Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

problem boot windows 7 home64


  • This topic is locked This topic is locked
2 replies to this topic

#1 useche

useche

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:39 AM

Posted 24 October 2012 - 01:22 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-10-2012
Ran by SYSTEM at 24-10-2012 12:13:37
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [x]
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4282728 2012-08-21] (AVAST Software)
HKU\Ingrid Melo Amaral\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17418928 2012-07-13] (Skype Technologies S.A.)
HKU\Ingrid Melo Amaral\...\Run: [wafofhupwocd] C:\Users\Ingrid Melo Amaral\wafofhupwocd.exe [86016 2012-10-02] (could Example)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [766536 2012-09-29] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1089608 2012-09-29] (Malwarebytes Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B84134E9-4408-45FF-8B11-B218EA68763C}: [NameServer]0.0.0.0
Startup: C:\Users\Default\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)

==================== Services (Whitelisted) ===================

3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-08-21] (AVAST Software)
2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-29] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-29] (Malwarebytes Corporation)
3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()
2 OrolixDeviceMonitor; C:\Program Files (x86)\TIM Communicator\module\devicemon.exe [26528 2010-12-21] (Orolix Desenvolvimento de Software LTDA.)

==================== Drivers (Whitelisted) =====================

0 80329956; C:\Windows\System32\drivers\00666742.sys [208216 2012-10-23] (Kaspersky Lab, GERT)
0 857903c4dfd9da91; C:\Windows\System32\Drivers\857903c4dfd9da91.sys [71128 2012-10-11] () ATTENTION =====> Rootkit?
2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [24408 2011-11-28] (AVAST Software)
2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [71600 2012-08-21] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [42328 2011-11-28] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [591192 2011-11-28] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [304472 2011-11-28] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [58712 2011-11-28] (AVAST Software)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-17] (Symantec Corporation)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [25928 2012-09-29] (Malwarebytes Corporation)
3 ONDAusbmdm6k; C:\Windows\System32\Drivers\ONDAusbmdm6k.sys [119680 2011-01-24] (Onda Communication)
3 ONDAusbnmea; C:\Windows\System32\Drivers\ONDAusbnmea.sys [119680 2011-01-24] (Onda Communication)
3 ONDAusbser6k; C:\Windows\System32\Drivers\ONDAusbser6k.sys [119680 2011-01-24] (Onda Communication)
3 ONDAusbvoice; C:\Windows\System32\Drivers\ONDAusbvoice.sys [119680 2011-01-24] (Onda Communication)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
2 MSSQL$DDNI; [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-10-24 05:38 - 2012-10-24 05:38 - 00000000 ____D C:\My Backups
2012-10-23 19:17 - 2012-10-23 19:17 - 00000000 ____D C:\Users\Ingrid Melo Amaral\AppData\Roaming\Malwarebytes
2012-10-23 19:17 - 2012-10-23 19:17 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-10-23 19:17 - 2012-10-23 19:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-10-23 19:17 - 2012-09-29 16:24 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-10-23 19:16 - 2012-10-23 19:16 - 00208216 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\00666742.sys
2012-10-23 19:16 - 2012-10-23 19:16 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-10-22 12:54 - 2012-10-22 12:54 - 00001922 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-10-22 12:54 - 2012-10-22 12:54 - 00000000 ____D C:\Program Files\AVAST Software
2012-10-22 12:54 - 2012-08-21 01:13 - 00071600 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-10-22 12:54 - 2012-08-21 01:13 - 00054072 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-10-22 12:54 - 2012-08-21 01:12 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-10-22 12:54 - 2012-08-21 01:12 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-10-22 11:46 - 2012-10-22 11:46 - 00027401 ____A C:\ComboFix.txt
2012-10-22 10:02 - 2012-10-22 10:04 - 00442232 ____A C:\Windows\System32\FNTCACHE.DAT
2012-10-22 09:55 - 2012-10-22 09:55 - 00116216 ____A C:\Users\Ingrid Melo Amaral\AppData\Local\GDIPFONTCACHEV1.DAT
2012-10-22 08:49 - 2012-10-22 12:42 - 06260120 ____A (Symantec Corporation) C:\Users\Ingrid Melo Amaral\Downloads\NRnR.exe
2012-10-22 07:56 - 2012-10-22 08:48 - 00002257 ____A C:\Users\Ingrid Melo Amaral\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-10-22 07:56 - 2012-10-22 07:56 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf
2012-10-22 07:56 - 2011-07-20 10:28 - 00044032 ____A (Research in Motion Ltd) C:\Windows\System32\Drivers\RimSerial_AMD64.sys
2012-10-22 07:15 - 2012-10-22 07:15 - 00000000 ____D C:\Users\Ingrid Melo Amaral\Documents\Symantec
2012-10-22 07:02 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-10-22 07:02 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-10-22 07:02 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-10-22 07:02 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-10-22 07:02 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-10-22 07:02 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-10-22 07:02 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-10-22 07:02 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-10-22 07:01 - 2012-10-22 11:46 - 00000000 ____D C:\Qoobox
2012-10-22 07:01 - 2012-10-22 07:12 - 00000000 ____D C:\Windows\erdnt
2012-10-22 06:52 - 2012-10-22 06:52 - 00001281 ____A C:\Users\Ingrid Melo Amaral\AppData\Local\PDLSetup.20121022.102238.txt
2012-10-22 06:44 - 2012-10-22 06:44 - 00000000 ____D C:\Users\Ingrid Melo Amaral\AppData\Local\{4F16D0AB-47E7-4B07-9D83-555FB10DF9D3}
2012-10-22 06:36 - 2012-10-22 06:36 - 00000000 ____D C:\Users\Ingrid Melo Amaral\AppData\Local\{60C2CF5F-AF80-4303-9EB8-09ECB0A2D4D1}
2012-10-22 06:26 - 2012-10-22 06:26 - 00000000 ____D C:\Users\Ingrid Melo Amaral\AppData\Local\{F3F3782B-712E-47D6-B7BD-1CEE4FA1987F}
2012-10-22 06:19 - 2012-10-22 06:21 - 00131072 ____A C:\Windows\ocsetup_uninstall_OEMHelpCustomization.etl
2012-10-22 06:19 - 2012-10-22 06:21 - 00028739 ____A C:\Windows\ocsetup_cbs_uninstall_OEMHelpCustomization.txt
2012-10-22 05:23 - 2012-10-22 05:23 - 00000000 ____D C:\Users\Ingrid Melo Amaral\AppData\Local\{0E5D7123-7A1E-4E3A-A305-9F9C236B5DB7}
2012-10-16 09:34 - 2012-10-16 09:34 - 00000000 ____D C:\Users\Ingrid Melo Amaral\AppData\Local\{88CA8BA3-2F75-4F0D-8A9A-F3C8F975836D}
2012-10-15 18:21 - 2012-10-15 18:21 - 00000000 ____D C:\Users\Ingrid Melo Amaral\AppData\Local\{456AA17B-2D84-44F4-ACC9-87791D073715}
2012-10-14 16:11 - 2012-10-14 16:11 - 00000000 ____D C:\Users\Ingrid Melo Amaral\AppData\Local\{A4F98E4F-E7CE-453B-871A-E321486EF1E4}
2012-10-14 15:36 - 2012-10-14 15:36 - 00000000 ____D C:\Users\Ingrid Melo Amaral\AppData\Local\{564ABDEF-B7D8-4A66-BC4A-BB9A5EE93762}
2012-10-12 16:22 - 2012-10-12 16:22 - 00000000 ____D C:\Users\Ingrid Melo Amaral\AppData\Local\{3C75A73A-F85D-46A4-9CE4-AF12A169DF5C}
2012-10-12 15:55 - 2012-10-12 15:55 - 00000000 ____D C:\Users\Ingrid Melo Amaral\AppData\Local\{95711588-B535-42E6-B4CD-6D6D46E532AB}
2012-10-12 15:20 - 2012-10-12 15:20 - 00000000 ____D C:\Users\Ingrid Melo Amaral\AppData\Local\{732BB7C7-1E21-4196-AA5D-54002F1B0E65}
2012-10-12 10:51 - 2012-10-12 10:51 - 00000000 ____D C:\Users\Ingrid Melo Amaral\AppData\Roaming\Tific
2012-10-12 10:51 - 2012-10-12 10:51 - 00000000 ____D C:\Users\Ingrid Melo Amaral\AppData\Local\Symantec
2012-10-12 10:46 - 2012-10-12 10:46 - 00000000 ____D C:\Users\Ingrid Melo Amaral\AppData\Local\{FC9130CA-9B44-4101-BDBD-D05E9A0689C8}
2012-10-11 15:49 - 2012-10-11 15:49 - 00071128 ____A C:\Windows\System32\Drivers\857903c4dfd9da91.sys
2012-10-11 15:40 - 2012-10-11 15:40 - 00000000 ____D C:\Users\Ingrid Melo Amaral\AppData\Roaming\Mozilla
2012-10-11 15:38 - 2012-10-11 15:38 - 00000000 ____D C:\Users\Ingrid Melo Amaral\AppData\Local\{1CDE5972-63AD-4780-A64D-A22CAD2BA523}
2012-10-10 16:56 - 2012-08-31 10:02 - 01656688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-10-10 16:34 - 2012-09-14 11:23 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-10-10 16:34 - 2012-09-14 10:30 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-10-10 16:34 - 2012-08-30 10:11 - 05505904 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-10-10 16:34 - 2012-08-30 09:18 - 03958128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-10-10 16:34 - 2012-08-30 09:18 - 03902832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-10-10 16:34 - 2012-08-24 10:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-10-10 16:34 - 2012-08-24 09:10 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-10-10 16:34 - 2012-08-18 07:43 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-10-10 16:34 - 2012-08-18 07:43 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-10-10 16:34 - 2012-08-18 07:43 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-10-10 16:34 - 2012-08-18 07:42 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-10-10 16:34 - 2012-08-18 07:40 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-10-10 16:34 - 2012-08-18 07:37 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-10-10 16:34 - 2012-08-18 07:37 - 00425984 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-10-10 16:34 - 2012-08-18 07:34 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-10-10 16:34 - 2012-08-18 07:22 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-10-10 16:34 - 2012-08-18 07:22 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-10-10 16:34 - 2012-08-18 07:22 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-10 16:34 - 2012-08-18 07:22 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-10 16:34 - 2012-08-18 07:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-10 16:34 - 2012-08-18 07:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-10-10 16:34 - 2012-08-18 07:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-10 16:34 - 2012-08-18 07:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-10-10 16:34 - 2012-08-18 07:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-10 16:34 - 2012-08-18 07:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-10 16:34 - 2012-08-18 07:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-10 16:34 - 2012-08-18 07:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-10-10 16:34 - 2012-08-18 07:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-10-10 16:34 - 2012-08-18 07:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-10 16:34 - 2012-08-18 07:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-10-10 16:34 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-10-10 16:34 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-10-10 16:34 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-10-10 16:34 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-10-10 16:34 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-10-10 16:34 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-10 16:34 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-10-10 16:34 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-10-10 16:34 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-10 16:34 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-10-10 16:34 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-10-10 16:34 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-10-10 16:34 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-10-10 16:34 - 2012-08-18 03:22 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-10-10 16:34 - 2012-08-18 03:19 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-10-10 16:34 - 2012-08-18 03:17 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-10-10 16:34 - 2012-08-18 03:17 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-10-10 16:34 - 2012-08-18 03:17 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-10-10 16:34 - 2012-08-18 03:09 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-10-10 16:34 - 2012-08-18 03:09 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-10 16:34 - 2012-08-18 03:09 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-10 16:34 - 2012-08-18 03:09 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-10-10 16:34 - 2012-08-18 03:09 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-10-10 16:34 - 2012-08-18 03:09 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-10 16:34 - 2012-08-18 03:09 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-10-10 16:34 - 2012-08-18 03:09 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-10 16:34 - 2012-08-18 03:09 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-10 16:34 - 2012-08-18 03:09 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-10-10 16:34 - 2012-08-18 03:09 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-10 16:34 - 2012-08-18 03:09 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-10 16:34 - 2012-08-18 03:09 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-10-10 16:34 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-10-10 16:34 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-10 16:34 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-10-10 16:34 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-10-10 16:34 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-10-10 16:34 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-10-10 16:34 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-10 16:34 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-10-10 16:34 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-10-10 16:34 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-10-10 16:34 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-10-10 16:34 - 2012-08-18 01:12 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-10-10 16:34 - 2012-08-18 01:12 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-10-10 16:34 - 2012-08-18 01:07 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-10-10 16:34 - 2012-08-18 01:07 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-10 16:34 - 2012-08-18 01:07 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-10 16:34 - 2012-08-18 01:07 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-10-10 16:33 - 2012-08-10 16:53 - 00714752 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-10-10 16:33 - 2012-08-10 15:54 - 00541184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2012-10-10 16:32 - 2012-06-01 21:25 - 01462784 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-10-10 16:32 - 2012-06-01 21:25 - 00182272 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-10-10 16:32 - 2012-06-01 21:25 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-10-10 16:32 - 2012-06-01 20:45 - 01157632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-10-10 16:32 - 2012-06-01 20:45 - 00139264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-10-10 16:32 - 2012-06-01 20:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-10-10 15:55 - 2012-10-10 15:56 - 00000000 ____D C:\Users\Ingrid Melo Amaral\AppData\Local\{69F1EC4A-03D6-493B-B14F-1EEC8FC6BD0B}
2012-10-04 16:01 - 2012-10-04 16:01 - 00000000 ____D C:\Users\Ingrid Melo Amaral\AppData\Local\{E10D0E74-DF33-4A6E-B5CB-F898CCD14F7D}
2012-10-03 16:56 - 2012-10-03 16:56 - 00000000 ____D C:\Users\Ingrid Melo Amaral\AppData\Local\{9584A3F9-DF79-487E-9DB6-5B2338CD97F0}
2012-10-02 18:53 - 2012-10-02 18:53 - 00086016 ____A (could Example) C:\Users\Ingrid Melo Amaral\wafofhupwocd.exe
2012-10-02 13:26 - 2012-10-02 13:26 - 00000000 ____D C:\Users\Ingrid Melo Amaral\AppData\Local\{21621082-A354-4C20-A7A4-EAD5D3A56CF6}
2012-10-01 16:11 - 2012-10-01 16:12 - 00000000 ____D C:\Users\Ingrid Melo Amaral\AppData\Local\{8D98B000-24A0-4366-BF91-CA500D720AD3}
2012-09-30 18:12 - 2012-09-30 18:12 - 00000000 ____D C:\Users\Ingrid Melo Amaral\AppData\Local\{872ED19A-208E-4063-8D3F-CDF2A644197F}
2012-09-29 16:42 - 2012-09-29 16:42 - 00000000 ____D C:\Users\Ingrid Melo Amaral\AppData\Local\{CE6A9942-4D24-4020-A512-5DA4DEC51C03}
2012-09-29 04:41 - 2012-09-29 04:41 - 00000000 ____D C:\Users\Ingrid Melo Amaral\AppData\Local\{751AF15D-EF47-4C44-8E2D-ED24FEE605EA}
2012-09-28 16:06 - 2012-09-28 16:07 - 00000000 ____D C:\Users\Ingrid Melo Amaral\AppData\Local\{C2B0BB94-012E-4C7C-B7F0-640B0B7BEBB2}
2012-09-27 16:48 - 2012-09-27 16:48 - 00000000 ____D C:\Users\Ingrid Melo Amaral\AppData\Local\{CA77F094-8AEF-4522-B40A-7D897212AFFF}
2012-09-26 17:17 - 2012-09-26 17:17 - 00000000 ____D C:\Users\Ingrid Melo Amaral\AppData\Local\{7544E328-95C8-4D1E-8D00-E9C766240451}
2012-09-25 17:16 - 2012-09-25 17:16 - 00000000 ____D C:\Users\Ingrid Melo Amaral\AppData\Local\{20AB7F94-C487-4C04-ADBB-2DF2F62E6E9E}
2012-09-25 05:15 - 2012-09-25 05:16 - 00000000 ____D C:\Users\Ingrid Melo Amaral\AppData\Local\{7446A296-DD1B-4860-8819-13BACF7B666B}
2012-09-24 10:12 - 2012-09-24 10:12 - 00000000 ____D C:\Users\Ingrid Melo Amaral\AppData\Local\{1DEC086B-F193-4B41-B4CF-F2836ED63D1C}


==================== 3 Months Modified Files ==================

2012-10-23 20:46 - 2010-07-27 00:10 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-10-23 19:16 - 2012-10-23 19:16 - 00208216 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\00666742.sys
2012-10-23 19:16 - 2009-07-13 21:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
2012-10-23 19:12 - 2009-07-13 20:51 - 00148979 ____A C:\Windows\setupact.log
2012-10-23 17:47 - 2009-07-13 20:45 - 00013872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-10-23 17:47 - 2009-07-13 20:45 - 00013872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-10-23 17:38 - 2010-07-27 00:14 - 00000050 ____A C:\Windows\System32\SupplicantTest.log
2012-10-23 17:38 - 2010-07-27 00:10 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-10-23 17:38 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-10-22 13:20 - 2010-11-15 14:59 - 01413800 ____A C:\Windows\WindowsUpdate.log
2012-10-22 13:12 - 2010-07-27 00:16 - 01905292 ____A C:\Windows\PFRO.log
2012-10-22 12:54 - 2012-10-22 12:54 - 00001922 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-10-22 12:54 - 2011-02-20 09:43 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-10-22 12:42 - 2012-10-22 08:49 - 06260120 ____A (Symantec Corporation) C:\Users\Ingrid Melo Amaral\Downloads\NRnR.exe
2012-10-22 11:46 - 2012-10-22 11:46 - 00027401 ____A C:\ComboFix.txt
2012-10-22 11:42 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-10-22 10:04 - 2012-10-22 10:02 - 00442232 ____A C:\Windows\System32\FNTCACHE.DAT
2012-10-22 09:55 - 2012-10-22 09:55 - 00116216 ____A C:\Users\Ingrid Melo Amaral\AppData\Local\GDIPFONTCACHEV1.DAT
2012-10-22 08:48 - 2012-10-22 07:56 - 00002257 ____A C:\Users\Ingrid Melo Amaral\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-10-22 07:56 - 2012-10-22 07:56 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf
2012-10-22 06:52 - 2012-10-22 06:52 - 00001281 ____A C:\Users\Ingrid Melo Amaral\AppData\Local\PDLSetup.20121022.102238.txt
2012-10-22 06:50 - 2011-10-16 18:55 - 00006256 ____A C:\Users\All Users\hpzinstall.log
2012-10-22 06:21 - 2012-10-22 06:19 - 00131072 ____A C:\Windows\ocsetup_uninstall_OEMHelpCustomization.etl
2012-10-22 06:21 - 2012-10-22 06:19 - 00028739 ____A C:\Windows\ocsetup_cbs_uninstall_OEMHelpCustomization.txt
2012-10-11 15:49 - 2012-10-11 15:49 - 00071128 ____A C:\Windows\System32\Drivers\857903c4dfd9da91.sys
2012-10-10 19:56 - 2012-02-18 05:59 - 65309168 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-10-02 18:53 - 2012-10-02 18:53 - 00086016 ____A (could Example) C:\Users\Ingrid Melo Amaral\wafofhupwocd.exe
2012-09-29 16:24 - 2012-10-23 19:17 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-19 19:23 - 2012-09-19 19:18 - 107314254 ____A C:\Users\Ingrid Melo Amaral\Desktop\documento century 001.bmp
2012-09-17 08:18 - 2012-09-17 08:22 - 107314254 ____A C:\Users\Ingrid Melo Amaral\Desktop\001.bmp
2012-09-14 11:23 - 2012-10-10 16:34 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-09-14 10:30 - 2012-10-10 16:34 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-08-31 10:02 - 2012-10-10 16:56 - 01656688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-08-30 15:22 - 2012-08-30 15:22 - 00602700 ____A C:\Windows\System32\s000001.dat
2012-08-30 14:53 - 2012-05-01 12:04 - 00000102 ____A C:\Windows\System32\sstates.sdt
2012-08-30 14:53 - 2012-05-01 12:04 - 00000040 ____A C:\Windows\System32\sstate_prev.sdt
2012-08-30 10:11 - 2012-10-10 16:34 - 05505904 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-08-30 09:18 - 2012-10-10 16:34 - 03958128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-08-30 09:18 - 2012-10-10 16:34 - 03902832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-08-24 10:05 - 2012-10-10 16:34 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-08-24 10:05 - 2012-09-22 07:12 - 01501696 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-24 10:05 - 2012-09-22 07:12 - 01197568 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-24 10:05 - 2012-09-22 07:11 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-24 10:03 - 2012-09-22 07:12 - 01026560 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2012-08-24 10:02 - 2012-09-22 07:12 - 09375744 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-24 10:02 - 2012-09-22 07:12 - 00736256 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-24 10:02 - 2012-09-22 07:11 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-24 10:02 - 2012-09-22 07:11 - 00082944 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-08-24 10:02 - 2012-09-22 07:11 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-24 10:02 - 2012-09-22 07:11 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-08-24 10:01 - 2012-09-22 07:12 - 12404736 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-24 10:01 - 2012-09-22 07:12 - 02458624 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-24 10:01 - 2012-09-22 07:12 - 00445952 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-08-24 10:01 - 2012-09-22 07:12 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-24 10:01 - 2012-09-22 07:11 - 00256000 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-08-24 09:59 - 2012-09-22 07:11 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-08-24 09:10 - 2012-10-10 16:34 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-08-24 09:10 - 2012-09-22 07:12 - 01230848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-24 09:10 - 2012-09-22 07:12 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-24 09:10 - 2012-09-22 07:11 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-24 09:09 - 2012-09-22 07:12 - 06029824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-24 09:09 - 2012-09-22 07:12 - 00627200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-08-24 09:09 - 2012-09-22 07:12 - 00606208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2012-08-24 09:09 - 2012-09-22 07:11 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-24 09:09 - 2012-09-22 07:11 - 00064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-08-24 09:08 - 2012-09-22 07:12 - 11019776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-24 09:08 - 2012-09-22 07:12 - 00381440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-08-24 09:08 - 2012-09-22 07:11 - 02072576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-24 09:08 - 2012-09-22 07:11 - 00185856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-08-24 09:08 - 2012-09-22 07:11 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-24 09:08 - 2012-09-22 07:11 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-24 09:08 - 2012-09-22 07:11 - 00044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-08-24 09:06 - 2012-09-22 07:11 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-08-24 08:45 - 2012-09-22 07:11 - 00482816 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-08-24 08:02 - 2012-09-22 07:11 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-24 08:01 - 2012-09-22 07:11 - 00386048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-08-24 07:27 - 2012-09-22 07:11 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-21 19:15 - 2009-07-13 21:08 - 00032612 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-21 01:13 - 2012-10-22 12:54 - 00071600 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-08-21 01:13 - 2012-10-22 12:54 - 00054072 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-08-21 01:12 - 2012-10-22 12:54 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-08-21 01:12 - 2012-10-22 12:54 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-08-21 01:12 - 2011-02-21 11:55 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-08-18 07:43 - 2012-10-10 16:34 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-08-18 07:43 - 2012-10-10 16:34 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-08-18 07:43 - 2012-10-10 16:34 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-08-18 07:42 - 2012-10-10 16:34 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-08-18 07:40 - 2012-10-10 16:34 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-08-18 07:37 - 2012-10-10 16:34 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-08-18 07:37 - 2012-10-10 16:34 - 00425984 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-08-18 07:34 - 2012-10-10 16:34 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-08-18 07:22 - 2012-10-10 16:34 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 16:34 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 16:34 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 16:34 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 16:34 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 16:34 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 16:34 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 16:34 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 16:34 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 16:34 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 16:34 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 16:34 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 16:34 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 16:34 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 16:34 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 16:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 16:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 16:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 16:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 16:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 16:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 16:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 16:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 16:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 16:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 16:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 16:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-18 07:22 - 2012-10-10 16:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-08-18 03:22 - 2012-10-10 16:34 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-08-18 03:19 - 2012-10-10 16:34 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-08-18 03:17 - 2012-10-10 16:34 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-08-18 03:17 - 2012-10-10 16:34 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-08-18 03:17 - 2012-10-10 16:34 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-08-18 03:09 - 2012-10-10 16:34 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-08-18 03:09 - 2012-10-10 16:34 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-18 03:09 - 2012-10-10 16:34 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-18 03:09 - 2012-10-10 16:34 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-08-18 03:09 - 2012-10-10 16:34 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-08-18 03:09 - 2012-10-10 16:34 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-18 03:09 - 2012-10-10 16:34 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-08-18 03:09 - 2012-10-10 16:34 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-18 03:09 - 2012-10-10 16:34 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-18 03:09 - 2012-10-10 16:34 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-08-18 03:09 - 2012-10-10 16:34 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-18 03:09 - 2012-10-10 16:34 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-18 03:09 - 2012-10-10 16:34 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-08-18 03:09 - 2012-10-10 16:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-08-18 03:09 - 2012-10-10 16:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-18 03:09 - 2012-10-10 16:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-08-18 03:09 - 2012-10-10 16:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-08-18 03:09 - 2012-10-10 16:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-08-18 03:09 - 2012-10-10 16:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-08-18 03:09 - 2012-10-10 16:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-18 03:09 - 2012-10-10 16:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-08-18 03:09 - 2012-10-10 16:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-08-18 03:09 - 2012-10-10 16:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-08-18 03:09 - 2012-10-10 16:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-08-18 01:12 - 2012-10-10 16:34 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-08-18 01:12 - 2012-10-10 16:34 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-08-18 01:07 - 2012-10-10 16:34 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-08-18 01:07 - 2012-10-10 16:34 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-18 01:07 - 2012-10-10 16:34 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-18 01:07 - 2012-10-10 16:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-08-15 17:48 - 2012-08-15 17:38 - 00192334 ____A C:\Users\Ingrid Melo Amaral\Desktop\FICHA_MIEMBRO_LA_SALLISTA.xlsx
2012-08-10 16:53 - 2012-10-10 16:33 - 00714752 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-08-10 15:54 - 2012-10-10 16:33 - 00541184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2012-08-02 09:55 - 2012-09-15 09:32 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-08-02 09:05 - 2012-09-15 09:32 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-07-29 11:48 - 2010-07-27 00:43 - 00072800 ____A C:\Windows\DirectX.log

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 16%
Total physical RAM: 3758.1 MB
Available physical RAM: 3149.7 MB
Total Pagefile: 3756.25 MB
Available Pagefile: 3149.34 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:455.18 GB) (Free:231.29 GB) NTFS
2 Drive e: (Recovery) (Fixed) (Total:10.48 GB) (Free:0.77 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive g: () (Removable) (Total:3.73 GB) (Free:3.73 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.03 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 3824 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 10 GB 1024 KB
Partition 2 Primary 100 MB 10 GB
Partition 3 Primary 455 GB 10 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E Recovery NTFS Partition 10 GB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 455 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3823 MB 31 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT32 Removable 3823 MB Healthy

=========================================================

Last Boot: 2012-10-22 09:30

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:39 AM

Posted 24 October 2012 - 06:41 PM

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
HKLM-x32\...\Run: [] [x]
HKU\Ingrid Melo Amaral\...\Run: [wafofhupwocd] C:\Users\Ingrid Melo Amaral\wafofhupwocd.exe [86016 2012-10-02] (could Example)
0 857903c4dfd9da91; C:\Windows\System32\Drivers\857903c4dfd9da91.sys [71128 2012-10-11] () ATTENTION =====> Rootkit?
C:\Windows\System32\Drivers\857903c4dfd9da91.sys
A (could Example) C:\Users\Ingrid Melo Amaral\wafofhupwocd.exe
testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.


NEXT

Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:39 AM

Posted 01 November 2012 - 08:41 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users