 12:00 - 00028168 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_3.dll
2012-07-24 20:18 - 2008-03-05 12:00 - 00025608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2012-07-24 20:18 - 2008-03-05 11:56 - 04910088 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_37.dll
2012-07-24 20:18 - 2008-03-05 11:56 - 03786760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2012-07-24 20:18 - 2008-03-05 11:56 - 01860120 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_37.dll
2012-07-24 20:18 - 2008-03-05 11:56 - 01420824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2012-07-24 20:18 - 2008-02-05 19:07 - 00529424 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_37.dll
2012-07-24 20:18 - 2008-02-05 19:07 - 00462864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2012-07-24 20:18 - 2007-10-21 23:40 - 00411656 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_10.dll
2012-07-24 20:18 - 2007-10-21 23:39 - 00267272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2012-07-24 20:18 - 2007-10-21 23:37 - 00021000 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_2.dll
2012-07-24 20:18 - 2007-10-21 23:37 - 00017928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2012-07-24 20:18 - 2007-10-12 11:14 - 05081608 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_36.dll
2012-07-24 20:18 - 2007-10-12 11:14 - 03734536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2012-07-24 20:18 - 2007-10-12 11:14 - 02006552 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_36.dll
2012-07-24 20:18 - 2007-10-12 11:14 - 01374232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2012-07-24 20:18 - 2007-10-02 05:56 - 00508264 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_36.dll
2012-07-24 20:18 - 2007-10-02 05:56 - 00444776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2012-07-24 20:18 - 2007-07-19 20:57 - 00411496 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_9.dll
2012-07-24 20:18 - 2007-07-19 20:57 - 00267112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2012-07-24 20:18 - 2007-07-19 14:14 - 05073256 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_35.dll
2012-07-24 20:18 - 2007-07-19 14:14 - 03727720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2012-07-24 20:18 - 2007-07-19 14:14 - 01985904 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_35.dll
2012-07-24 20:18 - 2007-07-19 14:14 - 01358192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2012-07-24 20:18 - 2007-07-19 14:14 - 00508264 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_35.dll
2012-07-24 20:18 - 2007-07-19 14:14 - 00444776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2012-07-24 20:18 - 2007-06-20 16:49 - 00409960 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_8.dll
2012-07-24 20:18 - 2007-06-20 16:46 - 00266088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2012-07-24 20:18 - 2007-05-16 12:45 - 04496232 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_34.dll
2012-07-24 20:18 - 2007-05-16 12:45 - 03497832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2012-07-24 20:18 - 2007-05-16 12:45 - 01401200 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_34.dll
2012-07-24 20:18 - 2007-05-16 12:45 - 01124720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2012-07-24 20:18 - 2007-05-16 12:45 - 00506728 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_34.dll
2012-07-24 20:18 - 2007-05-16 12:45 - 00443752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2012-07-24 20:17 - 2007-04-04 14:55 - 00403304 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_7.dll
2012-07-24 20:17 - 2007-04-04 14:55 - 00261480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2012-07-24 20:17 - 2007-04-04 14:54 - 00107368 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_3.dll
2012-07-24 20:17 - 2007-04-04 14:53 - 00081768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2012-07-24 20:17 - 2007-03-15 12:57 - 00506728 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_33.dll
2012-07-24 20:17 - 2007-03-15 12:57 - 00443752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2012-07-24 20:17 - 2007-03-12 12:42 - 04494184 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_33.dll
2012-07-24 20:17 - 2007-03-12 12:42 - 03495784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2012-07-24 20:17 - 2007-03-12 12:42 - 01400176 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_33.dll
2012-07-24 20:17 - 2007-03-12 12:42 - 01123696 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2012-07-24 20:17 - 2007-03-05 08:42 - 00017688 ____A (Microsoft Corporation) C:\Windows\System32\x3daudio1_1.dll
2012-07-24 20:17 - 2007-03-05 08:42 - 00015128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2012-07-24 20:17 - 2007-01-24 11:27 - 00393576 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_6.dll
2012-07-24 20:17 - 2007-01-24 11:27 - 00255848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2012-07-24 20:17 - 2006-12-08 08:02 - 00251672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2012-07-24 20:17 - 2006-12-08 08:00 - 00390424 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_5.dll
2012-07-24 20:17 - 2006-11-29 09:06 - 00469264 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10.dll
2012-07-24 20:17 - 2006-11-29 09:06 - 00440080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2012-07-24 20:17 - 2006-09-28 12:05 - 03977496 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_31.dll
2012-07-24 20:17 - 2006-09-28 12:05 - 02414360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2012-07-24 20:17 - 2006-09-28 12:05 - 00237848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2012-07-24 20:17 - 2006-09-28 12:04 - 00364824 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_4.dll
2012-07-24 20:17 - 2006-07-28 05:31 - 00083736 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_2.dll
2012-07-24 20:17 - 2006-07-28 05:30 - 00363288 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_3.dll
2012-07-24 20:17 - 2006-07-28 05:30 - 00236824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2012-07-24 20:17 - 2006-07-28 05:30 - 00062744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2012-07-24 20:17 - 2006-05-31 03:24 - 00230168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2012-07-24 20:17 - 2006-05-31 03:22 - 00354072 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_2.dll
2012-07-24 20:17 - 2006-03-31 08:41 - 03927248 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_30.dll
2012-07-24 20:17 - 2006-03-31 08:40 - 02388176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2012-07-24 20:17 - 2006-03-31 08:40 - 00352464 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_1.dll
2012-07-24 20:17 - 2006-03-31 08:39 - 00229584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2012-07-24 20:17 - 2006-03-31 08:39 - 00083664 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_1.dll
2012-07-24 20:17 - 2006-03-31 08:39 - 00062672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2012-07-24 20:17 - 2006-02-03 04:43 - 03830992 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_29.dll
2012-07-24 20:17 - 2006-02-03 04:43 - 02332368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2012-07-24 20:17 - 2006-02-03 04:42 - 00355536 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_0.dll
2012-07-24 20:17 - 2006-02-03 04:42 - 00230096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2012-07-24 20:17 - 2006-02-03 04:41 - 00016592 ____A (Microsoft Corporation) C:\Windows\System32\x3daudio1_0.dll
2012-07-24 20:17 - 2006-02-03 04:41 - 00014032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2012-07-24 20:17 - 2005-12-05 14:09 - 03815120 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_28.dll
2012-07-24 20:17 - 2005-12-05 14:09 - 02323664 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2012-07-24 20:17 - 2005-07-22 15:59 - 03807440 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_27.dll
2012-07-24 20:17 - 2005-07-22 15:59 - 02319568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2012-07-24 20:17 - 2005-05-26 11:34 - 03767504 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_26.dll
2012-07-24 20:17 - 2005-05-26 11:34 - 02297552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2012-07-24 20:17 - 2005-03-18 13:19 - 03823312 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_25.dll
2012-07-24 20:17 - 2005-03-18 13:19 - 02337488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2012-07-24 20:17 - 2005-02-05 15:45 - 03544272 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_24.dll
2012-07-24 20:17 - 2005-02-05 15:45 - 02222800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2012-07-24 20:14 - 2012-07-24 20:14 - 00000000 ____D C:\Users\Public\Games
2012-07-24 17:54 - 2012-07-24 17:54 - 15179595 ____A C:\Users\FAMILY\Desktop\cousins.zip
2012-07-24 05:14 - 2012-08-05 03:08 - 00000000 ____D C:\Users\FAMILY\Desktop\2012.07.22
2012-07-22 15:05 - 2012-08-05 19:14 - 00000000 ____D C:\Users\FAMILY\Documents\My PERRLA Papers
2012-07-22 15:02 - 2012-08-05 19:04 - 00000000 ____D C:\PERRLA
2012-07-22 15:02 - 2012-07-22 15:02 - 00001568 ____A C:\Users\Public\Desktop\Launch PERRLA.lnk
2012-07-19 20:13 - 2012-07-19 20:13 - 00000000 ____D C:\Users\FAMILY\.amokexifsorter
2012-07-19 20:13 - 2012-07-19 20:13 - 00000000 ____D C:\Program Files (x86)\AmoK Exif Sorter
2012-07-19 15:49 - 2012-07-19 15:52 - 00000000 ____D C:\Users\FAMILY\AppData\Roaming\Download Manager
2012-07-19 15:49 - 2012-07-19 15:49 - 00000000 ____D C:\Windows\Sun
2012-07-19 11:45 - 2012-07-19 11:45 - 00001012 ____A C:\Windows\EF.ini
2012-07-19 11:42 - 2012-07-19 11:42 - 00000000 ____D C:\Program Files (x86)\Raven
2012-07-19 11:31 - 2001-05-24 11:00 - 00306688 ____A (InstallShield Software Corporation) C:\Windows\IsUninst.exe
2012-07-19 11:10 - 2012-08-08 14:31 - 00000000 ____D C:\Users\FAMILY\AppData\Roaming\Spotify
2012-07-19 11:10 - 2012-08-08 14:31 - 00000000 ____D C:\Users\FAMILY\AppData\Local\Spotify
2012-07-19 11:10 - 2012-07-19 11:10 - 00001815 ____A C:\Users\FAMILY\Desktop\Spotify.lnk
2012-07-19 09:19 - 2012-07-19 09:19 - 00000000 ____D C:\Users\FAMILY\AppData\Roaming\iFunbox_UserCache
2012-07-19 09:19 - 2012-07-19 09:19 - 00000000 ____D C:\Program Files (x86)\i-Funbox DevTeam
2012-07-19 00:44 - 2012-07-19 00:44 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-19 00:44 - 2012-07-19 00:44 - 00000000 ____D C:\Users\FAMILY\AppData\Roaming\Malwarebytes
2012-07-19 00:44 - 2012-07-19 00:44 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-07-19 00:44 - 2012-07-19 00:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-19 00:44 - 2012-07-03 09:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-19 00:17 - 2012-07-19 00:47 - 00000000 ____D C:\Users\All Users\7531CCA9027AD54AC8DD8DBAF875F002
2012-07-19 00:17 - 2012-07-19 00:17 - 00000000 ____D C:\Users\FAMILY\AppData\Local\{2806971A-D17A-11E1-8270-B8AC6F996F26}
2012-07-19 00:17 - 2012-07-19 00:17 - 00000000 ____D C:\Users\FAMILY\AppData\Local\{280665F1-D17A-11E1-8270-B8AC6F996F26}
2012-07-17 23:25 - 2012-08-05 17:20 - 00001519 ____A C:\Users\FAMILY\AppData\Roaming\SAS7_000.DAT
2012-07-17 22:57 - 2012-07-17 22:57 - 00002799 ____A C:\Users\Public\Desktop\Dragon NaturallySpeaking 11.0.lnk
2012-07-17 21:47 - 2012-07-17 21:47 - 00000000 ____D C:\Users\FAMILY\AppData\Roaming\HandBrake
2012-07-12 13:48 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-12 13:44 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-12 13:44 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-12 13:44 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-12 13:44 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-12 13:44 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-12 13:44 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-12 13:44 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-12 13:44 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-12 13:44 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-12 13:44 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-12 13:44 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-12 13:44 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-12 13:44 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-12 13:44 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-12 13:44 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-12 13:44 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-12 13:44 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-12 13:44 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-12 13:44 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-12 13:44 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-12 13:44 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-12 13:44 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-12 13:44 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-12 13:44 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-12 13:44 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-12 13:43 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-12 13:43 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-12 13:43 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-12 13:39 - 2012-07-12 13:39 - 00000000 ____D C:\Users\FAMILY\Documents\SPC_RN2BSN
2012-07-12 11:42 - 2012-07-12 11:42 - 00000000 ____D C:\Users\FAMILY\AppData\Local\FANiSO
2012-07-11 03:29 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-11 03:29 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-11 03:29 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-11 03:29 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-11 03:29 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-11 03:29 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-11 03:29 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-11 03:29 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-11 03:29 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-11 03:29 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-11 03:29 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-11 03:29 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-11 03:29 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-11 03:29 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-11 03:29 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-11 03:29 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-11 03:29 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-11 03:29 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-11 03:29 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-07-10 17:22 - 2012-07-10 17:22 - 00000000 ____D C:\Users\FAMILY\AppData\Roaming\Sling Media

============ 3 Months Modified Files ========================

2012-08-08 14:31 - 2011-12-07 12:07 - 01298423 ____A C:\Windows\WindowsUpdate.log
2012-08-08 14:30 - 2009-07-13 20:45 - 00018736 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-08 14:30 - 2009-07-13 20:45 - 00018736 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-08 14:28 - 2009-07-13 21:13 - 00006714 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-08 14:25 - 2012-01-26 19:03 - 00000266 ____A C:\Windows\Tasks\AutoKMS.job
2012-08-08 14:24 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-08 14:24 - 2009-07-13 20:51 - 00067484 ____A C:\Windows\setupact.log
2012-08-08 13:41 - 2012-04-27 10:07 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-08 13:35 - 2012-05-07 12:41 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1051807519-3263120102-3672729157-1000UA.job
2012-08-08 02:35 - 2012-05-07 12:41 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1051807519-3263120102-3672729157-1000Core.job
2012-08-08 01:01 - 2012-08-07 17:15 - 00004393 ____A C:\Users\FAMILY\Desktop\aswMBR.txt
2012-08-08 01:01 - 2012-08-07 17:15 - 00000512 ____A C:\Users\FAMILY\Desktop\MBR.dat
2012-08-07 17:04 - 2012-08-07 17:04 - 00065792 ____A C:\Users\FAMILY\Desktop\tddskiller.txt
2012-08-07 16:23 - 2012-08-07 16:22 - 00002954 ____A C:\Windows\SysWOW64\jupdate-1.7.0_05-b06.log
2012-08-06 16:55 - 2012-08-06 16:54 - 00262144 ____A C:\Windows\Minidump\080612-33275-01.dmp
2012-08-06 16:54 - 2012-01-26 18:34 - 752422606 ____A C:\Windows\MEMORY.DMP
2012-08-06 16:33 - 2012-08-06 16:32 - 04731392 ____A (AVAST Software) C:\Users\FAMILY\Desktop\aswMBR.exe
2012-08-06 16:32 - 2012-08-06 16:32 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\FAMILY\Desktop\tdsskiller.exe
2012-08-06 12:32 - 2012-02-04 23:03 - 00001945 ____A C:\Windows\epplauncher.mif
2012-08-06 12:32 - 2011-10-17 20:17 - 00006616 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-08-06 11:02 - 2012-08-06 11:02 - 00027024 ____A C:\ComboFix.txt
2012-08-06 10:54 - 2011-10-17 19:58 - 00355190 ____A C:\Windows\PFRO.log
2012-08-06 10:54 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-08-05 17:20 - 2012-07-17 23:25 - 00001519 ____A C:\Users\FAMILY\AppData\Roaming\SAS7_000.DAT
2012-08-05 17:14 - 2012-03-28 18:01 - 00009728 ____A C:\Users\FAMILY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-05 17:00 - 2012-08-05 17:00 - 00001170 ____A C:\Users\Public\Desktop\Camtasia Studio 8.lnk
2012-08-05 16:33 - 2012-08-05 16:32 - 1236420608 ____A C:\Users\Public\Downloads\pm-rs2012..iso
2012-08-05 16:32 - 2012-08-05 16:31 - 04642676 ____A C:\Users\Public\Downloads\pm-rs2012.vol01+02.par2
2012-08-05 16:32 - 2012-08-05 16:31 - 02321388 ____A C:\Users\Public\Downloads\pm-rs2012.vol00+01.par2
2012-08-05 16:31 - 2012-08-05 16:31 - 00000600 ____A C:\Users\Public\Downloads\pm-rs2012.sfv
2012-08-05 16:28 - 2012-08-05 16:28 - 00007572 ____A C:\Users\Public\Downloads\postmortem.nfo
2012-08-03 22:20 - 2012-08-03 22:20 - 00000168 ____A C:\Users\FAMILY\defogger_reenable
2012-08-03 13:43 - 2012-08-03 13:43 - 02741631 ____A C:\Users\FAMILY\Desktop\melissaschroederharmlessseries.zip
2012-08-03 11:23 - 2012-08-03 11:23 - 00048953 ____A C:\Users\FAMILY\Documents\walking.dead.s02.e08-10.XtoDVD
2012-08-03 07:06 - 2012-08-03 07:06 - 00001234 ____A C:\Users\FAMILY\Desktop\ConvertXtoDVD 4.lnk
2012-08-02 22:41 - 2012-04-27 10:07 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-02 22:41 - 2012-02-28 15:52 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-01 22:59 - 2012-08-01 22:59 - 00115904 ____A C:\Users\Paul\AppData\Local\GDIPFONTCACHEV1.DAT
2012-08-01 22:59 - 2011-12-07 12:16 - 00002272 ____A C:\Windows\System32\AutoRunFilter.ini
2012-08-01 22:58 - 2012-08-01 22:58 - 00000020 __ASH C:\Users\Paul\ntuser.ini
2012-08-01 22:41 - 2012-08-01 22:41 - 00034308 ____A C:\Windows\SysWOW64\bassmod.dll
2012-07-26 16:13 - 2012-07-26 16:13 - 00001871 ____A C:\Users\Public\Desktop\ImgBurn.lnk
2012-07-26 07:32 - 2012-07-25 20:49 - 00001041 ____A C:\Users\FAMILY\Desktop\Dungeons and Dragons Online™.lnk
2012-07-25 21:07 - 2012-07-25 21:07 - 00000094 ____A C:\Users\FAMILY\AppData\Local\fusioncache.dat
2012-07-25 17:50 - 2012-07-25 17:50 - 00002112 ____A C:\Users\Public\Desktop\Star Trek Bridge Commander.lnk
2012-07-25 17:49 - 2012-07-25 17:48 - 00000920 ____A C:\Windows\STBC.ini
2012-07-25 13:32 - 2012-07-25 13:32 - 00065368 ____A C:\Users\Public\Downloads\The Dark Knight Rises TS XViD UNiQUE.par2
2012-07-25 11:15 - 2012-07-25 11:15 - 00616651 ____A C:\Users\Public\Downloads\the.lorax.2012.720p.bluray.x264-sinners.nzb
2012-07-24 20:36 - 2012-07-24 20:36 - 00001268 ____A C:\Users\FAMILY\Desktop\Star Trek Online.lnk
2012-07-24 20:18 - 2011-10-17 20:19 - 00010430 ____A C:\Windows\DirectX.log
2012-07-24 17:54 - 2012-07-24 17:54 - 15179595 ____A C:\Users\FAMILY\Desktop\cousins.zip
2012-07-22 15:02 - 2012-07-22 15:02 - 00001568 ____A C:\Users\Public\Desktop\Launch PERRLA.lnk
2012-07-20 18:12 - 2012-01-30 13:13 - 00035328 ____A C:\Users\FAMILY\Desktop\Monthly Bills2.xls
2012-07-19 11:45 - 2012-07-19 11:45 - 00001012 ____A C:\Windows\EF.ini
2012-07-19 11:10 - 2012-07-19 11:10 - 00001815 ____A C:\Users\FAMILY\Desktop\Spotify.lnk
2012-07-19 00:44 - 2012-07-19 00:44 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-19 00:34 - 2011-12-07 12:16 - 00001270 ____A C:\Windows\System32\ServiceFilter.ini
2012-07-17 22:57 - 2012-07-17 22:57 - 00002799 ____A C:\Users\Public\Desktop\Dragon NaturallySpeaking 11.0.lnk
2012-07-12 17:12 - 2009-07-13 20:45 - 02362632 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-12 13:45 - 2012-03-31 11:54 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-11 18:25 - 2012-01-28 21:27 - 00087488 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIRfsClientNP.dll
2012-07-11 18:25 - 2012-01-28 21:27 - 00080800 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIinit.dll
2012-07-11 18:25 - 2012-01-28 21:27 - 00034720 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIport.dll
2012-07-05 18:06 - 2012-08-07 16:23 - 00227760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-07-05 18:06 - 2012-05-12 09:11 - 00772544 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-07-05 18:06 - 2012-05-12 09:11 - 00687544 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-07-03 09:46 - 2012-07-19 00:44 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-01 17:47 - 2012-07-01 17:45 - 08272674 ____A C:\Users\FAMILY\Desktop\Bigasoft iPhone Ringtone Maker 1.9.1.4331.rar
2012-06-26 21:43 - 2012-08-07 16:23 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-06-26 21:43 - 2012-08-07 16:23 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-06-25 12:46 - 2012-06-25 12:46 - 00001904 ____A C:\Users\FAMILY\Documents\bookmarks.txt
2012-06-24 01:25 - 2012-06-24 01:25 - 00445490 ____A C:\Users\Public\Downloads\[101430]-[FULL]-[#a.b.teevee@EFNet]-[ UFC.147.Preliminary.Fights.720p.HDTV.x264-LMAO ]- ufc.147.preliminary.fights.720p.hdtv.x264-lmao.nzb
2012-06-24 01:24 - 2012-06-24 01:24 - 00673905 ____A C:\Users\Public\Downloads\[101437]-[FULL]-[#a.b.teevee@EFNet]-[ UFC.147.Silva.vs.Franklin.720p.HDTV.x264-C4TV ]- ufc.147.silva.vs.franklin.720p.hdtv.x264-c4tv.nzb
2012-06-11 19:08 - 2012-07-12 13:48 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 21:43 - 2012-07-11 03:29 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-11 03:29 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-08 09:18 - 2012-06-02 16:55 - 22527488 ____H C:\Users\FAMILY\Desktop\~WRL1358.tmp
2012-06-05 22:06 - 2012-07-11 03:29 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-07-11 03:29 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-07-11 03:29 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-07-11 03:29 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-07-11 03:29 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-07-11 03:29 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-05 13:06 - 2012-06-02 16:55 - 31952896 ____H C:\Users\FAMILY\Desktop\~WRL2176.tmp
2012-06-02 14:19 - 2012-06-20 21:29 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-20 21:29 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-20 21:29 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-20 21:28 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-20 21:28 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-20 21:29 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-20 21:28 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-06-20 21:28 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:15 - 2012-06-20 21:28 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 04:49 - 2012-07-12 13:43 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-12 13:43 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-12 13:44 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-12 13:44 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:05 - 2012-07-12 13:44 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:04 - 2012-07-12 13:44 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:04 - 2012-07-12 13:44 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:03 - 2012-07-12 13:44 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-12 13:44 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-12 13:44 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-12 13:44 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-12 13:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-12 13:44 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-12 13:44 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-12 13:44 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-12 13:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-12 13:44 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-12 13:44 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-12 13:44 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-12 13:44 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-12 13:44 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-12 13:44 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-12 13:44 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-12 13:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-12 13:44 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-12 13:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-12 13:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-12 13:44 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 21:50 - 2012-07-11 03:29 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:48 - 2012-07-11 03:29 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:48 - 2012-07-11 03:29 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:45 - 2012-07-11 03:29 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:44 - 2012-07-11 03:29 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:40 - 2012-07-11 03:29 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:40 - 2012-07-11 03:29 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:39 - 2012-07-11 03:29 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:34 - 2012-07-11 03:29 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-17 11:52 - 2012-01-28 21:27 - 00087456 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIRfsClientNP.dll.000.bak
2012-05-17 11:52 - 2012-01-28 21:27 - 00080768 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIinit.dll.000.bak
2012-05-17 10:25 - 2012-05-17 10:25 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-05-16 05:31 - 2012-05-16 05:31 - 00000979 ____A C:\Users\FAMILY\Desktop\NewsLeecher.lnk
2012-05-12 15:03 - 2012-05-12 15:03 - 00001157 ____A C:\Users\Public\Desktop\Bigasoft Total Video Converter.lnk
2012-05-12 09:16 - 2012-05-12 09:16 - 00002014 ____A C:\Users\FAMILY\Desktop\Media Player Classic - Home Cinema x64.lnk


ZeroAccess:
C:\Windows\Installer\{3c42eb88-3e76-c42f-e757-e3ec8d556822}
C:\Windows\Installer\{3c42eb88-3e76-c42f-e757-e3ec8d556822}\L
C:\Windows\Installer\{3c42eb88-3e76-c42f-e757-e3ec8d556822}\U

ZeroAccess:
C:\Users\FAMILY\AppData\Local\{3c42eb88-3e76-c42f-e757-e3ec8d556822}
C:\Users\FAMILY\AppData\Local\{3c42eb88-3e76-c42f-e757-e3ec8d556822}\@
C:\Users\FAMILY\AppData\Local\{3c42eb88-3e76-c42f-e757-e3ec8d556822}\L
C:\Users\FAMILY\AppData\Local\{3c42eb88-3e76-c42f-e757-e3ec8d556822}\U
C:\Users\FAMILY\AppData\Local\{3c42eb88-3e76-c42f-e757-e3ec8d556822}\U\00000001.@

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 4000.13 MB
Available physical RAM: 3402.09 MB
Total Pagefile: 3998.27 MB
Available Pagefile: 3394.98 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:119.24 GB) (Free:40.09 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (DATA) (Fixed) (Total:153.85 GB) (Free:98.82 GB) NTFS
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 25 GB 1024 KB
Partition 2 Primary 119 GB 25 GB
Partition 3 Primary 153 GB 144 GB

==================================================================================

Disk: 0
Partition 1
Type : 1C
Hidden: Yes
Active: No

There is no volume associated with this partition.

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C OS NTFS Partition 119 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D DATA NTFS Partition 153 GB Healthy

==================================================================================

==========================================================

Last Boot: 2012-08-06 23:15

======================= End Of Log ==========================

Farbar Recovery Scan Tool Version: 08-08-2012 02
Ran by SYSTEM at 2012-08-08 18:34:40
Running from D:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\erdnt\cache64\services.exe
[2012-08-06 11:00] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:04 AM

Posted 08 August 2012 - 05:52 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

C:\Windows\Installer\{3c42eb88-3e76-c42f-e757-e3ec8d556822}
C:\Users\FAMILY\AppData\Local\{3c42eb88-3e76-c42f-e757-e3ec8d556822}


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 geeknurse

geeknurse
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 09 August 2012 - 11:23 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 08-08-2012 02
Ran by SYSTEM at 2012-08-09 12:18:46 Run:1
Running from D:\

==============================================

C:\Windows\Installer\{3c42eb88-3e76-c42f-e757-e3ec8d556822} moved successfully.
C:\Users\FAMILY\AppData\Local\{3c42eb88-3e76-c42f-e757-e3ec8d556822} moved successfully.

==== End of Fixlog ====

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:04 AM

Posted 09 August 2012 - 11:42 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 geeknurse

geeknurse
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 09 August 2012 - 02:37 PM

Seems OK. No further issues. I'll keep monitoring for the redirect issue. Thank you very much.

-Paul

ComboFix 12-08-09.01 - FAMILY 08/09/2012 14:12:02.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4000.2558 [GMT -4:00]
Running from: c:\users\FAMILY\Desktop\ComboFix.exe
Command switches used :: c:\users\FAMILY\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-09 to 2012-08-09 )))))))))))))))))))))))))))))))
.
.
2012-08-09 18:18 . 2012-08-09 18:18 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2012-08-09 18:18 . 2012-08-09 18:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-09 18:09 . 2012-08-09 18:09 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6AA3D43D-FFA0-4899-B2CD-A2C2A5337778}\offreg.dll
2012-08-09 02:32 . 2012-08-09 02:32 -------- d-----w- C:\FRST
2012-08-08 00:24 . 2012-08-08 00:24 -------- d-----w- c:\program files (x86)\Oracle
2012-08-08 00:22 . 2012-08-08 00:22 -------- d-----w- c:\programdata\McAfee
2012-08-06 20:33 . 2012-02-09 18:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D31741B3-132B-4D35-B3EF-3FEA75D66CA1}\gapaengine.dll
2012-08-06 20:33 . 2012-07-16 06:40 9133488 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6AA3D43D-FFA0-4899-B2CD-A2C2A5337778}\mpengine.dll
2012-08-06 20:32 . 2012-08-06 20:32 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-08-06 20:32 . 2012-08-06 20:32 -------- d-----w- c:\program files\Microsoft Security Client
2012-08-06 01:02 . 2012-08-06 01:02 -------- d-----w- c:\users\FAMILY\AppData\Local\TechSmith
2012-08-06 01:01 . 2012-08-06 01:01 -------- d-----w- c:\users\FAMILY\AppData\Roaming\TechSmith
2012-08-06 01:00 . 2012-08-06 01:00 -------- d-----w- c:\program files (x86)\QuickTime
2012-08-06 01:00 . 2012-08-06 01:00 -------- d-----w- c:\program files (x86)\Common Files\TechSmith Shared
2012-08-06 01:00 . 2012-08-06 01:00 -------- d-----w- c:\programdata\TechSmith
2012-08-06 00:59 . 2012-08-06 00:59 -------- d-----w- c:\program files (x86)\TechSmith
2012-08-04 21:10 . 2012-08-04 21:15 -------- d-----w- c:\program files (x86)\GetFLV
2012-08-03 16:57 . 2012-08-03 16:57 -------- d-----w- c:\programdata\vsosdk
2012-08-03 15:07 . 2012-08-05 01:15 -------- d-----w- c:\users\FAMILY\AppData\Roaming\Vso
2012-08-03 15:06 . 2009-09-02 17:44 65602 ----a-w- c:\windows\SysWow64\cook3260.dll
2012-08-03 15:06 . 2009-09-02 17:44 626688 ----a-w- c:\windows\SysWow64\vp7vfw.dll
2012-08-03 15:06 . 2009-09-02 17:44 217127 ----a-w- c:\windows\SysWow64\drv43260.dll
2012-08-03 15:06 . 2009-09-02 17:44 208935 ----a-w- c:\windows\SysWow64\drv33260.dll
2012-08-03 15:06 . 2009-09-02 17:44 176165 ----a-w- c:\windows\SysWow64\drv23260.dll
2012-08-03 15:06 . 2009-09-02 17:44 1184984 ----a-w- c:\windows\SysWow64\wvc1dmod.dll
2012-08-03 15:06 . 2009-09-02 17:44 102439 ----a-w- c:\windows\SysWow64\sipr3260.dll
2012-08-03 15:06 . 2012-08-03 15:06 -------- d-----w- c:\program files (x86)\VSO
2012-08-02 06:58 . 2012-08-02 06:59 -------- d-----w- c:\users\Paul
2012-08-02 06:42 . 2012-08-02 06:42 -------- d-----w- c:\program files (x86)\IO3O LLC
2012-08-02 04:42 . 2012-08-02 04:42 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-31 02:36 . 2012-07-31 02:36 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-27 00:24 . 2012-07-27 00:24 -------- d-----w- c:\users\FAMILY\AppData\Roaming\ImgBurn
2012-07-27 00:13 . 2012-07-27 00:13 -------- d-----w- c:\program files (x86)\ImgBurn
2012-07-26 04:52 . 2012-07-26 15:32 -------- d-----w- c:\users\FAMILY\AppData\Local\ApplicationHistory
2012-07-26 04:49 . 2012-07-26 15:24 -------- d-----w- c:\users\FAMILY\AppData\Local\Turbine
2012-07-26 04:47 . 2012-07-26 15:32 -------- d-----w- c:\programdata\HappyCloud
2012-07-26 01:47 . 2012-07-26 01:47 -------- d-----w- c:\program files (x86)\Activision
2012-07-25 04:17 . 2007-04-04 22:54 107368 ----a-w- c:\windows\system32\xinput1_3.dll
2012-07-25 04:14 . 2012-07-25 04:14 -------- d-----w- c:\users\Public\Games
2012-07-22 23:02 . 2012-08-06 03:04 -------- d-----w- C:\PERRLA
2012-07-20 04:13 . 2012-07-20 04:13 -------- d-----w- c:\users\FAMILY\.amokexifsorter
2012-07-20 04:13 . 2012-07-20 04:13 -------- d-----w- c:\program files (x86)\AmoK Exif Sorter
2012-07-19 23:49 . 2012-07-19 23:52 -------- d-----w- c:\users\FAMILY\AppData\Roaming\Download Manager
2012-07-19 23:49 . 2012-07-19 23:49 -------- d-----w- c:\windows\Sun
2012-07-19 19:42 . 2012-07-19 19:42 -------- d-----w- c:\program files (x86)\Raven
2012-07-19 19:31 . 2001-05-24 19:00 306688 ----a-w- c:\windows\IsUninst.exe
2012-07-19 19:10 . 2012-08-09 17:25 -------- d-----w- c:\users\FAMILY\AppData\Local\Spotify
2012-07-19 19:10 . 2012-08-09 17:20 -------- d-----w- c:\users\FAMILY\AppData\Roaming\Spotify
2012-07-19 17:19 . 2012-07-19 17:19 -------- d-----w- c:\users\FAMILY\AppData\Roaming\iFunbox_UserCache
2012-07-19 17:19 . 2012-07-19 17:19 -------- d-----w- c:\program files (x86)\i-Funbox DevTeam
2012-07-19 08:44 . 2012-07-19 08:44 -------- d-----w- c:\users\FAMILY\AppData\Roaming\Malwarebytes
2012-07-19 08:44 . 2012-07-19 08:44 -------- d-----w- c:\programdata\Malwarebytes
2012-07-19 08:44 . 2012-07-19 08:44 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-19 08:44 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-19 08:17 . 2012-07-19 08:47 -------- d-----w- c:\programdata\7531CCA9027AD54AC8DD8DBAF875F002
2012-07-19 08:17 . 2012-07-19 08:17 -------- d-----w- c:\users\FAMILY\AppData\Local\{2806971A-D17A-11E1-8270-B8AC6F996F26}
2012-07-19 08:17 . 2012-07-19 08:17 -------- d-----w- c:\users\FAMILY\AppData\Local\{280665F1-D17A-11E1-8270-B8AC6F996F26}
2012-07-18 06:57 . 2012-07-18 06:57 -------- d-----w- c:\program files (x86)\Common Files\IVA
2012-07-18 06:57 . 2012-07-18 07:05 -------- d-----w- c:\program files (x86)\Common Files\Nuance
2012-07-18 05:47 . 2012-07-18 05:47 -------- d-----w- c:\users\FAMILY\AppData\Roaming\HandBrake
2012-07-12 21:48 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-12 21:43 . 2012-06-02 12:49 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-07-12 21:43 . 2012-06-02 12:17 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-07-12 19:42 . 2012-07-12 19:42 -------- d-----w- c:\users\FAMILY\AppData\Local\FANiSO
2012-07-11 15:40 . 2012-07-11 15:40 -------- d-----w- c:\users\FAMILY\AppData\Local\Diagnostics
2012-07-11 01:22 . 2012-07-11 01:22 -------- d-----w- c:\users\FAMILY\AppData\Roaming\Sling Media
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 06:41 . 2012-04-27 18:07 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-03 06:41 . 2012-02-28 23:52 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 21:45 . 2012-03-31 19:54 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-12 02:25 . 2012-01-29 05:27 87488 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-07-12 02:25 . 2012-01-29 05:27 34720 ----a-w- c:\windows\system32\LMIport.dll
2012-07-12 02:25 . 2012-01-29 05:27 80800 ----a-w- c:\windows\system32\LMIinit.dll
2012-07-06 02:06 . 2012-05-12 17:11 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-06 02:06 . 2012-05-12 17:11 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-02 22:19 . 2012-06-21 05:28 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 05:29 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 05:29 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 05:29 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 05:28 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 05:29 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 05:28 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-21 05:28 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-21 05:28 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-18 10:40 . 2012-05-18 10:40 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-17 19:52 . 2012-01-29 05:27 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2012-05-17 19:52 . 2012-01-29 05:27 80768 ----a-w- c:\windows\system32\LMIinit.dll.000.bak
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-06_18.54.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-02-18 20:13 . 2012-08-08 22:41 43272 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-09 16:21 35338 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-04-27 20:25 . 2012-03-21 00:44 98688 c:\windows\system32\drivers\NisDrvWFP.sys
+ 2012-03-21 00:44 . 2012-03-21 00:44 98688 c:\windows\system32\drivers\NisDrvWFP.sys
- 2012-01-19 12:42 . 2012-08-04 05:23 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-01-19 12:42 . 2012-08-08 22:39 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-01-19 12:42 . 2012-08-04 05:23 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-01-19 12:42 . 2012-08-08 22:39 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-04 05:23 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-08 22:39 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-01-19 12:42 . 2012-08-09 16:21 5186 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1051807519-3263120102-3672729157-1000_UserData.bin
+ 2012-08-09 16:19 . 2012-08-09 16:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-06 18:54 . 2012-08-06 18:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-09 16:19 . 2012-08-09 16:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-06 18:54 . 2012-08-06 18:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-08 00:23 . 2012-07-06 02:06 227760 c:\windows\SysWOW64\javaws.exe
+ 2012-08-08 00:23 . 2012-06-27 05:43 174064 c:\windows\SysWOW64\javaw.exe
+ 2012-08-08 00:23 . 2012-06-27 05:43 174064 c:\windows\SysWOW64\java.exe
+ 2012-01-20 00:57 . 2012-08-07 06:07 235640 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2012-05-02 12:46 . 2012-08-09 09:07 249182 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2009-07-14 02:36 . 2012-08-08 22:44 881590 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-08 22:44 199964 c:\windows\system32\perfc009.dat
- 2012-01-27 00:39 . 2012-01-31 12:44 279656 c:\windows\system32\MpSigStub.exe
+ 2012-01-27 00:39 . 2012-01-31 09:59 279656 c:\windows\system32\MpSigStub.exe
+ 2012-03-21 00:44 . 2012-03-21 00:44 203888 c:\windows\system32\drivers\MpFilter.sys
- 2011-04-18 18:18 . 2012-03-21 00:44 203888 c:\windows\system32\drivers\MpFilter.sys
+ 2009-07-14 04:46 . 2012-08-06 18:59 143696 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-03-11 18:54 . 2012-08-09 16:17 738128 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2012-03-11 18:54 . 2012-08-06 18:38 738128 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 05:01 . 2012-08-09 16:17 470820 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-08-06 18:53 470820 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-08-08 00:23 . 2012-08-08 00:23 461312 c:\windows\Installer\509743d.msi
- 2012-05-01 07:00 . 2012-05-01 07:00 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\SCEP.exe
+ 2012-05-01 07:00 . 2012-08-06 20:32 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\SCEP.exe
- 2012-05-01 07:00 . 2012-05-01 07:00 123352 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\MSE.exe
+ 2012-08-06 20:32 . 2012-08-06 20:32 123352 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\MSE.exe
+ 2012-05-01 07:00 . 2012-08-06 20:32 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\INTUNE.exe
- 2012-05-01 07:00 . 2012-05-01 07:00 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\INTUNE.exe
+ 2012-05-01 07:00 . 2012-08-06 20:32 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\FEP.exe
- 2012-05-01 07:00 . 2012-05-01 07:00 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\FEP.exe
+ 2012-05-01 07:00 . 2012-08-06 20:32 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\EPP.exe
- 2012-05-01 07:00 . 2012-05-01 07:00 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\EPP.exe
+ 2012-06-27 17:23 . 2012-06-27 17:23 3123200 c:\windows\Installer\6e48a9b.msi
+ 2012-03-26 23:21 . 2012-03-26 23:21 7622656 c:\windows\Installer\57bb9c.msi
+ 2012-02-29 01:04 . 2012-08-09 16:17 30823348 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1051807519-3263120102-3672729157-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
"Spotify"="c:\users\FAMILY\AppData\Roaming\Spotify\Spotify.exe" [2012-07-19 7601880]
"Spotify Web Helper"="c:\users\FAMILY\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-19 1193176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-10-18 3331312]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-07-29 737104]
"SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]
"SAOB Monitor"="c:\program files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe" [2010-09-02 2536440]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-09-08 5479424]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-08-23 206240]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2011-12-22 318080]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2011-10-24 174720]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-10-18 2319536]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"DNS7reminder"="c:\program files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" [2007-04-16 259624]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-10-18 549040]
FancyStart daemon.lnk - c:\windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe [2011-12-7 12862]
Who Is On My Wifi.lnk - c:\program files (x86)\IO3O LLC\Who Is On My Wifi\mywifi.exe [2012-8-2 369152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2011-03-18 74840]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
R3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28ux.sys [2009-09-15 1061888]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-20 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [2012-01-19 1263200]
S1 ATKWMIACPIIO_;ATKWMIACPI Driver_;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-09-07 17536]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-01-27 283200]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-03-04 379520]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-01-19 3975088]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2012-02-16 277120]
S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [2010-07-23 296808]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-07-12 375208]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2011-09-16 15928]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2012-01-19 279136]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-11-22 130024]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-11-22 395752]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-11-03 317440]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-27 06:41]
.
2012-08-09 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2012-01-27 03:03]
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1051807519-3263120102-3672729157-1000Core.job
- c:\users\FAMILY\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-07 20:41]
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1051807519-3263120102-3672729157-1000UA.job
- c:\users\FAMILY\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-07 20:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-03-21 361984]
"SynAsusAcpi"="c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe" [BU]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-09-08 390736]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2011-09-16 57928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-11-03 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-11-03 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-11-03 416024]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://asus.msn.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\FAMILY\AppData\Roaming\Mozilla\Firefox\Profiles\ccj0u7z7.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:d5,cb,55,6b,01,6f,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-09 14:20:26
ComboFix-quarantined-files.txt 2012-08-09 18:20
ComboFix2.txt 2012-08-06 19:02
.
Pre-Run: 42,466,275,328 bytes free
Post-Run: 42,527,596,544 bytes free
.
- - End Of File - - 088EBF8461B3523DD128D9A8A5CE9950

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:04 AM

Posted 09 August 2012 - 03:00 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

µTorrent
Java™ 7 Update 4
JavaFX 2.1.0
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:04 AM

Posted 12 August 2012 - 12:11 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:04 AM

Posted 15 August 2012 - 05:51 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 geeknurse

geeknurse
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 16 August 2012 - 03:08 PM

I'm on vacation for 3 days. Please allow me a few days. I will follow through on Sunday if that is ok with you. I appreciate ALL the help you have given me!!!!!

Warm Regards,
Paul




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users