Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 Cannot Perform Updates


  • This topic is locked This topic is locked
24 replies to this topic

#1 yankmansg

yankmansg

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 26 October 2012 - 03:53 PM

Hello. I actually have another post that is being worked on for another laptop. This is totally unrelated. I have a Dell laptop which I noticed that I could not perform a Microsoft Security Essentials update today. Upon further analysis I found that I couldn't do any Windows Updates either. It says that the service is not turned on. I ran a MalwareBytes scan and it found and removed one trojan. I also ran Eset and it also found and removed another trojan. I rebooted and still can't do any updates. I removed MSE. Not sure what else I should do? Thanks.

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:48 PM

Posted 28 October 2012 - 08:22 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
    • DDS.scr <- not recommended if you use Chrome to download this .scr file. Use the other options.
    • DDS.pif
    • DDS.COM
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.


Please post the logs for my review and wait for further instructions.

#3 yankmansg

yankmansg
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 28 October 2012 - 06:22 PM

Thank you for the reply. I was able to resolve my issue. Thanks anyway.

#4 yankmansg

yankmansg
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 28 October 2012 - 07:53 PM

Well, I guess I take it back. The issue is not resolved. Although Windows Firewall is now on I still cannot perform updates to Windows or Windows Essentials. I will proceed with your directions and post the results. Thanks.

#5 yankmansg

yankmansg
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 28 October 2012 - 10:05 PM

20:56:03.0934 4988 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
20:56:04.0277 4988 ============================================================
20:56:04.0277 4988 Current date / time: 2012/10/28 20:56:04.0277
20:56:04.0277 4988 SystemInfo:
20:56:04.0277 4988
20:56:04.0277 4988 OS Version: 6.1.7601 ServicePack: 1.0
20:56:04.0277 4988 Product type: Workstation
20:56:04.0277 4988 ComputerName: D4N1OCK52
20:56:04.0277 4988 UserName: Sam
20:56:04.0277 4988 Windows directory: C:\windows
20:56:04.0277 4988 System windows directory: C:\windows
20:56:04.0277 4988 Running under WOW64
20:56:04.0277 4988 Processor architecture: Intel x64
20:56:04.0277 4988 Number of processors: 4
20:56:04.0277 4988 Page size: 0x1000
20:56:04.0277 4988 Boot type: Normal boot
20:56:04.0277 4988 ============================================================
20:56:07.0366 4988 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:56:07.0382 4988 ============================================================
20:56:07.0382 4988 \Device\Harddisk0\DR0:
20:56:07.0382 4988 MBR partitions:
20:56:07.0382 4988 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x6, StartLBA 0x800, BlocksNum 0x32000
20:56:07.0382 4988 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1B4F806
20:56:07.0382 4988 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x38607030
20:56:07.0382 4988 ============================================================
20:56:07.0397 4988 C: <-> \Device\Harddisk0\DR0\Partition3
20:56:07.0444 4988 D: <-> \Device\Harddisk0\DR0\Partition2
20:56:07.0444 4988 ============================================================
20:56:07.0444 4988 Initialize success
20:56:07.0444 4988 ============================================================
20:56:20.0673 1340 ============================================================
20:56:20.0673 1340 Scan started
20:56:20.0673 1340 Mode: Manual;
20:56:20.0673 1340 ============================================================
20:56:21.0671 1340 ================ Scan system memory ========================
20:56:21.0671 1340 System memory - ok
20:56:21.0671 1340 ================ Scan services =============================
20:56:21.0796 1340 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
20:56:21.0796 1340 !SASCORE - ok
20:56:21.0999 1340 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
20:56:21.0999 1340 1394ohci - ok
20:56:22.0108 1340 [ A15069EEC83EBC54150564B2585CFDBA ] 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269 C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
20:56:22.0108 1340 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269 - ok
20:56:22.0155 1340 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
20:56:22.0170 1340 ACPI - ok
20:56:22.0202 1340 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
20:56:22.0202 1340 AcpiPmi - ok
20:56:22.0311 1340 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:56:22.0311 1340 AdobeARMservice - ok
20:56:22.0358 1340 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
20:56:22.0373 1340 adp94xx - ok
20:56:22.0389 1340 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys
20:56:22.0404 1340 adpahci - ok
20:56:22.0404 1340 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys
20:56:22.0420 1340 adpu320 - ok
20:56:22.0560 1340 [ 7652940ADA176D26D8938B9BE309F4EE ] AdvancedSystemCareService6 C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
20:56:22.0592 1340 AdvancedSystemCareService6 - ok
20:56:22.0638 1340 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
20:56:22.0638 1340 AeLookupSvc - ok
20:56:22.0716 1340 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
20:56:22.0779 1340 AESTFilters - ok
20:56:22.0826 1340 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
20:56:22.0888 1340 AFD - ok
20:56:22.0919 1340 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
20:56:22.0919 1340 agp440 - ok
20:56:22.0950 1340 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
20:56:22.0966 1340 ALG - ok
20:56:23.0169 1340 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
20:56:23.0184 1340 aliide - ok
20:56:23.0200 1340 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
20:56:23.0247 1340 amdide - ok
20:56:23.0340 1340 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
20:56:23.0403 1340 AmdK8 - ok
20:56:23.0496 1340 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys
20:56:23.0496 1340 AmdPPM - ok
20:56:23.0668 1340 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
20:56:23.0684 1340 amdsata - ok
20:56:23.0824 1340 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys
20:56:23.0871 1340 amdsbs - ok
20:56:24.0011 1340 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
20:56:24.0011 1340 amdxata - ok
20:56:24.0105 1340 [ 7D9E301AB3247765702D0B65E2E47E50 ] AMPPAL C:\windows\system32\DRIVERS\AMPPAL.sys
20:56:24.0105 1340 AMPPAL - ok
20:56:24.0167 1340 [ 7D9E301AB3247765702D0B65E2E47E50 ] AMPPALP C:\windows\system32\DRIVERS\amppal.sys
20:56:24.0183 1340 AMPPALP - ok
20:56:24.0791 1340 [ 864C632B999BE1237A3DC46736E71F27 ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
20:56:24.0822 1340 AMPPALR3 - ok
20:56:24.0900 1340 [ 24ED0EB2B2558970176ECEE680F8F806 ] ApfiltrService C:\windows\system32\DRIVERS\Apfiltr.sys
20:56:24.0900 1340 ApfiltrService - ok
20:56:24.0963 1340 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
20:56:24.0994 1340 AppID - ok
20:56:25.0010 1340 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
20:56:25.0025 1340 AppIDSvc - ok
20:56:25.0041 1340 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
20:56:25.0041 1340 Appinfo - ok
20:56:25.0134 1340 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:56:25.0134 1340 Apple Mobile Device - ok
20:56:25.0197 1340 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys
20:56:25.0197 1340 arc - ok
20:56:25.0228 1340 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys
20:56:25.0228 1340 arcsas - ok
20:56:25.0353 1340 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:56:25.0353 1340 aspnet_state - ok
20:56:25.0384 1340 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
20:56:25.0415 1340 AsyncMac - ok
20:56:25.0462 1340 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
20:56:25.0462 1340 atapi - ok
20:56:25.0540 1340 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
20:56:25.0540 1340 AudioEndpointBuilder - ok
20:56:25.0556 1340 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
20:56:25.0556 1340 AudioSrv - ok
20:56:25.0571 1340 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
20:56:25.0602 1340 AxInstSV - ok
20:56:25.0634 1340 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
20:56:25.0634 1340 b06bdrv - ok
20:56:25.0649 1340 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
20:56:25.0649 1340 b57nd60a - ok
20:56:25.0680 1340 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
20:56:25.0696 1340 BDESVC - ok
20:56:25.0712 1340 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
20:56:25.0727 1340 Beep - ok
20:56:25.0758 1340 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
20:56:25.0805 1340 BFE - ok
20:56:25.0821 1340 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
20:56:25.0821 1340 blbdrive - ok
20:56:25.0930 1340 [ 5FF7B9916A10E8E69E7C0D16F0B4787A ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
20:56:26.0538 1340 Bluetooth Device Monitor - ok
20:56:26.0601 1340 [ E43D73CAF1023976EFBA1D0F0E69E271 ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
20:56:27.0178 1340 Bluetooth Media Service - ok
20:56:27.0240 1340 [ 20427929646784A482DF34EF8C4FED23 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
20:56:27.0786 1340 Bluetooth OBEX Service - ok
20:56:27.0833 1340 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:56:27.0833 1340 Bonjour Service - ok
20:56:27.0864 1340 [ 2309601E5D37E0304F8BCFB57190756E ] BOT4Service C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
20:56:27.0864 1340 BOT4Service - ok
20:56:27.0896 1340 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
20:56:27.0911 1340 bowser - ok
20:56:27.0942 1340 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
20:56:27.0942 1340 BrFiltLo - ok
20:56:27.0958 1340 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
20:56:27.0958 1340 BrFiltUp - ok
20:56:28.0005 1340 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys
20:56:28.0036 1340 BridgeMP - ok
20:56:28.0067 1340 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
20:56:28.0114 1340 Browser - ok
20:56:28.0130 1340 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
20:56:28.0145 1340 Brserid - ok
20:56:28.0161 1340 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
20:56:28.0161 1340 BrSerWdm - ok
20:56:28.0176 1340 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
20:56:28.0176 1340 BrUsbMdm - ok
20:56:28.0208 1340 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
20:56:28.0208 1340 BrUsbSer - ok
20:56:28.0254 1340 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
20:56:28.0270 1340 BthEnum - ok
20:56:28.0286 1340 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys
20:56:28.0286 1340 BTHMODEM - ok
20:56:28.0332 1340 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
20:56:28.0332 1340 BthPan - ok
20:56:28.0395 1340 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\windows\system32\Drivers\BTHport.sys
20:56:28.0410 1340 BTHPORT - ok
20:56:28.0426 1340 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
20:56:28.0442 1340 bthserv - ok
20:56:28.0488 1340 [ 9E2AF97302B9F4BF97E952A865EB31AE ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
20:56:28.0488 1340 BTHSSecurityMgr - ok
20:56:28.0535 1340 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\system32\Drivers\BTHUSB.sys
20:56:28.0535 1340 BTHUSB - ok
20:56:28.0551 1340 [ 274E47BD9C1367BDBFA9DF10C2E6C544 ] btmaudio C:\windows\system32\drivers\btmaud.sys
20:56:28.0551 1340 btmaudio - ok
20:56:28.0566 1340 [ 75EAB5AAF6E9F83739249CE60B4B9C39 ] btmaux C:\windows\system32\DRIVERS\btmaux.sys
20:56:28.0566 1340 btmaux - ok
20:56:28.0613 1340 [ 40C6FEC49D1CC4D112368A2BCD2BCBB7 ] btmhsf C:\windows\system32\DRIVERS\btmhsf.sys
20:56:28.0629 1340 btmhsf - ok
20:56:28.0707 1340 [ 555FA105C22B1616094EDAD1CBFB0551 ] cbfs3 C:\windows\system32\DRIVERS\cbfs3.sys
20:56:28.0738 1340 cbfs3 - ok
20:56:28.0754 1340 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
20:56:28.0769 1340 cdfs - ok
20:56:28.0816 1340 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
20:56:28.0832 1340 cdrom - ok
20:56:28.0878 1340 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
20:56:28.0910 1340 CertPropSvc - ok
20:56:28.0925 1340 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys
20:56:28.0925 1340 circlass - ok
20:56:28.0941 1340 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
20:56:28.0956 1340 CLFS - ok
20:56:29.0003 1340 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:56:29.0003 1340 clr_optimization_v2.0.50727_32 - ok
20:56:29.0034 1340 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:56:29.0034 1340 clr_optimization_v2.0.50727_64 - ok
20:56:29.0112 1340 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:56:29.0112 1340 clr_optimization_v4.0.30319_32 - ok
20:56:29.0128 1340 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:56:29.0144 1340 clr_optimization_v4.0.30319_64 - ok
20:56:29.0175 1340 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
20:56:29.0175 1340 CmBatt - ok
20:56:29.0190 1340 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
20:56:29.0190 1340 cmdide - ok
20:56:29.0268 1340 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
20:56:29.0268 1340 CNG - ok
20:56:29.0300 1340 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys
20:56:29.0300 1340 Compbatt - ok
20:56:29.0331 1340 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
20:56:29.0331 1340 CompositeBus - ok
20:56:29.0346 1340 COMSysApp - ok
20:56:29.0378 1340 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
20:56:29.0378 1340 crcdisk - ok
20:56:29.0424 1340 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\windows\system32\cryptsvc.dll
20:56:29.0456 1340 CryptSvc - ok
20:56:29.0518 1340 [ BC3D4F90978CD7C8EABD1BAF3BF7873A ] CtClsFlt C:\windows\system32\DRIVERS\CtClsFlt.sys
20:56:29.0534 1340 CtClsFlt - ok
20:56:29.0643 1340 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
20:56:29.0643 1340 cvhsvc - ok
20:56:29.0705 1340 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
20:56:29.0721 1340 DcomLaunch - ok
20:56:29.0752 1340 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
20:56:29.0799 1340 defragsvc - ok
20:56:29.0877 1340 [ BC8362B60304A9ED9416C305F6DF5247 ] DellDigitalDelivery C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
20:56:29.0877 1340 DellDigitalDelivery - ok
20:56:29.0986 1340 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
20:56:30.0048 1340 DfsC - ok
20:56:30.0173 1340 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
20:56:30.0220 1340 Dhcp - ok
20:56:30.0251 1340 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
20:56:30.0282 1340 discache - ok
20:56:30.0314 1340 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys
20:56:30.0314 1340 Disk - ok
20:56:30.0329 1340 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
20:56:30.0360 1340 Dnscache - ok
20:56:30.0392 1340 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
20:56:30.0454 1340 dot3svc - ok
20:56:30.0470 1340 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
20:56:30.0470 1340 DPS - ok
20:56:30.0501 1340 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
20:56:30.0501 1340 drmkaud - ok
20:56:30.0532 1340 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
20:56:30.0548 1340 DXGKrnl - ok
20:56:30.0563 1340 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
20:56:30.0579 1340 EapHost - ok
20:56:30.0641 1340 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys
20:56:30.0704 1340 ebdrv - ok
20:56:30.0766 1340 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
20:56:30.0766 1340 EFS - ok
20:56:30.0828 1340 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
20:56:30.0875 1340 ehRecvr - ok
20:56:30.0891 1340 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
20:56:30.0922 1340 ehSched - ok
20:56:30.0953 1340 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys
20:56:30.0969 1340 elxstor - ok
20:56:30.0984 1340 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
20:56:30.0984 1340 ErrDev - ok
20:56:31.0047 1340 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
20:56:31.0062 1340 EventSystem - ok
20:56:31.0187 1340 [ E3A96D5AE6E5C7B5472011BA77353368 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
20:56:31.0234 1340 EvtEng - ok
20:56:31.0250 1340 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
20:56:31.0281 1340 exfat - ok
20:56:31.0296 1340 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
20:56:31.0343 1340 fastfat - ok
20:56:31.0390 1340 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
20:56:31.0406 1340 Fax - ok
20:56:31.0421 1340 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys
20:56:31.0421 1340 fdc - ok
20:56:31.0452 1340 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
20:56:31.0452 1340 fdPHost - ok
20:56:31.0468 1340 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
20:56:31.0499 1340 FDResPub - ok
20:56:31.0515 1340 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
20:56:31.0515 1340 FileInfo - ok
20:56:31.0546 1340 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
20:56:31.0577 1340 Filetrace - ok
20:56:31.0593 1340 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys
20:56:31.0593 1340 flpydisk - ok
20:56:31.0624 1340 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
20:56:31.0624 1340 FltMgr - ok
20:56:31.0655 1340 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
20:56:31.0686 1340 FontCache - ok
20:56:31.0718 1340 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:56:31.0718 1340 FontCache3.0.0.0 - ok
20:56:31.0718 1340 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
20:56:31.0718 1340 FsDepends - ok
20:56:31.0764 1340 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
20:56:31.0764 1340 Fs_Rec - ok
20:56:31.0780 1340 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
20:56:31.0780 1340 fvevol - ok
20:56:31.0811 1340 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
20:56:31.0811 1340 gagp30kx - ok
20:56:31.0858 1340 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
20:56:31.0858 1340 GamesAppService - ok
20:56:31.0905 1340 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
20:56:31.0905 1340 GEARAspiWDM - ok
20:56:31.0936 1340 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
20:56:31.0998 1340 gpsvc - ok
20:56:32.0076 1340 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:56:32.0076 1340 gupdate - ok
20:56:32.0108 1340 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:56:32.0108 1340 gupdatem - ok
20:56:32.0123 1340 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
20:56:32.0139 1340 hcw85cir - ok
20:56:32.0186 1340 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
20:56:32.0186 1340 HdAudAddService - ok
20:56:32.0217 1340 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
20:56:32.0217 1340 HDAudBus - ok
20:56:32.0232 1340 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys
20:56:32.0232 1340 HidBatt - ok
20:56:32.0264 1340 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys
20:56:32.0279 1340 HidBth - ok
20:56:32.0295 1340 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys
20:56:32.0295 1340 HidIr - ok
20:56:32.0326 1340 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\System32\hidserv.dll
20:56:32.0373 1340 hidserv - ok
20:56:32.0404 1340 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
20:56:32.0404 1340 HidUsb - ok
20:56:32.0435 1340 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
20:56:32.0482 1340 hkmsvc - ok
20:56:32.0498 1340 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
20:56:32.0498 1340 HomeGroupListener - ok
20:56:32.0529 1340 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
20:56:32.0529 1340 HomeGroupProvider - ok
20:56:32.0544 1340 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
20:56:32.0560 1340 HpSAMD - ok
20:56:32.0591 1340 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
20:56:32.0654 1340 HTTP - ok
20:56:32.0685 1340 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
20:56:32.0685 1340 hwpolicy - ok
20:56:32.0700 1340 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
20:56:32.0700 1340 i8042prt - ok
20:56:32.0763 1340 [ D7921D5A870B11CC1ADAB198A519D50A ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
20:56:32.0778 1340 iaStor - ok
20:56:32.0810 1340 [ 8FFF9083252C16FE3960173722605E9E ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
20:56:32.0810 1340 IAStorDataMgrSvc - ok
20:56:32.0841 1340 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
20:56:32.0856 1340 iaStorV - ok
20:56:32.0919 1340 [ FC47F5CF561BF0FD897EFD1A9604DCCF ] iBtFltCoex C:\windows\system32\DRIVERS\iBtFltCoex.sys
20:56:32.0919 1340 iBtFltCoex - ok
20:56:32.0981 1340 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:56:33.0012 1340 idsvc - ok
20:56:33.0278 1340 [ 174BCAC474DE13B2650E444CF124828E ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
20:56:33.0496 1340 igfx - ok
20:56:33.0512 1340 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys
20:56:33.0512 1340 iirsp - ok
20:56:33.0574 1340 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
20:56:33.0621 1340 IKEEXT - ok
20:56:33.0668 1340 [ CADDF0927DAC63EDAE48F5C35A61D87D ] intaud_WaveExtensible C:\windows\system32\drivers\intelaud.sys
20:56:33.0683 1340 intaud_WaveExtensible - ok
20:56:33.0730 1340 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
20:56:33.0746 1340 IntcDAud - ok
20:56:33.0761 1340 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
20:56:33.0761 1340 intelide - ok
20:56:33.0808 1340 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
20:56:33.0824 1340 intelppm - ok
20:56:33.0886 1340 [ F651CAC43E18CE6CC0E56ED8437680CB ] Intuit Entitlement Service v5 C:\Program Files (x86)\Common Files\Intuit\Entitlement Client\v5\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe
20:56:33.0902 1340 Intuit Entitlement Service v5 - ok
20:56:33.0933 1340 [ 578CCF9A2A1A3BE8DC4140F6295AC995 ] IntuitUpdateService C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
20:56:33.0948 1340 IntuitUpdateService - ok
20:56:33.0980 1340 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
20:56:34.0011 1340 IPBusEnum - ok
20:56:34.0026 1340 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
20:56:34.0042 1340 IpFilterDriver - ok
20:56:34.0058 1340 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
20:56:34.0058 1340 IPMIDRV - ok
20:56:34.0104 1340 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
20:56:34.0151 1340 IPNAT - ok
20:56:34.0229 1340 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:56:34.0260 1340 iPod Service - ok
20:56:34.0276 1340 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
20:56:34.0292 1340 IRENUM - ok
20:56:34.0307 1340 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
20:56:34.0323 1340 isapnp - ok
20:56:34.0338 1340 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
20:56:34.0354 1340 iScsiPrt - ok
20:56:34.0401 1340 [ 716F66336F10885D935B08174DC54242 ] iwdbus C:\windows\system32\DRIVERS\iwdbus.sys
20:56:34.0401 1340 iwdbus - ok
20:56:34.0416 1340 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
20:56:34.0432 1340 kbdclass - ok
20:56:34.0448 1340 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
20:56:34.0448 1340 kbdhid - ok
20:56:34.0479 1340 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
20:56:34.0479 1340 KeyIso - ok
20:56:34.0510 1340 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
20:56:34.0510 1340 KSecDD - ok
20:56:34.0557 1340 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
20:56:34.0557 1340 KSecPkg - ok
20:56:34.0588 1340 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
20:56:34.0604 1340 ksthunk - ok
20:56:34.0666 1340 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
20:56:34.0728 1340 KtmRm - ok
20:56:34.0791 1340 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\System32\srvsvc.dll
20:56:34.0838 1340 LanmanServer - ok
20:56:34.0853 1340 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
20:56:34.0916 1340 LanmanWorkstation - ok
20:56:34.0947 1340 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
20:56:34.0978 1340 lltdio - ok
20:56:34.0994 1340 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
20:56:35.0072 1340 lltdsvc - ok
20:56:35.0087 1340 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
20:56:35.0118 1340 lmhosts - ok
20:56:35.0290 1340 [ 0803906D607A9B83184447B75B60ECC2 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
20:56:35.0321 1340 LMS - ok
20:56:35.0399 1340 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
20:56:35.0399 1340 LSI_FC - ok
20:56:35.0446 1340 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
20:56:35.0446 1340 LSI_SAS - ok
20:56:35.0462 1340 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
20:56:35.0462 1340 LSI_SAS2 - ok
20:56:35.0493 1340 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
20:56:35.0493 1340 LSI_SCSI - ok
20:56:35.0524 1340 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
20:56:35.0540 1340 luafv - ok
20:56:35.0602 1340 [ 79D51E7F5926E8CE1B3EBECEBAE28CFF ] mcdbus C:\windows\system32\DRIVERS\mcdbus.sys
20:56:35.0602 1340 mcdbus - ok
20:56:35.0633 1340 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
20:56:35.0664 1340 Mcx2Svc - ok
20:56:35.0664 1340 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys
20:56:35.0680 1340 megasas - ok
20:56:35.0696 1340 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
20:56:35.0696 1340 MegaSR - ok
20:56:35.0742 1340 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys
20:56:35.0742 1340 MEIx64 - ok
20:56:35.0774 1340 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
20:56:35.0789 1340 MMCSS - ok
20:56:35.0789 1340 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
20:56:35.0805 1340 Modem - ok
20:56:35.0820 1340 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
20:56:35.0820 1340 monitor - ok
20:56:35.0836 1340 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
20:56:35.0836 1340 mouclass - ok
20:56:35.0867 1340 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
20:56:35.0867 1340 mouhid - ok
20:56:35.0867 1340 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
20:56:35.0867 1340 mountmgr - ok
20:56:35.0914 1340 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\windows\system32\DRIVERS\MpFilter.sys
20:56:35.0930 1340 MpFilter - ok
20:56:35.0945 1340 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
20:56:35.0961 1340 mpio - ok
20:56:35.0961 1340 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
20:56:35.0976 1340 mpsdrv - ok
20:56:36.0023 1340 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
20:56:36.0086 1340 MpsSvc - ok
20:56:36.0101 1340 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
20:56:36.0117 1340 MRxDAV - ok
20:56:36.0148 1340 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
20:56:36.0210 1340 mrxsmb - ok
20:56:36.0226 1340 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
20:56:36.0288 1340 mrxsmb10 - ok
20:56:36.0304 1340 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
20:56:36.0335 1340 mrxsmb20 - ok
20:56:36.0366 1340 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
20:56:36.0366 1340 msahci - ok
20:56:36.0398 1340 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
20:56:36.0398 1340 msdsm - ok
20:56:36.0413 1340 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
20:56:36.0460 1340 MSDTC - ok
20:56:36.0491 1340 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
20:56:36.0491 1340 Msfs - ok
20:56:36.0538 1340 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
20:56:36.0554 1340 mshidkmdf - ok
20:56:36.0569 1340 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
20:56:36.0569 1340 msisadrv - ok
20:56:36.0585 1340 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
20:56:36.0632 1340 MSiSCSI - ok
20:56:36.0632 1340 msiserver - ok
20:56:36.0678 1340 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
20:56:36.0678 1340 MSKSSRV - ok
20:56:36.0741 1340 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
20:56:36.0741 1340 MsMpSvc - ok
20:56:36.0756 1340 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
20:56:36.0788 1340 MSPCLOCK - ok
20:56:36.0819 1340 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
20:56:36.0834 1340 MSPQM - ok
20:56:36.0866 1340 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
20:56:36.0866 1340 MsRPC - ok
20:56:36.0881 1340 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
20:56:36.0881 1340 mssmbios - ok
20:56:36.0897 1340 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
20:56:36.0912 1340 MSTEE - ok
20:56:36.0944 1340 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys
20:56:36.0944 1340 MTConfig - ok
20:56:36.0959 1340 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
20:56:36.0959 1340 Mup - ok
20:56:37.0006 1340 [ 8F57DB74BF5407A4CDA6C8B005DC8DD0 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
20:56:37.0006 1340 MyWiFiDHCPDNS - ok
20:56:37.0037 1340 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
20:56:37.0068 1340 napagent - ok
20:56:37.0100 1340 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
20:56:37.0146 1340 NativeWifiP - ok
20:56:37.0240 1340 [ 1BBBF640BC0E0B750537BAECE8D66C18 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
20:56:37.0256 1340 NAUpdate - ok
20:56:37.0318 1340 [ C38B8AE57F78915905064A9A24DC1586 ] NDIS C:\windows\system32\drivers\ndis.sys
20:56:37.0349 1340 NDIS - ok
20:56:37.0365 1340 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
20:56:37.0380 1340 NdisCap - ok
20:56:37.0396 1340 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
20:56:37.0427 1340 NdisTapi - ok
20:56:37.0443 1340 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
20:56:37.0458 1340 Ndisuio - ok
20:56:37.0474 1340 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
20:56:37.0505 1340 NdisWan - ok
20:56:37.0521 1340 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
20:56:37.0536 1340 NDProxy - ok
20:56:37.0552 1340 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
20:56:37.0552 1340 NetBIOS - ok
20:56:37.0583 1340 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
20:56:37.0614 1340 NetBT - ok
20:56:37.0630 1340 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
20:56:37.0630 1340 Netlogon - ok
20:56:37.0677 1340 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
20:56:37.0692 1340 Netman - ok
20:56:37.0739 1340 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:56:37.0739 1340 NetMsmqActivator - ok
20:56:37.0755 1340 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:56:37.0755 1340 NetPipeActivator - ok
20:56:37.0786 1340 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
20:56:37.0786 1340 netprofm - ok
20:56:37.0786 1340 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:56:37.0786 1340 NetTcpActivator - ok
20:56:37.0802 1340 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:56:37.0802 1340 NetTcpPortSharing - ok
20:56:37.0989 1340 [ 50AD7F7040C22BB7CAA59A0880875A21 ] NETwNs64 C:\windows\system32\DRIVERS\NETwNs64.sys
20:56:38.0160 1340 NETwNs64 - ok
20:56:38.0192 1340 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
20:56:38.0192 1340 nfrd960 - ok
20:56:38.0254 1340 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\windows\system32\DRIVERS\NisDrvWFP.sys
20:56:38.0254 1340 NisDrv - ok
20:56:38.0285 1340 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
20:56:38.0285 1340 NisSrv - ok
20:56:38.0379 1340 [ 0734398D3D99986BB8006E9BB5EAB1E5 ] NitroReaderDriverReadSpool2 C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
20:56:38.0379 1340 NitroReaderDriverReadSpool2 - ok
20:56:38.0426 1340 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\windows\System32\nlasvc.dll
20:56:38.0472 1340 NlaSvc - ok
20:56:38.0613 1340 [ B9B72FAAAA41D59B73B88FE3DD737ED1 ] NOBU C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
20:56:38.0691 1340 NOBU - ok
20:56:38.0691 1340 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
20:56:38.0706 1340 Npfs - ok
20:56:38.0722 1340 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
20:56:38.0753 1340 nsi - ok
20:56:38.0784 1340 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
20:56:38.0800 1340 nsiproxy - ok
20:56:38.0862 1340 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
20:56:38.0940 1340 Ntfs - ok
20:56:38.0972 1340 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
20:56:38.0987 1340 Null - ok
20:56:39.0050 1340 [ 158AD24745BD85BA9BE3C51C38F48C32 ] nusb3hub C:\windows\system32\DRIVERS\nusb3hub.sys
20:56:39.0050 1340 nusb3hub - ok
20:56:39.0096 1340 [ D40A13B2C0891E218F9523B376955DB6 ] nusb3xhc C:\windows\system32\DRIVERS\nusb3xhc.sys
20:56:39.0096 1340 nusb3xhc - ok
20:56:39.0143 1340 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
20:56:39.0143 1340 nvraid - ok
20:56:39.0174 1340 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
20:56:39.0174 1340 nvstor - ok
20:56:39.0206 1340 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
20:56:39.0206 1340 nv_agp - ok
20:56:39.0221 1340 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
20:56:39.0237 1340 ohci1394 - ok
20:56:39.0299 1340 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:56:39.0299 1340 ose - ok
20:56:39.0455 1340 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:56:39.0564 1340 osppsvc - ok
20:56:39.0596 1340 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
20:56:39.0611 1340 p2pimsvc - ok
20:56:39.0627 1340 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
20:56:39.0642 1340 p2psvc - ok
20:56:39.0674 1340 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys
20:56:39.0674 1340 Parport - ok
20:56:39.0705 1340 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
20:56:39.0705 1340 partmgr - ok
20:56:39.0736 1340 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
20:56:39.0767 1340 PcaSvc - ok
20:56:39.0783 1340 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
20:56:39.0783 1340 pci - ok
20:56:39.0798 1340 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
20:56:39.0798 1340 pciide - ok
20:56:39.0798 1340 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys
20:56:39.0814 1340 pcmcia - ok
20:56:39.0814 1340 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
20:56:39.0830 1340 pcw - ok
20:56:39.0861 1340 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
20:56:39.0892 1340 PEAUTH - ok
20:56:39.0970 1340 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
20:56:40.0001 1340 PerfHost - ok
20:56:40.0064 1340 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
20:56:40.0220 1340 pla - ok
20:56:40.0282 1340 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
20:56:40.0329 1340 PlugPlay - ok
20:56:40.0344 1340 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
20:56:40.0376 1340 PNRPAutoReg - ok
20:56:40.0407 1340 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
20:56:40.0407 1340 PNRPsvc - ok
20:56:40.0516 1340 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
20:56:40.0563 1340 PolicyAgent - ok
20:56:40.0703 1340 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
20:56:40.0734 1340 Power - ok
20:56:40.0781 1340 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
20:56:40.0797 1340 PptpMiniport - ok
20:56:40.0812 1340 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys
20:56:40.0812 1340 Processor - ok
20:56:40.0844 1340 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
20:56:40.0890 1340 ProfSvc - ok
20:56:40.0890 1340 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
20:56:40.0890 1340 ProtectedStorage - ok
20:56:40.0937 1340 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
20:56:40.0968 1340 Psched - ok
20:56:41.0031 1340 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\windows\system32\Drivers\PxHlpa64.sys
20:56:41.0031 1340 PxHlpa64 - ok
20:56:41.0078 1340 [ 4080E220EB20D87AE74D12570B8A8027 ] QBCFMonitorService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
20:56:41.0093 1340 QBCFMonitorService - ok
20:56:41.0124 1340 [ 6BEE1814470DC12FA20C53DFC3C97EBB ] QBFCService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
20:56:41.0156 1340 QBFCService - ok
20:56:41.0280 1340 [ 97B62DD56A7920E843F4D2B74DE5B034 ] QBPOSDBServiceV7 C:\Program Files (x86)\Intuit\QuickBooks Point of Sale 7.0\DatabaseServer\QBPOSDBServiceV7.exe
20:56:41.0312 1340 QBPOSDBServiceV7 - ok
20:56:41.0358 1340 [ 8F5B666C7035DEEB6D945F4E4647C96A ] QBVSS C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
20:56:41.0468 1340 QBVSS - ok
20:56:41.0546 1340 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys
20:56:41.0592 1340 ql2300 - ok
20:56:41.0624 1340 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys
20:56:41.0624 1340 ql40xx - ok
20:56:41.0670 1340 QuickBooksDB22 - ok
20:56:41.0702 1340 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
20:56:41.0764 1340 QWAVE - ok
20:56:41.0795 1340 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
20:56:41.0811 1340 QWAVEdrv - ok
20:56:41.0826 1340 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
20:56:41.0842 1340 RasAcd - ok
20:56:41.0873 1340 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
20:56:41.0904 1340 RasAgileVpn - ok
20:56:41.0904 1340 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
20:56:41.0936 1340 RasAuto - ok
20:56:41.0951 1340 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
20:56:41.0998 1340 Rasl2tp - ok
20:56:42.0045 1340 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
20:56:42.0107 1340 RasMan - ok
20:56:42.0107 1340 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
20:56:42.0138 1340 RasPppoe - ok
20:56:42.0154 1340 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
20:56:42.0185 1340 RasSstp - ok
20:56:42.0201 1340 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
20:56:42.0232 1340 rdbss - ok
20:56:42.0263 1340 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys
20:56:42.0263 1340 rdpbus - ok
20:56:42.0279 1340 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
20:56:42.0294 1340 RDPCDD - ok
20:56:42.0310 1340 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
20:56:42.0326 1340 RDPENCDD - ok
20:56:42.0341 1340 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
20:56:42.0357 1340 RDPREFMP - ok
20:56:42.0388 1340 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
20:56:42.0435 1340 RDPWD - ok
20:56:42.0466 1340 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
20:56:42.0466 1340 rdyboost - ok
20:56:42.0544 1340 [ FD11C1287D38A46FB72353E14D50089C ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
20:56:42.0575 1340 RegSrvc - ok
20:56:42.0606 1340 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
20:56:42.0653 1340 RemoteAccess - ok
20:56:42.0684 1340 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
20:56:42.0731 1340 RemoteRegistry - ok
20:56:42.0762 1340 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
20:56:42.0778 1340 RFCOMM - ok
20:56:42.0809 1340 [ AD42432D22940B4215177BE113E4919C ] RimUsb C:\windows\system32\Drivers\RimUsb_AMD64.sys
20:56:42.0809 1340 RimUsb - ok
20:56:42.0872 1340 [ 4AAFFFA67AC4DFA3D9985D78573887E2 ] RimVSerPort C:\windows\system32\DRIVERS\RimSerial_AMD64.sys
20:56:42.0872 1340 RimVSerPort - ok
20:56:42.0903 1340 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\windows\system32\Drivers\RootMdm.sys
20:56:42.0934 1340 ROOTMODEM - ok
20:56:43.0074 1340 [ 053A0D66B1982D93A20062E4DA40B29B ] RoxMediaDB13 C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe
20:56:43.0106 1340 RoxMediaDB13 - ok
20:56:43.0137 1340 [ 495C85B15470374A9499451893742EE6 ] RoxWatch12 C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe
20:56:43.0152 1340 RoxWatch12 - ok
20:56:43.0168 1340 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
20:56:43.0199 1340 RpcEptMapper - ok
20:56:43.0230 1340 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
20:56:43.0262 1340 RpcLocator - ok
20:56:43.0277 1340 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\System32\rpcss.dll
20:56:43.0277 1340 RpcSs - ok
20:56:43.0308 1340 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
20:56:43.0340 1340 rspndr - ok
20:56:43.0386 1340 [ BE29B0A3AC1E8BD02FFAB8CEE86BADFA ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys
20:56:43.0402 1340 RSUSBSTOR - ok
20:56:43.0433 1340 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
20:56:43.0449 1340 RTL8167 - ok
20:56:43.0496 1340 [ 27DB9153D259D632D15483DEEAB799ED ] Sahdad64 C:\windows\system32\Drivers\Sahdad64.sys
20:56:43.0496 1340 Sahdad64 - ok
20:56:43.0542 1340 [ F77849D909B90BCACFCF7295AECF299B ] Saibad64 C:\windows\system32\Drivers\Saibad64.sys
20:56:43.0542 1340 Saibad64 - ok
20:56:43.0574 1340 [ 704D415290A568F68DE20942DAC23F7E ] SaibVdAd64 C:\windows\system32\Drivers\SaibVdAd64.sys
20:56:43.0574 1340 SaibVdAd64 - ok
20:56:43.0605 1340 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
20:56:43.0605 1340 SamSs - ok
20:56:43.0698 1340 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
20:56:43.0698 1340 SASDIFSV - ok
20:56:43.0714 1340 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
20:56:43.0714 1340 SASKUTIL - ok
20:56:43.0745 1340 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
20:56:43.0745 1340 sbp2port - ok
20:56:43.0761 1340 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
20:56:43.0808 1340 SCardSvr - ok
20:56:43.0823 1340 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
20:56:43.0823 1340 scfilter - ok
20:56:43.0870 1340 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
20:56:43.0917 1340 Schedule - ok
20:56:43.0948 1340 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
20:56:43.0948 1340 SCPolicySvc - ok
20:56:43.0979 1340 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
20:56:44.0026 1340 SDRSVC - ok
20:56:44.0073 1340 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
20:56:44.0073 1340 secdrv - ok
20:56:44.0088 1340 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
20:56:44.0120 1340 seclogon - ok
20:56:44.0135 1340 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\system32\sens.dll
20:56:44.0151 1340 SENS - ok
20:56:44.0166 1340 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
20:56:44.0182 1340 SensrSvc - ok
20:56:44.0198 1340 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys
20:56:44.0198 1340 Serenum - ok
20:56:44.0244 1340 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys
20:56:44.0244 1340 Serial - ok
20:56:44.0276 1340 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys
20:56:44.0276 1340 sermouse - ok
20:56:44.0307 1340 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
20:56:44.0338 1340 SessionEnv - ok
20:56:44.0338 1340 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
20:56:44.0338 1340 sffdisk - ok
20:56:44.0354 1340 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
20:56:44.0354 1340 sffp_mmc - ok
20:56:44.0369 1340 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
20:56:44.0369 1340 sffp_sd - ok
20:56:44.0385 1340 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
20:56:44.0385 1340 sfloppy - ok
20:56:44.0447 1340 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\windows\system32\DRIVERS\Sftfslh.sys
20:56:44.0463 1340 Sftfs - ok
20:56:44.0525 1340 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
20:56:44.0541 1340 sftlist - ok
20:56:44.0556 1340 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\windows\system32\DRIVERS\Sftplaylh.sys
20:56:44.0572 1340 Sftplay - ok
20:56:44.0572 1340 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\windows\system32\DRIVERS\Sftredirlh.sys
20:56:44.0572 1340 Sftredir - ok
20:56:44.0681 1340 [ 1968E6EBBEECF61D5F7D8603467E2AD0 ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
20:56:44.0759 1340 SftService - ok
20:56:44.0790 1340 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\windows\system32\DRIVERS\Sftvollh.sys
20:56:44.0790 1340 Sftvol - ok
20:56:44.0806 1340 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
20:56:44.0822 1340 sftvsa - ok
20:56:44.0868 1340 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
20:56:44.0915 1340 SharedAccess - ok
20:56:44.0946 1340 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
20:56:45.0009 1340 ShellHWDetection - ok
20:56:45.0040 1340 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
20:56:45.0040 1340 SiSRaid2 - ok
20:56:45.0056 1340 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
20:56:45.0071 1340 SiSRaid4 - ok
20:56:45.0102 1340 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
20:56:45.0134 1340 Smb - ok
20:56:45.0180 1340 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
20:56:45.0212 1340 SNMPTRAP - ok
20:56:45.0212 1340 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
20:56:45.0212 1340 spldr - ok
20:56:45.0243 1340 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
20:56:45.0290 1340 Spooler - ok
20:56:45.0383 1340 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
20:56:45.0477 1340 sppsvc - ok
20:56:45.0492 1340 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
20:56:45.0508 1340 sppuinotify - ok
20:56:45.0539 1340 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
20:56:45.0570 1340 srv - ok
20:56:45.0586 1340 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
20:56:45.0617 1340 srv2 - ok
20:56:45.0633 1340 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
20:56:45.0664 1340 srvnet - ok
20:56:45.0695 1340 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
20:56:45.0695 1340 SSDPSRV - ok
20:56:45.0711 1340 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
20:56:45.0820 1340 SstpSvc - ok
20:56:46.0023 1340 [ B2D8B364A831427A5741F6C408FA8AE3 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
20:56:46.0085 1340 STacSV - ok
20:56:46.0101 1340 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys
20:56:46.0101 1340 stexstor - ok
20:56:46.0163 1340 [ EF5ACDE92BA3F691BBFEF781CB063501 ] STHDA C:\windows\system32\DRIVERS\stwrt64.sys
20:56:46.0179 1340 STHDA - ok
20:56:46.0226 1340 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
20:56:46.0272 1340 stisvc - ok
20:56:46.0288 1340 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys
20:56:46.0288 1340 swenum - ok
20:56:46.0319 1340 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
20:56:46.0382 1340 swprv - ok
20:56:46.0444 1340 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
20:56:46.0475 1340 SysMain - ok
20:56:46.0506 1340 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
20:56:46.0522 1340 TabletInputService - ok
20:56:46.0538 1340 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
20:56:46.0600 1340 TapiSrv - ok
20:56:46.0616 1340 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
20:56:46.0631 1340 TBS - ok
20:56:46.0740 1340 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\windows\system32\drivers\tcpip.sys
20:56:46.0803 1340 Tcpip - ok
20:56:46.0818 1340 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
20:56:46.0834 1340 TCPIP6 - ok
20:56:46.0865 1340 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
20:56:46.0881 1340 tcpipreg - ok
20:56:46.0912 1340 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
20:56:46.0912 1340 TDPIPE - ok
20:56:46.0943 1340 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
20:56:46.0959 1340 TDTCP - ok
20:56:46.0974 1340 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
20:56:46.0990 1340 tdx - ok
20:56:47.0130 1340 [ A4D2CE94B028EF1E437CF4AC3D8FF26C ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
20:56:47.0193 1340 TeamViewer7 - ok
20:56:47.0224 1340 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
20:56:47.0224 1340 TermDD - ok
20:56:47.0255 1340 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
20:56:47.0318 1340 TermService - ok
20:56:47.0333 1340 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
20:56:47.0349 1340 Themes - ok
20:56:47.0396 1340 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
20:56:47.0396 1340 THREADORDER - ok
20:56:47.0411 1340 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
20:56:47.0458 1340 TrkWks - ok
20:56:47.0505 1340 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
20:56:47.0567 1340 TrustedInstaller - ok
20:56:47.0583 1340 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
20:56:47.0598 1340 tssecsrv - ok
20:56:47.0614 1340 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
20:56:47.0645 1340 TsUsbFlt - ok
20:56:47.0676 1340 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
20:56:47.0676 1340 TsUsbGD - ok
20:56:47.0723 1340 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
20:56:47.0754 1340 tunnel - ok
20:56:47.0770 1340 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys
20:56:47.0770 1340 uagp35 - ok
20:56:47.0817 1340 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
20:56:47.0848 1340 udfs - ok
20:56:47.0879 1340 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
20:56:47.0926 1340 UI0Detect - ok
20:56:47.0957 1340 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
20:56:47.0957 1340 uliagpkx - ok
20:56:47.0988 1340 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
20:56:47.0988 1340 umbus - ok
20:56:48.0004 1340 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys
20:56:48.0004 1340 UmPass - ok
20:56:48.0144 1340 [ EB79C6C91A99930015EF29AE7FA802D1 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
20:56:48.0222 1340 UNS - ok
20:56:48.0254 1340 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
20:56:48.0300 1340 upnphost - ok
20:56:48.0347 1340 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys
20:56:48.0347 1340 USBAAPL64 - ok
20:56:48.0378 1340 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
20:56:48.0394 1340 usbccgp - ok
20:56:48.0410 1340 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
20:56:48.0410 1340 usbcir - ok
20:56:48.0425 1340 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
20:56:48.0425 1340 usbehci - ok
20:56:48.0472 1340 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
20:56:48.0488 1340 usbhub - ok
20:56:48.0503 1340 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
20:56:48.0503 1340 usbohci - ok
20:56:48.0550 1340 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
20:56:48.0550 1340 usbprint - ok
20:56:48.0597 1340 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
20:56:48.0597 1340 usbscan - ok
20:56:48.0628 1340 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
20:56:48.0628 1340 USBSTOR - ok
20:56:48.0644 1340 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
20:56:48.0644 1340 usbuhci - ok
20:56:48.0690 1340 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
20:56:48.0690 1340 usbvideo - ok
20:56:48.0722 1340 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
20:56:48.0753 1340 UxSms - ok
20:56:48.0768 1340 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
20:56:48.0768 1340 VaultSvc - ok
20:56:48.0800 1340 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
20:56:48.0800 1340 vdrvroot - ok
20:56:48.0831 1340 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
20:56:48.0862 1340 vds - ok
20:56:48.0878 1340 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
20:56:48.0893 1340 vga - ok
20:56:48.0893 1340 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
20:56:48.0909 1340 VgaSave - ok
20:56:48.0924 1340 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
20:56:48.0940 1340 vhdmp - ok
20:56:48.0956 1340 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
20:56:48.0956 1340 viaide - ok
20:56:48.0987 1340 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
20:56:48.0987 1340 volmgr - ok
20:56:49.0018 1340 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
20:56:49.0018 1340 volmgrx - ok
20:56:49.0049 1340 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
20:56:49.0049 1340 volsnap - ok
20:56:49.0080 1340 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
20:56:49.0080 1340 vsmraid - ok
20:56:49.0158 1340 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
20:56:49.0283 1340 VSS - ok
20:56:49.0299 1340 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
20:56:49.0346 1340 vwifibus - ok
20:56:49.0377 1340 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
20:56:49.0392 1340 vwififlt - ok
20:56:49.0424 1340 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
20:56:49.0424 1340 vwifimp - ok
20:56:49.0455 1340 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
20:56:49.0502 1340 W32Time - ok
20:56:49.0517 1340 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys
20:56:49.0517 1340 WacomPen - ok
20:56:49.0548 1340 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
20:56:49.0580 1340 WANARP - ok
20:56:49.0580 1340 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
20:56:49.0580 1340 Wanarpv6 - ok
20:56:49.0658 1340 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
20:56:49.0704 1340 WatAdminSvc - ok
20:56:49.0767 1340 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
20:56:49.0954 1340 wbengine - ok
20:56:49.0970 1340 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
20:56:50.0001 1340 WbioSrvc - ok
20:56:50.0016 1340 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
20:56:50.0048 1340 wcncsvc - ok
20:56:50.0048 1340 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
20:56:50.0079 1340 WcsPlugInService - ok
20:56:50.0094 1340 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys
20:56:50.0094 1340 Wd - ok
20:56:50.0126 1340 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\windows\system32\DRIVERS\wdcsam64.sys
20:56:50.0141 1340 WDC_SAM - ok
20:56:50.0172 1340 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
20:56:50.0188 1340 Wdf01000 - ok
20:56:50.0204 1340 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
20:56:50.0219 1340 WdiServiceHost - ok
20:56:50.0219 1340 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
20:56:50.0235 1340 WdiSystemHost - ok
20:56:50.0250 1340 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
20:56:50.0282 1340 WebClient - ok
20:56:50.0297 1340 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
20:56:50.0344 1340 Wecsvc - ok
20:56:50.0360 1340 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
20:56:50.0375 1340 wercplsupport - ok
20:56:50.0391 1340 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
20:56:50.0422 1340 WerSvc - ok
20:56:50.0453 1340 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
20:56:50.0469 1340 WfpLwf - ok
20:56:50.0516 1340 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\windows\system32\DRIVERS\wimfltr.sys
20:56:50.0516 1340 WimFltr - ok
20:56:50.0531 1340 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
20:56:50.0531 1340 WIMMount - ok
20:56:50.0547 1340 WinHttpAutoProxySvc - ok
20:56:50.0594 1340 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
20:56:50.0640 1340 Winmgmt - ok
20:56:50.0703 1340 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
20:56:50.0796 1340 WinRM - ok
20:56:50.0859 1340 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
20:56:50.0859 1340 WinUsb - ok
20:56:50.0890 1340 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
20:56:50.0937 1340 Wlansvc - ok
20:56:50.0984 1340 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
20:56:50.0984 1340 wlcrasvc - ok
20:56:51.0374 1340 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:56:51.0436 1340 wlidsvc - ok
20:56:51.0467 1340 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys
20:56:51.0467 1340 WmiAcpi - ok
20:56:51.0498 1340 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
20:56:51.0545 1340 wmiApSrv - ok
20:56:51.0561 1340 WMPNetworkSvc - ok
20:56:51.0592 1340 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
20:56:51.0623 1340 WPCSvc - ok
20:56:51.0639 1340 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
20:56:51.0654 1340 WPDBusEnum - ok
20:56:51.0670 1340 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
20:56:51.0686 1340 ws2ifsl - ok
20:56:51.0701 1340 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\system32\wscsvc.dll
20:56:51.0717 1340 wscsvc - ok
20:56:51.0717 1340 WSearch - ok
20:56:51.0732 1340 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\windows\system32\drivers\WudfPf.sys
20:56:51.0748 1340 WudfPf - ok
20:56:51.0764 1340 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
20:56:51.0779 1340 WUDFRd - ok
20:56:51.0795 1340 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll
20:56:51.0810 1340 wudfsvc - ok
20:56:51.0826 1340 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
20:56:51.0888 1340 WwanSvc - ok
20:56:51.0920 1340 ================ Scan global ===============================
20:56:51.0951 1340 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
20:56:51.0998 1340 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
20:56:52.0060 1340 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
20:56:52.0076 1340 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
20:56:52.0154 1340 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
20:56:52.0200 1340 [Global] - ok
20:56:52.0200 1340 ================ Scan MBR ==================================
20:56:52.0216 1340 [ F1BC9A487FAD21118DA4D5B596310BA4 ] \Device\Harddisk0\DR0
20:56:52.0528 1340 \Device\Harddisk0\DR0 - ok
20:56:52.0528 1340 ================ Scan VBR ==================================
20:56:52.0544 1340 [ 398B04CE84F1BC25A38B17838B34B576 ] \Device\Harddisk0\DR0\Partition1
20:56:52.0544 1340 \Device\Harddisk0\DR0\Partition1 - ok
20:56:52.0559 1340 [ 7C56195D6B62721315EB0286B2DEB754 ] \Device\Harddisk0\DR0\Partition2
20:56:52.0559 1340 \Device\Harddisk0\DR0\Partition2 - ok
20:56:52.0559 1340 [ 9353CF31A6EC515E78353D1600509A2F ] \Device\Harddisk0\DR0\Partition3
20:56:52.0559 1340 \Device\Harddisk0\DR0\Partition3 - ok
20:56:52.0559 1340 ============================================================
20:56:52.0559 1340 Scan finished
20:56:52.0559 1340 ============================================================
20:56:52.0575 3660 Detected object count: 0
20:56:52.0575 3660 Actual detected object count: 0
21:01:53.0702 1864 Deinitialize success

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-28 21:04:45
-----------------------------
21:04:45.685 OS Version: Windows x64 6.1.7601 Service Pack 1
21:04:45.685 Number of processors: 4 586 0x2A07
21:04:45.701 ComputerName: D4N1OCK52 UserName: Sam
21:04:46.855 Initialize success
21:06:29.031 AVAST engine defs: 12102801
21:06:49.467 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:06:49.467 Disk 0 Vendor: WDC_WD50 03.0 Size: 476940MB BusType: 3
21:06:49.483 Disk 0 MBR read successfully
21:06:49.483 Disk 0 MBR scan
21:06:49.498 Disk 0 unknown MBR code
21:06:49.498 Disk 0 Partition 1 00 06 FAT16 Dell 8.0 100 MB offset 2048
21:06:49.530 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 13983 MB offset 206848
21:06:49.561 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461838 MB offset 30926848
21:06:49.639 Disk 0 scanning C:\windows\system32\drivers
21:07:03.944 Service scanning
21:07:47.406 Modules scanning
21:07:47.406 Disk 0 trace - called modules:
21:07:47.452 ntoskrnl.exe CLASSPNP.SYS disk.sys Sahdad64.sys ACPI.sys iaStor.sys hal.dll
21:07:47.967 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004745060]
21:07:47.967 3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> [0xfffffa800437ea20]
21:07:47.983 5 Sahdad64.sys[fffff88001b99e25] -> nt!IofCallDriver -> [0xfffffa8004110200]
21:07:47.998 7 ACPI.sys[fffff88000f8a7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004116050]
21:07:49.652 AVAST engine scan C:\windows
21:07:54.036 AVAST engine scan C:\windows\system32
21:13:14.928 AVAST engine scan C:\windows\system32\drivers
21:13:32.431 AVAST engine scan C:\Users\Sam
21:33:21.353 Disk 0 MBR has been saved successfully to "C:\Users\Sam\Desktop\MBR.dat"
21:33:21.368 The log file has been saved successfully to "C:\Users\Sam\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-28 21:04:45
-----------------------------
21:04:45.685 OS Version: Windows x64 6.1.7601 Service Pack 1
21:04:45.685 Number of processors: 4 586 0x2A07
21:04:45.701 ComputerName: D4N1OCK52 UserName: Sam
21:04:46.855 Initialize success
21:06:29.031 AVAST engine defs: 12102801
21:06:49.467 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:06:49.467 Disk 0 Vendor: WDC_WD50 03.0 Size: 476940MB BusType: 3
21:06:49.483 Disk 0 MBR read successfully
21:06:49.483 Disk 0 MBR scan
21:06:49.498 Disk 0 unknown MBR code
21:06:49.498 Disk 0 Partition 1 00 06 FAT16 Dell 8.0 100 MB offset 2048
21:06:49.530 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 13983 MB offset 206848
21:06:49.561 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461838 MB offset 30926848
21:06:49.639 Disk 0 scanning C:\windows\system32\drivers
21:07:03.944 Service scanning
21:07:47.406 Modules scanning
21:07:47.406 Disk 0 trace - called modules:
21:07:47.452 ntoskrnl.exe CLASSPNP.SYS disk.sys Sahdad64.sys ACPI.sys iaStor.sys hal.dll
21:07:47.967 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004745060]
21:07:47.967 3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> [0xfffffa800437ea20]
21:07:47.983 5 Sahdad64.sys[fffff88001b99e25] -> nt!IofCallDriver -> [0xfffffa8004110200]
21:07:47.998 7 ACPI.sys[fffff88000f8a7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004116050]
21:07:49.652 AVAST engine scan C:\windows
21:07:54.036 AVAST engine scan C:\windows\system32
21:13:14.928 AVAST engine scan C:\windows\system32\drivers
21:13:32.431 AVAST engine scan C:\Users\Sam
21:33:21.353 Disk 0 MBR has been saved successfully to "C:\Users\Sam\Desktop\MBR.dat"
21:33:21.368 The log file has been saved successfully to "C:\Users\Sam\Desktop\aswMBR.txt"
21:45:20.796 File: C:\Users\Sam\Desktop\UNCLE LEO NEW\OTL.exe **INFECTED** Win32:Rootkit-gen [Rtk]
22:10:47.633 AVAST engine scan C:\ProgramData
22:41:13.039 Scan finished successfully
22:46:38.347 Disk 0 MBR has been saved successfully to "C:\Users\Sam\Desktop\MBR.dat"
22:46:38.378 The log file has been saved successfully to "C:\Users\Sam\Desktop\aswMBR.txt"


DDS (Ver_2012-10-19.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.4.1
Run by Sam at 22:52:28 on 2012-10-28
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4003.1808 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\taskhost.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\DllHost.exe
C:\PROGRA~2\Intuit\QUICKB~2.0\QBDBMgrN.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Users\Sam\Desktop\aswMBR.exe
C:\windows\system32\NOTEPAD.EXE
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.msn.com
uSearch Bar = Preserve
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
dRun: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: mswsock.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} - hxxp://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{36F1FBFF-0972-470B-B432-AB8079472658} : DHCPNameServer = 10.1.10.1
TCP: Interfaces\{BF6FE90D-67F8-475A-93A4-1574B7FEADC9} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{BF6FE90D-67F8-475A-93A4-1574B7FEADC9}\0527F6 : DHCPNameServer = 10.1.10.1
TCP: Interfaces\{BF6FE90D-67F8-475A-93A4-1574B7FEADC9}\E45747 : DHCPNameServer = 10.1.10.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWOW64\CbFsMntNtf3.dll
STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey
x64-DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\System32\CbFsMntNtf3.dll
x64-STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\System32\CbFsMntNtf3.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2011-12-27 55856]
R0 Sahdad64;HDD Filter Driver;C:\windows\System32\drivers\Sahdad64.sys [2011-12-27 27120]
R0 Saibad64;Volume Filter Driver;C:\windows\System32\drivers\Saibad64.sys [2011-12-27 19952]
R1 SaibVdAd64;Virtual Disk Driver;C:\windows\System32\drivers\SaibVdAd64.sys [2011-12-27 27632]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2012-8-30 128456]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\windows\System32\drivers\AmpPal.sys [2011-8-8 299008]
R3 btmaudio;Intel Bluetooth Audio Service;C:\windows\System32\drivers\btmaud.sys [2011-5-19 51712]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\windows\System32\drivers\btmaux.sys [2011-5-19 53248]
R3 cbfs3;EldoS Callback File System driver v3;C:\windows\System32\drivers\cbfs3.sys [2012-10-15 352144]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\System32\drivers\CtClsFlt.sys [2011-9-28 176096]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-9-28 317440]
R3 iwdbus;IWD Bus Enumerator;C:\windows\System32\drivers\iwdbus.sys [2011-3-24 25496]
R3 MEIx64;Intel® Management Engine Interface ;C:\windows\System32\drivers\HECIx64.sys [2010-10-20 56344]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\System32\drivers\NETwNs64.sys [2011-8-3 8604672]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2010-12-10 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2010-12-10 181248]
R3 QuickBooksDB22;QuickBooksDB22;C:\PROGRA~2\Intuit\QUICKB~2.0\QBDBMgrN.exe -hvQuickBooksDB22 --> C:\PROGRA~2\Intuit\QUICKB~2.0\QBDBMgrN.exe -hvQuickBooksDB22 [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
S1 pweofvqp;pweofvqp;C:\windows\System32\drivers\pweofvqp.sys [2012-10-28 49872]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\windows\System32\drivers\AmpPal.sys [2011-8-8 299008]
S3 btmhsf;btmhsf;C:\windows\System32\drivers\btmhsf.sys [2011-11-15 327168]
S3 iBtFltCoex;iBtFltCoex;C:\windows\System32\drivers\iBtFltCoex.sys [2011-12-9 60416]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\windows\System32\drivers\intelaud.sys [2011-3-24 34200]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-9-28 250984]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-11-5 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [2009-6-2 457200]
S4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
S4 AdvancedSystemCareService6;Advanced SystemCare Service 6;C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2012-10-24 1026432]
S4 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-9-28 89600]
S4 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-8-8 1166848]
S4 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-5-19 921664]
S4 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-5-19 1335360]
S4 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-5-19 995392]
S4 BOT4Service;BOT4Service;C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [2010-8-31 39408]
S4 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928]
S4 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-3-24 148360]
S4 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-20 136176]
S4 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-20 136176]
S4 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-9-28 13336]
S4 Intuit Entitlement Service v5;Intuit Entitlement Service v5;C:\Program Files (x86)\Common Files\Intuit\Entitlement Client\v5\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe [2007-6-20 20480]
S4 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-7-27 340240]
S4 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-9-23 641832]
S4 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2011-6-21 341296]
S4 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
S4 QBPOSDBServiceV7;QBPOS Database Manager v7;C:\Program Files (x86)\Intuit\QuickBooks Point of Sale 7.0\DatabaseServer\QBPOSDBServiceV7.exe [2007-9-13 2613072]
S4 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-11-2 1248256]
S4 RoxMediaDB13;RoxMediaDB13;C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [2010-7-16 1099248]
S4 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [2010-7-16 354288]
S4 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-9-28 1692480]
S4 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-5-9 2666880]
S4 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-9-28 2655768]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-10-29 01:11:31 49872 ----a-w- C:\windows\System32\drivers\pweofvqp.sys
2012-10-29 01:11:22 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{773C246C-8A05-45F4-A14F-BBA4FC153453}\offreg.dll
2012-10-27 21:11:51 972192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1FEF887F-CCF5-40A6-BE12-D0C5F794DCA6}\gapaengine.dll
2012-10-27 21:11:35 9291768 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{773C246C-8A05-45F4-A14F-BBA4FC153453}\mpengine.dll
2012-10-27 21:10:06 9291768 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-27 21:07:04 -------- d-----w- C:\windows\SysWow64\wbem\Performance
2012-10-27 21:05:38 303616 ----a-w- C:\SetACL.exe
2012-10-27 20:52:36 290304 ----a-w- C:\subinacl.exe
2012-10-27 20:49:33 -------- d-----w- C:\RegBackup
2012-10-27 20:23:49 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-10-27 20:23:19 -------- d-----w- C:\Program Files (x86)\Tweaking.com
2012-10-26 21:05:52 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-10-26 21:05:50 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-10-26 18:49:46 -------- d-----w- C:\Users\Sam\AppData\Roaming\SUPERAntiSpyware.com
2012-10-26 18:49:39 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-10-26 18:49:39 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-10-26 11:26:21 -------- d-----w- C:\Users\Sam\AppData\Local\{02C73F55-5A04-434C-A9BF-441172A4900F}
2012-10-25 11:35:22 -------- d-----w- C:\Users\Sam\AppData\Local\{64BBB636-3850-4006-8DAB-5D360ACEBB9F}
2012-10-24 14:50:21 -------- d-----w- C:\Users\Sam\AppData\Local\{3B89BC27-0E57-4971-94D2-4D19FD1B0BA6}
2012-10-24 02:49:57 -------- d-----w- C:\Users\Sam\AppData\Local\{2B0E97A0-577A-487B-B9C5-69334AED9373}
2012-10-23 14:49:32 -------- d-----w- C:\Users\Sam\AppData\Local\{B9FB42A3-40D3-408F-AEC6-BF3AABCB24F5}
2012-10-23 02:49:08 -------- d-----w- C:\Users\Sam\AppData\Local\{2DF27812-9797-4752-9BDB-2B0F11EE6643}
2012-10-22 12:00:38 -------- d-----w- C:\Users\Sam\AppData\Local\{D2704D23-6647-4146-9EBB-6C2E5AC86054}
2012-10-21 16:32:18 -------- d-----w- C:\Users\Sam\AppData\Local\{1B03001E-DBE9-44CE-B26A-103ED53B13BC}
2012-10-21 04:31:54 -------- d-----w- C:\Users\Sam\AppData\Local\{40F431F6-040A-45C3-9CA8-1FB76B962FAB}
2012-10-20 14:28:47 -------- d-----w- C:\Users\Sam\AppData\Local\{D23CAA9D-5BDE-46FE-8E10-D126F5BC5132}
2012-10-20 02:23:48 -------- d-----w- C:\Users\Sam\AppData\Local\{5FF40DD1-7504-43CD-9621-CC9D0E2BE0C6}
2012-10-19 14:23:23 -------- d-----w- C:\Users\Sam\AppData\Local\{D258F293-677D-4FD3-A110-FD7E5EB17EFD}
2012-10-19 02:12:09 -------- d-----w- C:\Users\Sam\AppData\Local\{F7391E3B-9A97-4117-A016-946BE26E3355}
2012-10-18 13:49:30 -------- d-----w- C:\Users\Sam\AppData\Local\{10F8BA38-CB9C-4761-BDD3-2FBCB5E0387D}
2012-10-18 01:49:06 -------- d-----w- C:\Users\Sam\AppData\Local\{3FAF999C-4DBB-42F4-B48A-B4CBB827284B}
2012-10-17 13:48:41 -------- d-----w- C:\Users\Sam\AppData\Local\{CDECB31A-2436-4EF0-88C0-159C717603CD}
2012-10-17 00:40:52 -------- d-----w- C:\Users\Sam\AppData\Local\{37626FBF-38E4-4BBA-B651-3762D3A33E87}
2012-10-16 11:30:44 -------- d-----w- C:\Users\Sam\AppData\Local\{D3D54B35-6460-4C1C-9270-4A78C067FF61}
2012-10-15 23:28:04 -------- d-----w- C:\Users\Sam\AppData\Local\{3A8A57AC-4829-4749-96AB-7A3B76CFDD78}
2012-10-15 20:08:39 -------- d-----w- C:\Users\Sam\AppData\Local\Macroplant_LLC
2012-10-15 20:08:14 190480 ----a-w- C:\windows\System32\CbFsMntNtf3.dll
2012-10-15 20:08:13 223760 ----a-w- C:\windows\SysWow64\CbFsNetRdr3.dll
2012-10-15 20:08:13 158224 ----a-w- C:\windows\SysWow64\CbFsMntNtf3.dll
2012-10-15 20:08:13 141328 ----a-w- C:\windows\System32\CbFsNetRdr3.dll
2012-10-15 20:07:24 352144 ----a-w- C:\windows\System32\drivers\cbfs3.sys
2012-10-15 20:07:20 -------- d-----w- C:\Program Files (x86)\iExplorer
2012-10-15 11:27:40 -------- d-----w- C:\Users\Sam\AppData\Local\{524B6627-FA37-45D7-AE5E-C7149BF06279}
2012-10-14 16:20:43 -------- d-----w- C:\Users\Sam\AppData\Local\{4B9485DE-5FD7-471C-BF55-8923EF97D369}
2012-10-13 19:16:36 -------- d-----w- C:\Users\Sam\AppData\Local\{13F7021D-5CA7-4CE9-8052-EBAB98901235}
2012-10-13 07:16:11 -------- d-----w- C:\Users\Sam\AppData\Local\{81A49753-FBDB-48FE-9595-42661885FA6F}
2012-10-12 18:54:40 -------- d-----w- C:\Users\Sam\AppData\Roaming\hellomoto
2012-10-12 14:45:11 -------- d-----w- C:\Users\Sam\AppData\Local\{0198F70B-1A70-4ADF-A15E-02FA5688A5DE}
2012-10-12 02:44:46 -------- d-----w- C:\Users\Sam\AppData\Local\{0DF5C577-04EC-4ABE-8FF8-E57353D0BD22}
2012-10-11 14:26:17 -------- d-----w- C:\Users\Sam\AppData\Local\{8FE6B8D5-AD25-4422-A9FA-206F12AB3A31}
2012-10-11 01:59:05 -------- d-----w- C:\Users\Sam\AppData\Local\{2B2E372A-83D8-433D-8934-1D007F66CC59}
2012-10-10 16:34:54 255552 ----a-w- C:\windows\SysWow64\drivers\mcdbus.sys
2012-10-10 16:34:54 255552 ----a-w- C:\windows\System32\drivers\mcdbus.sys
2012-10-10 16:34:52 -------- d-----w- C:\Program Files (x86)\MagicDisc
2012-10-10 16:07:19 -------- d-----w- C:\Program Files (x86)\Microsoft Download Manager
2012-10-10 13:43:40 -------- d-----w- C:\Users\Sam\AppData\Local\{F4BB2C1D-C029-4A89-BBD8-BD6F9220DBD2}
2012-10-10 01:20:06 -------- d-----w- C:\Users\Sam\AppData\Local\{8EECACC5-4A8C-4009-84D1-B161BB91DC67}
2012-10-09 11:33:31 -------- d-----w- C:\Users\Sam\AppData\Local\{D64D91FC-43CE-4AA3-BB79-301329E07312}
2012-10-08 23:27:14 -------- d-----w- C:\Users\Sam\AppData\Local\{EA45917C-1B12-4514-8F87-11883DC1C351}
2012-10-08 11:26:43 -------- d-----w- C:\Users\Sam\AppData\Local\{FFA05C7E-1B8C-4AB2-A2E8-345C9A14C671}
2012-10-07 02:57:53 -------- d-----w- C:\Users\Sam\AppData\Local\{6E6815FF-9A35-4A1D-8135-ECD0BD672687}
2012-10-06 15:10:32 33240 ----a-w- C:\windows\System32\drivers\GEARAspiWDM.sys
2012-10-06 15:09:44 -------- d-----w- C:\Program Files\iPod
2012-10-06 15:09:43 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-10-06 15:09:43 -------- d-----w- C:\Program Files\iTunes
2012-10-06 15:09:43 -------- d-----w- C:\Program Files (x86)\iTunes
2012-10-06 11:59:26 -------- d-----w- C:\Users\Sam\AppData\Local\{EB5B89AE-743B-4DB8-9904-7124C4E88366}
2012-10-05 13:42:51 -------- d-----w- C:\Users\Sam\AppData\Local\{CB8D3913-F669-40B7-A4E4-6872CFF1FBB6}
2012-10-05 01:39:13 -------- d-----w- C:\Users\Sam\AppData\Local\{339D90C8-A42F-4136-85D1-A0D688141A46}
2012-10-04 13:38:48 -------- d-----w- C:\Users\Sam\AppData\Local\{0C2CB4AD-942C-4B05-B3E8-39E02F1F5E8B}
2012-10-03 13:57:43 -------- d-----w- C:\Users\Sam\AppData\Local\{60E4E042-955C-49E7-9C43-CF8D6125BDF7}
2012-10-03 03:28:40 -------- d-sh--w- C:\windows\SysWow64\%APPDATA%
2012-10-03 01:50:03 -------- d-----w- C:\Users\Sam\AppData\Local\{EC625679-9131-437E-926F-518C75C37F79}
2012-10-02 13:49:37 -------- d-----w- C:\Users\Sam\AppData\Local\{5D317ED5-46AC-40E5-914A-BB1323B96924}
2012-10-02 00:29:54 -------- d-----w- C:\Users\Sam\AppData\Local\{3FEED0E0-F40A-491A-AAB1-9A8B8CA4BFE3}
2012-10-01 12:23:59 -------- d-----w- C:\Users\Sam\AppData\Local\{FB50CF00-D5F6-4EB6-AE66-FB14021C0818}
2012-10-01 00:23:32 -------- d-----w- C:\Users\Sam\AppData\Local\{628B9716-4FF8-4D0E-B608-653AB6678DFA}
2012-09-30 02:20:09 -------- d-----w- C:\Users\Sam\AppData\Local\{298CC346-7C0E-4208-959F-6906917A5536}
2012-09-29 13:55:59 -------- d-----w- C:\Users\Sam\AppData\Local\{B4CF36F1-BAC1-4EE0-8C48-82A69AA6D808}
.
==================== Find3M ====================
.
2012-10-09 11:35:31 696760 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 11:35:30 73656 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-29 23:54:26 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-08-31 02:03:48 228768 ----a-w- C:\windows\System32\drivers\MpFilter.sys
2012-08-31 02:03:48 128456 ----a-w- C:\windows\System32\drivers\NisDrvWFP.sys
2012-08-21 17:01:20 125872 ----a-w- C:\windows\System32\GEARAspi64.dll
2012-08-21 17:01:20 106928 ----a-w- C:\windows\SysWow64\GEARAspi.dll
.
============= FINISH: 22:53:11.63 ===============

Attached Files

  • Attached File  MBR.zip   568bytes   1 downloads


#6 yankmansg

yankmansg
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 29 October 2012 - 06:53 AM

Microsoft Security Essentials found a Trojan. Afterwards updates became available and installed properly.

#7 yankmansg

yankmansg
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 29 October 2012 - 09:40 AM

This morning I noticed that Microsoft Security Essentials was not on my tray so I opened the program and saw that a number of Trojans had been quarantined already this morning. Here are the names which are listed several times:
Java/CVE-2012
Win32/Sirefef
Win64/Sirefef
JS/Sakr.A
Win32/Weelsof.C
Java/Blacole.GD
Win32/Tobfy

Help!

#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:48 PM

Posted 29 October 2012 - 09:58 AM

A ZeroAccess infection has been identified.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html


Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).

Please post the logs for my review.

#9 yankmansg

yankmansg
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 29 October 2012 - 10:46 AM

When I try to disable MSE it says Illegal Operation attempted on a registry key that has been marked for deletion.

What should I do?

#10 yankmansg

yankmansg
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 29 October 2012 - 10:50 AM

It appears that other executables are giving me the same message such as my Quickbooks program. I can no longer open it even as administrator?

#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:48 PM

Posted 29 October 2012 - 12:45 PM

Let check further. Nothing will be deleted.

Download this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a flash drive.

Plug the flash drive into the infected PC.

Restart your computer and tap F8 to bring up the Advanced Menu, then click Repair your computer

Follow the prompt to enter keyboard input method, and then the prompt to enter a password. If the machine does not have a password, simply click Enter.

In the next menu, use the arrow keys on the keyboard to highlight Command Prompt and press Enter.
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64.exe and press Enter. Or FRST.exe if 32 bit system.

    Note: Replace letter e with the drive letter of your flash drive.

  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


#12 yankmansg

yankmansg
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 29 October 2012 - 02:43 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-10-2012
Ran by SYSTEM at 29-10-2012 15:33:44
Running from J:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey [x]
HKU\Sam\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5628800 2012-10-27] (SUPERAntiSpyware.com)

==================== Services (Whitelisted) ===================

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2012-07-11] (SUPERAntiSpyware.com)
4 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [457200 2009-06-02] ()
4 AdvancedSystemCareService6; C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [1026432 2012-10-12] (IObit)
4 BOT4Service; "C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe" [39408 2010-09-13] ()
4 Intuit Entitlement Service v5; "C:\Program Files (x86)\Common Files\Intuit\Entitlement Client\v5\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe" [20480 2007-06-20] (Intuit, Inc.)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22072 2012-09-12] (Microsoft Corporation)
4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] ()
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [368896 2012-09-12] (Microsoft Corporation)
4 NitroReaderDriverReadSpool2; "C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe" [341296 2011-06-21] (Nitro PDF Software)
4 QBPOSDBServiceV7; "C:\Program Files (x86)\Intuit\QuickBooks Point of Sale 7.0\DatabaseServer\QBPOSDBServiceV7.exe" [2613072 2007-09-13] (Intuit Inc.)
3 QuickBooksDB22; C:\PROGRA~2\Intuit\QUICKB~2.0\QBDBMgrN.exe -hvQuickBooksDB22 [679936 2011-11-02] (Intuit, Inc.)
4 RoxMediaDB13; "C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe" [1099248 2010-07-16] (Sonic Solutions)

==================== Drivers (Whitelisted) =====================

3 cbfs3; C:\Windows\System32\Drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-10-29 15:33 - 2012-10-29 15:33 - 00000000 ____D C:\FRST
2012-10-29 10:42 - 2012-10-29 10:42 - 00000000 ___SD C:\ComboFix
2012-10-29 10:42 - 2011-06-26 01:45 - 00256000 ____A C:\Windows\PEV.exe
2012-10-29 10:42 - 2010-11-07 12:20 - 00208896 ____A C:\Windows\MBR.exe
2012-10-29 10:42 - 2009-04-19 23:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-10-29 10:42 - 2000-08-30 19:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-10-29 10:42 - 2000-08-30 19:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-10-29 10:42 - 2000-08-30 19:00 - 00098816 ____A C:\Windows\sed.exe
2012-10-29 10:42 - 2000-08-30 19:00 - 00080412 ____A C:\Windows\grep.exe
2012-10-29 10:42 - 2000-08-30 19:00 - 00068096 ____A C:\Windows\zip.exe
2012-10-29 10:41 - 2012-10-29 10:42 - 00000000 ___SD C:\32788R22FWJFW
2012-10-29 10:41 - 2012-10-29 10:41 - 00000000 ____D C:\Qoobox
2012-10-29 10:38 - 2012-10-29 10:41 - 04991170 ____R (Swearware) C:\Users\Sam\Desktop\ComboFix.exe
2012-10-29 08:50 - 2012-10-29 08:50 - 00000000 ____D C:\Program Files (x86)\ESET
2012-10-28 22:30 - 2012-10-28 22:30 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-10-28 22:30 - 2012-10-28 22:30 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-10-28 22:30 - 2012-10-28 22:30 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-10-28 22:30 - 2012-10-28 22:30 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-10-28 22:30 - 2012-10-28 22:30 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-10-28 22:30 - 2012-10-28 22:30 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-10-28 22:30 - 2012-10-28 22:30 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-10-28 22:30 - 2012-10-28 22:30 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-10-28 22:30 - 2012-10-28 22:30 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-10-28 22:30 - 2012-10-28 22:30 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-10-28 22:30 - 2012-10-28 22:30 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-10-28 22:30 - 2012-10-28 22:30 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-10-28 22:30 - 2012-10-28 22:30 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-10-28 22:30 - 2012-10-28 22:30 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-10-28 22:30 - 2012-10-28 22:30 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-10-28 22:30 - 2012-10-28 22:30 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-10-28 22:30 - 2012-10-28 22:30 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-10-28 22:30 - 2012-10-28 22:30 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-10-28 22:30 - 2012-10-28 22:30 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-10-28 22:30 - 2012-10-28 22:30 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-10-28 22:30 - 2012-10-28 22:30 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-10-28 22:30 - 2012-10-28 22:30 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-10-28 22:30 - 2012-10-28 22:30 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-10-28 22:30 - 2012-10-28 22:30 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-10-28 22:30 - 2012-10-28 22:30 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-10-28 22:30 - 2012-10-28 22:30 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-10-28 22:28 - 2012-10-28 22:31 - 00003397 ____A C:\Windows\IE9_main.log
2012-10-28 22:24 - 2012-09-14 14:19 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-10-28 22:24 - 2012-09-14 13:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-10-28 22:24 - 2012-08-31 13:19 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-10-28 22:24 - 2012-08-30 13:03 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-10-28 22:24 - 2012-08-30 12:12 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-10-28 22:24 - 2012-08-30 12:12 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-10-28 22:24 - 2012-08-22 13:12 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-10-28 22:24 - 2012-08-22 13:12 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-10-28 22:24 - 2012-08-22 13:12 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-10-28 22:24 - 2012-08-22 13:12 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-10-28 22:24 - 2012-08-20 13:48 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-10-28 22:24 - 2012-08-20 13:48 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-10-28 22:24 - 2012-08-20 13:48 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-10-28 22:24 - 2012-08-20 13:48 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-10-28 22:24 - 2012-08-20 13:48 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-10-28 22:24 - 2012-08-20 13:48 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-10-28 22:24 - 2012-08-20 13:48 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-10-28 22:24 - 2012-08-20 13:46 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-10-28 22:24 - 2012-08-20 13:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-10-28 22:24 - 2012-08-20 13:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-10-28 22:24 - 2012-08-20 13:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-28 22:24 - 2012-08-20 13:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-28 22:24 - 2012-08-20 13:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-28 22:24 - 2012-08-20 13:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-10-28 22:24 - 2012-08-20 13:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-28 22:24 - 2012-08-20 13:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-10-28 22:24 - 2012-08-20 13:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-28 22:24 - 2012-08-20 13:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-28 22:24 - 2012-08-20 13:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-28 22:24 - 2012-08-20 13:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-10-28 22:24 - 2012-08-20 13:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-10-28 22:24 - 2012-08-20 13:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-28 22:24 - 2012-08-20 13:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-10-28 22:24 - 2012-08-20 13:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-10-28 22:24 - 2012-08-20 13:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-10-28 22:24 - 2012-08-20 13:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-10-28 22:24 - 2012-08-20 13:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-10-28 22:24 - 2012-08-20 13:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-10-28 22:24 - 2012-08-20 13:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-28 22:24 - 2012-08-20 13:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-10-28 22:24 - 2012-08-20 13:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-10-28 22:24 - 2012-08-20 13:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-28 22:24 - 2012-08-20 13:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-10-28 22:24 - 2012-08-20 13:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-10-28 22:24 - 2012-08-20 13:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-10-28 22:24 - 2012-08-20 13:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-10-28 22:24 - 2012-08-20 12:40 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-10-28 22:24 - 2012-08-20 12:38 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-10-28 22:24 - 2012-08-20 12:37 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-10-28 22:24 - 2012-08-20 12:37 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-10-28 22:24 - 2012-08-20 12:37 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-10-28 22:24 - 2012-08-20 12:32 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-10-28 22:24 - 2012-08-20 12:32 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-28 22:24 - 2012-08-20 12:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-28 22:24 - 2012-08-20 12:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-10-28 22:24 - 2012-08-20 12:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-10-28 22:24 - 2012-08-20 12:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-28 22:24 - 2012-08-20 12:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-10-28 22:24 - 2012-08-20 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-28 22:24 - 2012-08-20 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-28 22:24 - 2012-08-20 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-10-28 22:24 - 2012-08-20 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-28 22:24 - 2012-08-20 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-28 22:24 - 2012-08-20 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-10-28 22:24 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-10-28 22:24 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-28 22:24 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-10-28 22:24 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-10-28 22:24 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-10-28 22:24 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-10-28 22:24 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-28 22:24 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-10-28 22:24 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-10-28 22:24 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-10-28 22:24 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-10-28 22:24 - 2012-08-20 10:38 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-10-28 22:24 - 2012-08-20 10:38 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-10-28 22:24 - 2012-08-20 10:33 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-10-28 22:24 - 2012-08-20 10:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-28 22:24 - 2012-08-20 10:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-28 22:24 - 2012-08-20 10:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-10-28 22:24 - 2012-08-10 19:56 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-10-28 22:24 - 2012-08-10 18:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2012-10-28 22:24 - 2012-08-02 12:58 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-10-28 22:24 - 2012-08-02 11:57 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-10-28 22:24 - 2012-07-04 15:26 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
2012-10-28 22:23 - 2012-08-24 13:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-10-28 22:23 - 2012-08-24 11:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-10-28 22:23 - 2012-08-21 16:01 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2012-10-28 22:23 - 2012-06-02 00:41 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-10-28 22:23 - 2012-06-02 00:41 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-10-28 22:23 - 2012-06-02 00:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-10-28 22:23 - 2012-06-01 23:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-10-28 22:23 - 2012-06-01 23:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-10-28 22:23 - 2012-06-01 23:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-10-28 21:54 - 2012-10-28 21:54 - 00189859 ____A C:\Users\Sam\Desktop\Attach DDS.txt
2012-10-28 21:53 - 2012-10-28 21:53 - 00189859 ____A C:\Users\Sam\Desktop\attach.txt
2012-10-28 21:53 - 2012-10-28 21:53 - 00023097 ____A C:\Users\Sam\Desktop\dds.txt
2012-10-28 21:51 - 2012-10-28 21:51 - 00687724 ____R (Swearware) C:\Users\Sam\Desktop\dds.com
2012-10-28 21:48 - 2012-10-28 21:48 - 00000568 ____A C:\Users\Sam\Desktop\MBR.zip
2012-10-28 20:33 - 2012-10-28 21:46 - 00004377 ____A C:\Users\Sam\Desktop\aswMBR.txt
2012-10-28 20:33 - 2012-10-28 21:46 - 00000512 ____A C:\Users\Sam\Desktop\MBR.dat
2012-10-28 18:28 - 2012-10-29 10:54 - 00000448 ____A C:\Windows\setupact.log
2012-10-28 18:28 - 2012-10-28 18:28 - 00000000 ____A C:\Windows\setuperr.log
2012-10-27 16:05 - 2008-05-08 00:03 - 00303616 ____A ( ) C:\SetACL.exe
2012-10-27 15:52 - 2004-06-11 18:33 - 00290304 ____A (Microsoft Corporation) C:\subinacl.exe
2012-10-27 15:50 - 2012-10-27 15:50 - 00000207 ____A C:\Windows\tweaking.com-regbackup-D4N1OCK52-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2012-10-27 15:49 - 2012-10-27 15:49 - 00000000 ____D C:\RegBackup
2012-10-27 15:24 - 2012-10-27 16:07 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
2012-10-27 15:23 - 2012-10-27 15:23 - 00002293 ____A C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2012-10-27 15:23 - 2012-10-27 15:23 - 00002293 ____A C:\Users\All Users\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2012-10-27 15:23 - 2012-10-27 15:23 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2012-10-27 09:32 - 2012-10-27 09:32 - 76362840 ____A (Microsoft Corporation) C:\Users\Sam\Downloads\msert.exe
2012-10-26 16:05 - 2012-10-26 16:06 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-10-26 16:05 - 2012-10-26 16:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-10-26 13:49 - 2012-10-27 06:52 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2012-10-26 13:49 - 2012-10-26 13:49 - 00001810 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-10-26 13:49 - 2012-10-26 13:49 - 00001810 ____A C:\Users\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-10-26 13:49 - 2012-10-26 13:49 - 00000000 ____D C:\Users\Sam\Application Data\SUPERAntiSpyware.com
2012-10-26 13:49 - 2012-10-26 13:49 - 00000000 ____D C:\Users\Sam\AppData\Roaming\SUPERAntiSpyware.com
2012-10-26 13:49 - 2012-10-26 13:49 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-10-26 13:49 - 2012-10-26 13:49 - 00000000 ____D C:\Users\All Users\Application Data\SUPERAntiSpyware.com
2012-10-26 06:26 - 2012-10-26 06:26 - 00000000 ____D C:\Users\Sam\Local Settings\Application Data\{02C73F55-5A04-434C-A9BF-441172A4900F}
2012-10-26 06:26 - 2012-10-26 06:26 - 00000000 ____D C:\Users\Sam\Local Settings\{02C73F55-5A04-434C-A9BF-441172A4900F}
2012-10-26 06:26 - 2012-10-26 06:26 - 00000000 ____D C:\Users\Sam\AppData\Local\{02C73F55-5A04-434C-A9BF-441172A4900F}
2012-10-25 15:47 - 2012-10-25 15:47 - 00000039 ____A C:\Users\Sam\Downloads\fixlist (1).txt
2012-10-25 15:40 - 2012-10-25 15:40 - 00000039 ____A C:\Users\Sam\Downloads\fixlist.txt
2012-10-25 11:22 - 2012-10-25 11:22 - 19752024 ____A (Microsoft Corporation) C:\Users\Sam\Downloads\mpas-fe.exe
2012-10-25 06:35 - 2012-10-25 06:35 - 00000000 ____D C:\Users\Sam\Local Settings\Application Data\{64BBB636-3850-4006-8DAB-5D360ACEBB9F}
2012-10-25 06:35 - 2012-10-25 06:35 - 00000000 ____D C:\Users\Sam\Local Settings\{64BBB636-3850-4006-8DAB-5D360ACEBB9F}
2012-10-25 06:35 - 2012-10-25 06:35 - 00000000 ____D C:\Users\Sam\AppData\Local\{64BBB636-3850-4006-8DAB-5D360ACEBB9F}
2012-10-24 09:50 - 2012-10-24 09:50 - 00000000 ____D C:\Users\Sam\Local Settings\Application Data\{3B89BC27-0E57-4971-94D2-4D19FD1B0BA6}
2012-10-24 09:50 - 2012-10-24 09:50 - 00000000 ____D C:\Users\Sam\Local Settings\{3B89BC27-0E57-4971-94D2-4D19FD1B0BA6}
2012-10-24 09:50 - 2012-10-24 09:50 - 00000000 ____D C:\Users\Sam\AppData\Local\{3B89BC27-0E57-4971-94D2-4D19FD1B0BA6}
2012-10-24 06:55 - 2012-10-24 06:55 - 00001202 ____A C:\Users\Public\Desktop\Uninstaller.lnk
2012-10-24 06:55 - 2012-10-24 06:55 - 00001202 ____A C:\Users\All Users\Desktop\Uninstaller.lnk
2012-10-24 06:55 - 2012-10-24 06:55 - 00001151 ____A C:\Users\Public\Desktop\Advanced SystemCare 6.lnk
2012-10-24 06:55 - 2012-10-24 06:55 - 00001151 ____A C:\Users\All Users\Desktop\Advanced SystemCare 6.lnk
2012-10-23 21:49 - 2012-10-23 21:50 - 00000000 ____D C:\Users\Sam\Local Settings\Application Data\{2B0E97A0-577A-487B-B9C5-69334AED9373}
2012-10-23 21:49 - 2012-10-23 21:50 - 00000000 ____D C:\Users\Sam\Local Settings\{2B0E97A0-577A-487B-B9C5-69334AED9373}
2012-10-23 21:49 - 2012-10-23 21:50 - 00000000 ____D C:\Users\Sam\AppData\Local\{2B0E97A0-577A-487B-B9C5-69334AED9373}
2012-10-23 09:49 - 2012-10-23 09:49 - 00000000 ____D C:\Users\Sam\Local Settings\Application Data\{B9FB42A3-40D3-408F-AEC6-BF3AABCB24F5}
2012-10-23 09:49 - 2012-10-23 09:49 - 00000000 ____D C:\Users\Sam\Local Settings\{B9FB42A3-40D3-408F-AEC6-BF3AABCB24F5}
2012-10-23 09:49 - 2012-10-23 09:49 - 00000000 ____D C:\Users\Sam\AppData\Local\{B9FB42A3-40D3-408F-AEC6-BF3AABCB24F5}
2012-10-22 21:49 - 2012-10-22 21:49 - 00000000 ____D C:\Users\Sam\Local Settings\Application Data\{2DF27812-9797-4752-9BDB-2B0F11EE6643}
2012-10-22 21:49 - 2012-10-22 21:49 - 00000000 ____D C:\Users\Sam\Local Settings\{2DF27812-9797-4752-9BDB-2B0F11EE6643}
2012-10-22 21:49 - 2012-10-22 21:49 - 00000000 ____D C:\Users\Sam\AppData\Local\{2DF27812-9797-4752-9BDB-2B0F11EE6643}
2012-10-22 07:00 - 2012-10-22 07:00 - 00000000 ____D C:\Users\Sam\Local Settings\Application Data\{D2704D23-6647-4146-9EBB-6C2E5AC86054}
2012-10-22 07:00 - 2012-10-22 07:00 - 00000000 ____D C:\Users\Sam\Local Settings\{D2704D23-6647-4146-9EBB-6C2E5AC86054}
2012-10-22 07:00 - 2012-10-22 07:00 - 00000000 ____D C:\Users\Sam\AppData\Local\{D2704D23-6647-4146-9EBB-6C2E5AC86054}
2012-10-21 11:32 - 2012-10-21 11:32 - 00000000 ____D C:\Users\Sam\Local Settings\Application Data\{1B03001E-DBE9-44CE-B26A-103ED53B13BC}
2012-10-21 11:32 - 2012-10-21 11:32 - 00000000 ____D C:\Users\Sam\Local Settings\{1B03001E-DBE9-44CE-B26A-103ED53B13BC}
2012-10-21 11:32 - 2012-10-21 11:32 - 00000000 ____D C:\Users\Sam\AppData\Local\{1B03001E-DBE9-44CE-B26A-103ED53B13BC}
2012-10-20 23:31 - 2012-10-20 23:32 - 00000000 ____D C:\Users\Sam\Local Settings\Application Data\{40F431F6-040A-45C3-9CA8-1FB76B962FAB}
2012-10-20 23:31 - 2012-10-20 23:32 - 00000000 ____D C:\Users\Sam\Local Settings\{40F431F6-040A-45C3-9CA8-1FB76B962FAB}
2012-10-20 23:31 - 2012-10-20 23:32 - 00000000 ____D C:\Users\Sam\AppData\Local\{40F431F6-040A-45C3-9CA8-1FB76B962FAB}
2012-10-20 15:29 - 2012-10-20 15:32 - 83023306 ___AT C:\Users\All Users\dsgsdgdsgdsgw.pad
2012-10-20 15:29 - 2012-10-20 15:32 - 83023306 ___AT C:\Users\All Users\Application Data\dsgsdgdsgdsgw.pad
2012-10-20 09:28 - 2012-10-20 09:28 - 00000000 ____D C:\Users\Sam\Local Settings\Application Data\{D23CAA9D-5BDE-46FE-8E10-D126F5BC5132}
2012-10-20 09:28 - 2012-10-20 09:28 - 00000000 ____D C:\Users\Sam\Local Settings\{D23CAA9D-5BDE-46FE-8E10-D126F5BC5132}
2012-10-20 09:28 - 2012-10-20 09:28 - 00000000 ____D C:\Users\Sam\AppData\Local\{D23CAA9D-5BDE-46FE-8E10-D126F5BC5132}
2012-10-19 21:23 - 2012-10-19 21:23 - 00000000 ____D C:\Users\Sam\Local Settings\Application Data\{5FF40DD1-7504-43CD-9621-CC9D0E2BE0C6}
2012-10-19 21:23 - 2012-10-19 21:23 - 00000000 ____D C:\Users\Sam\Local Settings\{5FF40DD1-7504-43CD-9621-CC9D0E2BE0C6}
2012-10-19 21:23 - 2012-10-19 21:23 - 00000000 ____D C:\Users\Sam\AppData\Local\{5FF40DD1-7504-43CD-9621-CC9D0E2BE0C6}
2012-10-19 09:23 - 2012-10-19 09:23 - 00000000 ____D C:\Users\Sam\Local Settings\Application Data\{D258F293-677D-4FD3-A110-FD7E5EB17EFD}
2012-10-19 09:23 - 2012-10-19 09:23 - 00000000 ____D C:\Users\Sam\Local Settings\{D258F293-677D-4FD3-A110-FD7E5EB17EFD}
2012-10-19 09:23 - 2012-10-19 09:23 - 00000000 ____D C:\Users\Sam\AppData\Local\{D258F293-677D-4FD3-A110-FD7E5EB17EFD}
2012-10-18 21:12 - 2012-10-18 21:12 - 00000000 ____D C:\Users\Sam\Local Settings\Application Data\{F7391E3B-9A97-4117-A016-946BE26E3355}
2012-10-18 21:12 - 2012-10-18 21:12 - 00000000 ____D C:\Users\Sam\Local Settings\{F7391E3B-9A97-4117-A016-946BE26E3355}
2012-10-18 21:12 - 2012-10-18 21:12 - 00000000 ____D C:\Users\Sam\AppData\Local\{F7391E3B-9A97-4117-A016-946BE26E3355}
2012-10-18 08:49 - 2012-10-18 08:49 - 00000000 ____D C:\Users\Sam\Local Settings\Application Data\{10F8BA38-CB9C-4761-BDD3-2FBCB5E0387D}
2012-10-18 08:49 - 2012-10-18 08:49 - 00000000 ____D C:\Users\Sam\Local Settings\{10F8BA38-CB9C-4761-BDD3-2FBCB5E0387D}
2012-10-18 08:49 - 2012-10-18 08:49 - 00000000 ____D C:\Users\Sam\AppData\Local\{10F8BA38-CB9C-4761-BDD3-2FBCB5E0387D}
2012-10-17 20:49 - 2012-10-17 20:49 - 00000000 ____D C:\Users\Sam\Local Settings\Application Data\{3FAF999C-4DBB-42F4-B48A-B4CBB827284B}
2012-10-17 20:49 - 2012-10-17 20:49 - 00000000 ____D C:\Users\Sam\Local Settings\{3FAF999C-4DBB-42F4-B48A-B4CBB827284B}
2012-10-17 20:49 - 2012-10-17 20:49 - 00000000 ____D C:\Users\Sam\AppData\Local\{3FAF999C-4DBB-42F4-B48A-B4CBB827284B}
2012-10-17 08:48 - 2012-10-17 08:48 - 00000000 ____D C:\Users\Sam\Local Settings\Application Data\{CDECB31A-2436-4EF0-88C0-159C717603CD}
2012-10-17 08:48 - 2012-10-17 08:48 - 00000000 ____D C:\Users\Sam\Local Settings\{CDECB31A-2436-4EF0-88C0-159C717603CD}
2012-10-17 08:48 - 2012-10-17 08:48 - 00000000 ____D C:\Users\Sam\AppData\Local\{CDECB31A-2436-4EF0-88C0-159C717603CD}
2012-10-16 19:40 - 2012-10-16 19:41 - 00000000 ____D C:\Users\Sam\Local Settings\Application Data\{37626FBF-38E4-4BBA-B651-3762D3A33E87}
2012-10-16 19:40 - 2012-10-16 19:41 - 00000000 ____D C:\Users\Sam\Local Settings\{37626FBF-38E4-4BBA-B651-3762D3A33E87}
2012-10-16 19:40 - 2012-10-16 19:41 - 00000000 ____D C:\Users\Sam\AppData\Local\{37626FBF-38E4-4BBA-B651-3762D3A33E87}
2012-10-16 09:10 - 2012-10-16 09:14 - 00000000 ____D C:\Users\Sam\Desktop\Megs Photos
2012-10-16 06:30 - 2012-10-16 06:30 - 00000000 ____D C:\Users\Sam\Local Settings\Application Data\{D3D54B35-6460-4C1C-9270-4A78C067FF61}
2012-10-16 06:30 - 2012-10-16 06:30 - 00000000 ____D C:\Users\Sam\Local Settings\{D3D54B35-6460-4C1C-9270-4A78C067FF61}
2012-10-16 06:30 - 2012-10-16 06:30 - 00000000 ____D C:\Users\Sam\AppData\Local\{D3D54B35-6460-4C1C-9270-4A78C067FF61}
2012-10-15 18:28 - 2012-10-15 18:28 - 00000000 ____D C:\Users\Sam\Local Settings\Application Data\{3A8A57AC-4829-4749-96AB-7A3B76CFDD78}
2012-10-15 18:28 - 2012-10-15 18:28 - 00000000 ____D C:\Users\Sam\Local Settings\{3A8A57AC-4829-4749-96AB-7A3B76CFDD78}
2012-10-15 18:28 - 2012-10-15 18:28 - 00000000 ____D C:\Users\Sam\AppData\Local\{3A8A57AC-4829-4749-96AB-7A3B76CFDD78}
2012-10-15 15:08 - 2012-10-15 15:08 - 00000000 ____D C:\Users\Sam\Local Settings\Macroplant_LLC
2012-10-15 15:08 - 2012-10-15 15:08 - 00000000 ____D C:\Users\Sam\Local Settings\Application Data\Macroplant_LLC
2012-10-15 15:08 - 2012-10-15 15:08 - 00000000 ____D C:\Users\Sam\AppData\Local\Macroplant_LLC
2012-10-15 15:08 - 2012-04-09 15:27 - 00223760 ____A (EldoS Corporation) C:\Windows\SysWOW64\CbFsNetRdr3.dll
2012-10-15 15:08 - 2012-04-09 15:27 - 00190480 ____A (EldoS Corporation) C:\Windows\System32\CbFsMntNtf3.dll
2012-10-15 15:08 - 2012-04-09 15:27 - 00158224 ____A (EldoS Corporation) C:\Windows\SysWOW64\CbFsMntNtf3.dll
2012-10-15 15:08 - 2012-04-09 15:27 - 00141328 ____A (EldoS Corporation) C:\Windows\System32\CbFsNetRdr3.dll
2012-10-15 15:07 - 2012-10-15 15:07 - 00001025 ____A C:\Users\Public\Desktop\iExplorer.lnk
2012-10-15 15:07 - 2012-10-15 15:07 - 00001025 ____A C:\Users\All Users\Desktop\iExplorer.lnk
2012-10-15 15:07 - 2012-10-15 15:07 - 00000000 ____D C:\Program Files (x86)\iExplorer
2012-10-15 15:07 - 2012-04-09 15:27 - 00352144 ____A (EldoS Corporation) C:\Windows\System32\Drivers\cbfs3.sys
2012-10-15 15:06 - 2012-10-15 15:07 - 08615280 ____A (Macroplant LLC ) C:\Users\Sam\Downloads\iExplorer_3_Setup.exe
2012-10-15 06:27 - 2012-10-15 06:27 - 00000000 ____D C:\Users\Sam\Local Settings\Application Data\{524B6627-FA37-45D7-AE5E-C7149BF06279}
2012-10-15 06:27 - 2012-10-15 06:27 - 00000000 ____D C:\Users\Sam\Local Settings\{524B6627-FA37-45D7-AE5E-C7149BF06279}
2012-10-15 06:27 - 2012-10-15 06:27 - 00000000 ____D C:\Users\Sam\AppData\Local\{524B6627-FA37-45D7-AE5E-C7149BF06279}
2012-10-14 11:20 - 2012-10-14 11:20 - 00000000 ____D C:\Users\Sam\Local Settings\Application Data\{4B9485DE-5FD7-471C-BF55-8923EF97D369}
2012-10-14 11:20 - 2012-10-14 11:20 - 00000000 ____D C:\Users\Sam\Local Settings\{4B9485DE-5FD7-471C-BF55-8923EF97D369}
2012-10-14 11:20 - 2012-10-14 11:20 - 00000000 ____D C:\Users\Sam\AppData\Local\{4B9485DE-5FD7-471C-BF55-8923EF97D369}
2012-10-13 14:16 - 2012-10-13 14:16 - 00000000 ____D C:\Users\Sam\Local Settings\Application Data\{13F7021D-5CA7-4CE9-8052-EBAB98901235}
2012-10-13 14:16 - 2012-10-13 14:16 - 00000000 ____D C:\Users\Sam\Local Settings\{13F7021D-5CA7-4CE9-8052-EBAB98901235}
2012-10-13 14:16 - 2012-10-13 14:16 - 00000000 ____D C:\Users\Sam\AppData\Local\{13F7021D-5CA7-4CE9-8052-EBAB98901235}
2012-10-13 02:16 - 2012-10-13 02:16 - 00000000 ____D C:\Users\Sam\Local Settings\Application Data\{81A49753-FBDB-48FE-9595-42661885FA6F}
2012-10-13 02:16 - 2012-10-13 02:16 - 00000000 ____D C:\Users\Sam\Local Settings\{81A49753-FBDB-48FE-9595-42661885FA6F}
2012-10-13 02:16 - 2012-10-13 02:16 - 00000000 ____D C:\Users\Sam\AppData\Local\{81A49753-FBDB-48FE-9595-42661885FA6F}
2012-10-12 13:54 - 2012-10-12 13:54 - 00000000 ____D C:\Users\Sam\Application Data\hellomoto
2012-10-12 13:54 - 2012-10-12 13:54 - 00000000 ____D C:\Users\Sam\AppData\Roaming\hellomoto
2012-10-12 09:45 - 2012-10-12 09:45 - 00000000 ____D C:\Users\Sam\Local Settings\Application Data\{0198F70B-1A70-4ADF-A15E-02FA5688A5DE}
2012-10-12 09:45 - 2012-10-12 09:45 - 00000000 ____D C:\Users\Sam\Local Settings\{0198F70B-1A70-4ADF-A15E-02FA5688A5DE}
2012-10-12 09:45 - 2012-10-12 09:45 - 00000000 ____D C:\Users\Sam\AppData\Local\{0198F70B-1A70-4ADF-A15E-02FA5688A5DE}
2012-10-11 21:44 - 2012-10-11 21:44 - 00000000 ____D C:\Users\Sam\Local Settings\Application Data\{0DF5C577-04EC-4ABE-8FF8-E57353D0BD22}
2012-10-11 21:44 - 2012-10-11 21:44 - 00000000 ____D C:\Users\Sam\Local Settings\{0DF5C577-04EC-4ABE-8FF8-E57353D0BD22}
2012-10-11 21:44 - 2012-10-11 21:44 - 00000000 ____D C:\Users\Sam\AppData\Local\{0DF5C577-04EC-4ABE-8FF8-E57353D0BD22}
2012-10-11 16:41 - 2012-10-11 16:41 - 00000000 ____D C:\Users\Sam\Downloads\Odin3 v1.7
2012-10-11 16:40 - 2012-10-11 16:40 - 00197169 ____A C:\Users\Sam\Downloads\Odin3 v1.7.zip
2012-10-11 16:38 - 2012-10-11 16:38 - 00000000 ____D C:\Users\Sam\Downloads\I9000XXJVS
2012-10-11 16:22 - 2012-10-11 16:35 - 258865026 ____A C:\Users\Sam\Downloads\I9000XXJVS.zip
2012-10-11 09:26 - 2012-10-11 09:26 - 00000000 ____D C:\Users\Sam\Local Settings\Application Data\{8FE6B8D5-AD25-4422-A9FA-206F12AB3A31}
2012-10-11 09:26 - 2012-10-11 09:26 - 00000000 ____D C:\Users\Sam\Local Settings\{8FE6B8D5-AD25-4422-A9FA-206F12AB3A31}
2012-10-11 09:26 - 2012-10-11 09:26 - 00000000 ____D C:\Users\Sam\AppData\Local\{8FE6B8D5-AD25-4422-A9FA-206F12AB3A31}
2012-10-10 20:59 - 2012-10-10 20:59 - 00000000 ____D C:\Users\Sam\Local Settings\Application Data\{2B2E372A-83D8-433D-8934-1D007F66CC59}
2012-10-10 20:59 - 2012-10-10 20:59 - 00000000 ____D C:\Users\Sam\Local Settings\{2B2E372A-83D8-433D-8934-1D007F66CC59}
2012-10-10 20:59 - 2012-10-10 20:59 - 00000000 ____D C:\Users\Sam\AppData\Local\{2B2E372A-83D8-433D-8934-1D007F66CC59}
2012-10-10 11:35 - 2012-10-10 11:35 - 00000959 ____A C:\Users\Sam\Desktop\MagicDisc.lnk
2012-10-10 11:35 - 2012-10-10 11:35 - 00000959 ____A C:\Users\QBPOSDBSrvUser\Desktop\MagicDisc.lnk
2012-10-10 11:35 - 2012-10-10 11:35 - 00000959 ____A C:\Users\QBDataServiceUser22\Desktop\MagicDisc.lnk
2012-10-10 11:34 - 2012-10-10 11:35 - 00000000 ____D C:\Program Files (x86)\MagicDisc
2012-10-10 11:34 - 2009-02-24 17:35 - 00255552 ____A (MagicISO, Inc.) C:\Windows\SysWOW64\Drivers\mcdbus.sys
2012-10-10 11:34 - 2009-02-24 17:35 - 00255552 ____A (MagicISO, Inc.) C:\Windows\System32\Drivers\mcdbus.sys
2012-10-10 11:07 - 2012-10-10 11:21 - 1789542400 ____A C:\Users\Sam\Downloads\Windows® AIK for Windows® 7
2012-10-10 11:07 - 2012-10-10 11:07 - 00002525 ____A C:\Users\Public\Desktop\Microsoft Download Manager.lnk
2012-10-10 11:07 - 2012-10-10 11:07 - 00002525 ____A C:\Users\All Users\Desktop\Microsoft Download Manager.lnk
2012-10-10 11:07 - 2012-10-10 11:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Download Manager
2012-10-10 08:43 - 2012-10-10 08:43 - 00000000 ____D C:\Users\Sam\Local Settings\Application Data\{F4BB2C1D-C029-4A89-BBD8-BD6F9220DBD2}
2012-10-10 08:43 - 2012-10-10 08:43 - 00000000 ____D C:\Users\Sam\Local Settings\{F4BB2C1D-C029-4A89-BBD8-BD6F9220DBD2}
2012-10-10 08:43 - 2012-10-10 08:43 - 00000000 ____D C:\Users\Sam\AppData\Local\{F4BB2C1D-C029-4A89-BBD8-BD6F9220DBD2}
2012-10-09 20:20 - 2012-10-09 20:20 - 00000000 ____D C:\Users\Sam\Local Settings\Application Data\{8EECACC5-4A8C-4009-84D1-B161BB91DC67}
2012-10-09 20:20 - 2012-10-09 20:20 - 00000000 ____D C:\Users\Sam\Local Settings\{8EECACC5-4A8C-4009-84D1-B161BB91DC67}
2012-10-09 20:20 - 2012-10-09 20:20 - 00000000 ____D C:\Users\Sam\AppData\Local\{8EECACC5-4A8C-4009-84D1-B161BB91DC67}
2012-10-09 06:33 - 2012-10-09 06:33 - 00000000 ____D C:\Users\Sam\Local Settings\Application Data\{D64D91FC-43CE-4AA3-BB79-301329E07312}
2012-10-09 06:33 - 2012-10-09 06:33 - 00000000 ____D C:\Users\Sam\Local Settings\{D64D91FC-43CE-4AA3-BB79-301329E07312}
2012-10-09 06:33 - 2012-10-09 06:33 - 00000000 ____D C:\Users\Sam\AppData\Local\{D64D91FC-43CE-4AA3-BB79-301329E07312}
2012-10-08 18:27 - 2012-10-08 18:27 - 00000000 ____D C:\Users\Sam\Local Settings\Application Data\{EA45917C-1B12-4514-8F87-11883DC1C351}
2012-10-08 18:27 - 2012-10-08 18:27 - 00000000 ____D C:\Users\Sam\Local Settings\{EA45917C-1B12-4514-8F87-11883DC1C351}
2012-10-08 18:27 - 2012-10-08 18:27 - 00000000 ____D C:\Users\Sam\AppData\Local\{EA45917C-1B12-4514-8F87-11883DC1C351}
2012-10-08 06:26 - 2012-10-08 06:27 - 00000000 ____D C:\Users\Sam\Local Settings\Application Data\{FFA05C7E-1B8C-4AB2-A2E8-345C9A14C671}
2012-10-08 06:26 - 2012-10-08 06:27 - 00000000 ____D C:\Users\Sam\Local Settings\{FFA05C7E-1B8C-4AB2-A2E8-345C9A14C671}
2012-10-08 06:26 - 2012-10-08 06:27 - 00000000 ____D C:\Users\Sam\AppData\Local\{FFA05C7E-1B8C-4AB2-A2E8-345C9A14C671}
2012-10-06 21:57 - 2012-10-06 21:58 - 00000000 ____D C:\Users\Sam\Local Settings\Application Data\{6E6815FF-9A35-4A1D-8135-ECD0BD672687}
2012-10-06 21:57 - 2012-10-06 21:58 - 00000000 ____D C:\Users\Sam\Local Settings\{6E6815FF-9A35-4A1D-8135-ECD0BD672687}
2012-10-06 21:57 - 2012-10-06 21:58 - 00000000 ____D C:\Users\Sam\AppData\Local\{6E6815FF-9A35-4A1D-8135-ECD0BD672687}
2012-10-06 13:56 - 2012-10-06 13:56 - 00398715 ____A C:\Users\Sam\Downloads\iREB-r5.zip
2012-10-06 10:10 - 2012-10-06 10:10 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-10-06 10:10 - 2012-10-06 10:10 - 00001785 ____A C:\Users\All Users\Desktop\iTunes.lnk
2012-10-06 10:10 - 2012-08-21 12:01 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-10-06 10:09 - 2012-10-06 10:10 - 00000000 ____D C:\Users\All Users\Application Data\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-10-06 10:09 - 2012-10-06 10:10 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-10-06 10:09 - 2012-10-06 10:10 - 00000000 ____D C:\Program Files\iTunes
2012-10-06 10:09 - 2012-10-06 10:10 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-10-06 10:09 - 2012-10-06 10:09 - 00000000 ____D C:\Program Files\iPod
2012-10-06 06:59 - 2012-10-06 06:59 - 00000000 ____D C:\Users\Sam\Local Settings\Application Data\{EB5B89AE-743B-4DB8-9904-7124C4E88366}
2012-10-06 06:59 - 2012-10-06 06:59 - 00000000 ____D C:\Users\Sam\Local Settings\{EB5B89AE-743B-4DB8-9904-7124C4E88366}
2012-10-06 06:59 - 2012-10-06 06:59 - 00000000 ____D C:\Users\Sam\AppData\Local\{EB5B89AE-743B-4DB8-9904-7124C4E88366}
2012-10-05 08:42 - 2012-10-05 08:43 - 00000000 ____D C:\Users\Sam\Local Settings\Application Data\{CB8D3913-F669-40B7-A4E4-6872CFF1FBB6}
2012-10-05 08:42 - 2012-10-05 08:43 - 00000000 ____D C:\Users\Sam\Local Settings\{CB8D3913-F669-40B7-A4E4-6872CFF1FBB6}
2012-10-05 08:42 - 2012-10-05 08:43 - 00000000 ____D C:\Users\Sam\AppData\Local\{CB8D3913-F669-40B7-A4E4-6872CFF1FBB6}
2012-10-04 20:39 - 2012-10-04 20:39 - 00000000 ____D C:\Users\Sam\Local Settings\Application Data\{339D90C8-A42F-4136-85D1-A0D688141A46}
2012-10-04 20:39 - 2012-10-04 20:39 - 00000000 ____D C:\Users\Sam\Local Settings\{339D90C8-A42F-4136-85D1-A0D688141A46}
2012-10-04 20:39 - 2012-10-04 20:39 - 00000000 ____D C:\Users\Sam\AppData\Local\{339D90C8-A42F-4136-85D1-A0D688141A46}
2012-10-04 08:38 - 2012-10-04 08:38 - 00000000 ____D C:\Users\Sam\Local Settings\Application Data\{0C2CB4AD-942C-4B05-B3E8-39E02F1F5E8B}
2012-10-04 08:38 - 2012-10-04 08:38 - 00000000 ____D C:\Users\Sam\Local Settings\{0C2CB4AD-942C-4B05-B3E8-39E02F1F5E8B}
2012-10-04 08:38 - 2012-10-04 08:38 - 00000000 ____D C:\Users\Sam\AppData\Local\{0C2CB4AD-942C-4B05-B3E8-39E02F1F5E8B}
2012-10-03 08:57 - 2012-10-03 08:57 - 00000000 ____D C:\Users\Sam\Local Settings\Application Data\{60E4E042-955C-49E7-9C43-CF8D6125BDF7}
2012-10-03 08:57 - 2012-10-03 08:57 - 00000000 ____D C:\Users\Sam\Local Settings\{60E4E042-955C-49E7-9C43-CF8D6125BDF7}
2012-10-03 08:57 - 2012-10-03 08:57 - 00000000 ____D C:\Users\Sam\AppData\Local\{60E4E042-955C-49E7-9C43-CF8D6125BDF7}
2012-10-02 22:28 - 2012-10-02 22:28 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-10-02 20:50 - 2012-10-02 20:50 - 00000000 ____D C:\Users\Sam\Local Settings\Application Data\{EC625679-9131-437E-926F-518C75C37F79}
2012-10-02 20:50 - 2012-10-02 20:50 - 00000000 ____D C:\Users\Sam\Local Settings\{EC625679-9131-437E-926F-518C75C37F79}
2012-10-02 20:50 - 2012-10-02 20:50 - 00000000 ____D C:\Users\Sam\AppData\Local\{EC625679-9131-437E-926F-518C75C37F79}
2012-10-02 08:49 - 2012-10-02 08:49 - 00000000 ____D C:\Users\Sam\Local Settings\Application Data\{5D317ED5-46AC-40E5-914A-BB1323B96924}
2012-10-02 08:49 - 2012-10-02 08:49 - 00000000 ____D C:\Users\Sam\Local Settings\{5D317ED5-46AC-40E5-914A-BB1323B96924}
2012-10-02 08:49 - 2012-10-02 08:49 - 00000000 ____D C:\Users\Sam\AppData\Local\{5D317ED5-46AC-40E5-914A-BB1323B96924}
2012-10-01 19:29 - 2012-10-01 19:30 - 00000000 ____D C:\Users\Sam\Local Settings\Application Data\{3FEED0E0-F40A-491A-AAB1-9A8B8CA4BFE3}
2012-10-01 19:29 - 2012-10-01 19:30 - 00000000 ____D C:\Users\Sam\Local Settings\{3FEED0E0-F40A-491A-AAB1-9A8B8CA4BFE3}
2012-10-01 19:29 - 2012-10-01 19:30 - 00000000 ____D C:\Users\Sam\AppData\Local\{3FEED0E0-F40A-491A-AAB1-9A8B8CA4BFE3}
2012-10-01 07:23 - 2012-10-01 07:24 - 00000000 ____D C:\Users\Sam\Local Settings\Application Data\{FB50CF00-D5F6-4EB6-AE66-FB14021C0818}
2012-10-01 07:23 - 2012-10-01 07:24 - 00000000 ____D C:\Users\Sam\Local Settings\{FB50CF00-D5F6-4EB6-AE66-FB14021C0818}
2012-10-01 07:23 - 2012-10-01 07:24 - 00000000 ____D C:\Users\Sam\AppData\Local\{FB50CF00-D5F6-4EB6-AE66-FB14021C0818}
2012-09-30 19:23 - 2012-09-30 19:23 - 00000000 ____D C:\Users\Sam\Local Settings\Application Data\{628B9716-4FF8-4D0E-B608-653AB6678DFA}
2012-09-30 19:23 - 2012-09-30 19:23 - 00000000 ____D C:\Users\Sam\Local Settings\{628B9716-4FF8-4D0E-B608-653AB6678DFA}
2012-09-30 19:23 - 2012-09-30 19:23 - 00000000 ____D C:\Users\Sam\AppData\Local\{628B9716-4FF8-4D0E-B608-653AB6678DFA}
2012-09-29 21:20 - 2012-09-29 21:20 - 00000000 ____D C:\Users\Sam\Local Settings\Application Data\{298CC346-7C0E-4208-959F-6906917A5536}
2012-09-29 21:20 - 2012-09-29 21:20 - 00000000 ____D C:\Users\Sam\Local Settings\{298CC346-7C0E-4208-959F-6906917A5536}
2012-09-29 21:20 - 2012-09-29 21:20 - 00000000 ____D C:\Users\Sam\AppData\Local\{298CC346-7C0E-4208-959F-6906917A5536}
2012-09-29 08:55 - 2012-09-29 08:56 - 00000000 ____D C:\Users\Sam\Local Settings\Application Data\{B4CF36F1-BAC1-4EE0-8C48-82A69AA6D808}
2012-09-29 08:55 - 2012-09-29 08:56 - 00000000 ____D C:\Users\Sam\Local Settings\{B4CF36F1-BAC1-4EE0-8C48-82A69AA6D808}
2012-09-29 08:55 - 2012-09-29 08:56 - 00000000 ____D C:\Users\Sam\AppData\Local\{B4CF36F1-BAC1-4EE0-8C48-82A69AA6D808}

==================== 3 Months Modified Files ==================

2012-10-29 14:18 - 2011-09-27 23:00 - 01915220 ____A C:\Windows\WindowsUpdate.log
2012-10-29 13:58 - 2012-01-20 13:27 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2959704521-1845163907-2626882050-1001UA.job
2012-10-29 13:58 - 2012-01-20 13:25 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-10-29 13:27 - 2009-07-13 23:45 - 00020928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-10-29 13:27 - 2009-07-13 23:45 - 00020928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-10-29 11:58 - 2012-01-20 13:27 - 00000848 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2959704521-1845163907-2626882050-1001Core.job
2012-10-29 10:59 - 2009-07-14 00:13 - 00779788 ____A C:\Windows\System32\PerfStringBackup.INI
2012-10-29 10:56 - 2012-08-14 14:07 - 00000395 ____A C:\rkill.log
2012-10-29 10:54 - 2012-10-28 18:28 - 00000448 ____A C:\Windows\setupact.log
2012-10-29 10:54 - 2012-01-20 13:25 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-10-29 10:54 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-10-29 10:41 - 2012-10-29 10:38 - 04991170 ____R (Swearware) C:\Users\Sam\Desktop\ComboFix.exe
2012-10-29 10:41 - 2009-07-14 00:08 - 00032602 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-10-28 22:31 - 2012-10-28 22:28 - 00003397 ____A C:\Windows\IE9_main.log
2012-10-28 22:30 - 2012-10-28 22:30 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-10-28 22:30 - 2012-10-28 22:30 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-10-28 22:30 - 2012-10-28 22:30 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-10-28 22:30 - 2012-10-28 22:30 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-10-28 22:30 - 2012-10-28 22:30 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-10-28 22:30 - 2012-10-28 22:30 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-10-28 22:30 - 2012-10-28 22:30 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-10-28 22:30 - 2012-10-28 22:30 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-10-28 22:30 - 2012-10-28 22:30 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-10-28 22:30 - 2012-10-28 22:30 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-10-28 22:30 - 2012-10-28 22:30 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-10-28 22:30 - 2012-10-28 22:30 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-10-28 22:30 - 2012-10-28 22:30 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-10-28 22:30 - 2012-10-28 22:30 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-10-28 22:30 - 2012-10-28 22:30 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-10-28 22:30 - 2012-10-28 22:30 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-10-28 22:30 - 2012-10-28 22:30 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-10-28 22:30 - 2012-10-28 22:30 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-10-28 22:30 - 2012-10-28 22:30 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-10-28 22:30 - 2012-10-28 22:30 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-10-28 22:30 - 2012-10-28 22:30 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-10-28 22:30 - 2012-10-28 22:30 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-10-28 22:30 - 2012-10-28 22:30 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-10-28 22:30 - 2012-10-28 22:30 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-10-28 22:30 - 2012-10-28 22:30 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-10-28 22:30 - 2012-10-28 22:30 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-10-28 22:30 - 2012-10-28 22:30 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-10-28 21:54 - 2012-10-28 21:54 - 00189859 ____A C:\Users\Sam\Desktop\Attach DDS.txt
2012-10-28 21:53 - 2012-10-28 21:53 - 00189859 ____A C:\Users\Sam\Desktop\attach.txt
2012-10-28 21:53 - 2012-10-28 21:53 - 00023097 ____A C:\Users\Sam\Desktop\dds.txt
2012-10-28 21:51 - 2012-10-28 21:51 - 00687724 ____R (Swearware) C:\Users\Sam\Desktop\dds.com
2012-10-28 21:48 - 2012-10-28 21:48 - 00000568 ____A C:\Users\Sam\Desktop\MBR.zip
2012-10-28 21:46 - 2012-10-28 20:33 - 00004377 ____A C:\Users\Sam\Desktop\aswMBR.txt
2012-10-28 21:46 - 2012-10-28 20:33 - 00000512 ____A C:\Users\Sam\Desktop\MBR.dat
2012-10-28 20:04 - 2012-05-15 09:54 - 04731392 ____A (AVAST Software) C:\Users\Sam\Desktop\aswMBR.exe
2012-10-28 18:28 - 2012-10-28 18:28 - 00000000 ____A C:\Windows\setuperr.log
2012-10-27 16:09 - 2011-11-03 22:31 - 00083904 ____A C:\Users\Sam\Local Settings\GDIPFONTCACHEV1.DAT
2012-10-27 16:09 - 2011-11-03 22:31 - 00083904 ____A C:\Users\Sam\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-10-27 16:09 - 2011-11-03 22:31 - 00083904 ____A C:\Users\Sam\AppData\Local\GDIPFONTCACHEV1.DAT
2012-10-27 16:09 - 2009-07-13 23:45 - 00355576 ____A C:\Windows\System32\FNTCACHE.DAT
2012-10-27 16:07 - 2012-10-27 15:24 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
2012-10-27 16:07 - 2011-09-27 23:11 - 00779614 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-10-27 15:50 - 2012-10-27 15:50 - 00000207 ____A C:\Windows\tweaking.com-regbackup-D4N1OCK52-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2012-10-27 15:23 - 2012-10-27 15:23 - 00002293 ____A C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2012-10-27 15:23 - 2012-10-27 15:23 - 00002293 ____A C:\Users\All Users\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2012-10-27 09:32 - 2012-10-27 09:32 - 76362840 ____A (Microsoft Corporation) C:\Users\Sam\Downloads\msert.exe
2012-10-26 16:06 - 2012-05-22 07:12 - 00001945 ____A C:\Windows\epplauncher.mif
2012-10-26 13:49 - 2012-10-26 13:49 - 00001810 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-10-26 13:49 - 2012-10-26 13:49 - 00001810 ____A C:\Users\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-10-26 13:16 - 2012-03-15 09:42 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-10-26 13:16 - 2012-03-15 09:42 - 00001115 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-10-25 15:47 - 2012-10-25 15:47 - 00000039 ____A C:\Users\Sam\Downloads\fixlist (1).txt
2012-10-25 15:40 - 2012-10-25 15:40 - 00000039 ____A C:\Users\Sam\Downloads\fixlist.txt
2012-10-25 11:22 - 2012-10-25 11:22 - 19752024 ____A (Microsoft Corporation) C:\Users\Sam\Downloads\mpas-fe.exe
2012-10-24 10:12 - 2012-06-09 09:22 - 00002413 ____A C:\Windows\SysWOW64\lgAxconfig.ini
2012-10-24 06:55 - 2012-10-24 06:55 - 00001202 ____A C:\Users\Public\Desktop\Uninstaller.lnk
2012-10-24 06:55 - 2012-10-24 06:55 - 00001202 ____A C:\Users\All Users\Desktop\Uninstaller.lnk
2012-10-24 06:55 - 2012-10-24 06:55 - 00001151 ____A C:\Users\Public\Desktop\Advanced SystemCare 6.lnk
2012-10-24 06:55 - 2012-10-24 06:55 - 00001151 ____A C:\Users\All Users\Desktop\Advanced SystemCare 6.lnk
2012-10-20 15:32 - 2012-10-20 15:29 - 83023306 ___AT C:\Users\All Users\dsgsdgdsgdsgw.pad
2012-10-20 15:32 - 2012-10-20 15:29 - 83023306 ___AT C:\Users\All Users\Application Data\dsgsdgdsgdsgw.pad
2012-10-15 15:07 - 2012-10-15 15:07 - 00001025 ____A C:\Users\Public\Desktop\iExplorer.lnk
2012-10-15 15:07 - 2012-10-15 15:07 - 00001025 ____A C:\Users\All Users\Desktop\iExplorer.lnk
2012-10-15 15:07 - 2012-10-15 15:06 - 08615280 ____A (Macroplant LLC ) C:\Users\Sam\Downloads\iExplorer_3_Setup.exe
2012-10-11 16:40 - 2012-10-11 16:40 - 00197169 ____A C:\Users\Sam\Downloads\Odin3 v1.7.zip
2012-10-11 16:35 - 2012-10-11 16:22 - 258865026 ____A C:\Users\Sam\Downloads\I9000XXJVS.zip
2012-10-10 16:59 - 2012-01-20 13:33 - 00002482 ____A C:\Users\Sam\Desktop\Google Chrome.lnk
2012-10-10 11:35 - 2012-10-10 11:35 - 00000959 ____A C:\Users\Sam\Desktop\MagicDisc.lnk
2012-10-10 11:35 - 2012-10-10 11:35 - 00000959 ____A C:\Users\QBPOSDBSrvUser\Desktop\MagicDisc.lnk
2012-10-10 11:35 - 2012-10-10 11:35 - 00000959 ____A C:\Users\QBDataServiceUser22\Desktop\MagicDisc.lnk
2012-10-10 11:21 - 2012-10-10 11:07 - 1789542400 ____A C:\Users\Sam\Downloads\Windows® AIK for Windows® 7
2012-10-10 11:07 - 2012-10-10 11:07 - 00002525 ____A C:\Users\Public\Desktop\Microsoft Download Manager.lnk
2012-10-10 11:07 - 2012-10-10 11:07 - 00002525 ____A C:\Users\All Users\Desktop\Microsoft Download Manager.lnk
2012-10-09 06:35 - 2012-03-30 06:08 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-10-09 06:35 - 2011-11-18 23:57 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-10-06 13:56 - 2012-10-06 13:56 - 00398715 ____A C:\Users\Sam\Downloads\iREB-r5.zip
2012-10-06 10:10 - 2012-10-06 10:10 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-10-06 10:10 - 2012-10-06 10:10 - 00001785 ____A C:\Users\All Users\Desktop\iTunes.lnk
2012-09-29 18:54 - 2012-03-15 09:42 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-27 23:18 - 2011-11-04 08:16 - 65309168 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-09-20 09:54 - 2012-09-20 09:54 - 01673061 ____A C:\Users\Sam\Downloads\Windows_Loader_v2.1.7.zip
2012-09-15 13:53 - 2012-09-15 13:53 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_ZuneDriver_01_09_00.Wdf
2012-09-15 13:53 - 2012-09-15 13:53 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2012-09-15 12:40 - 2012-09-15 12:36 - 330365440 ____A (Lenovo Group Limited ) C:\Users\Sam\Downloads\g1w213ww.exe
2012-09-14 14:19 - 2012-10-28 22:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-09-14 13:28 - 2012-10-28 22:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-09-14 12:24 - 2012-09-14 12:24 - 01002912 ____A (Hewlett Packard ) C:\Users\Sam\Downloads\sp24007 (1).exe
2012-09-14 12:23 - 2012-09-14 12:23 - 01002912 ____A (Hewlett Packard ) C:\Users\Sam\Downloads\sp24007.exe
2012-08-31 13:19 - 2012-10-28 22:24 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-08-30 21:03 - 2012-08-30 21:03 - 00228768 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-08-30 21:03 - 2012-08-30 21:03 - 00128456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
2012-08-30 13:03 - 2012-10-28 22:24 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-08-30 12:12 - 2012-10-28 22:24 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-08-30 12:12 - 2012-10-28 22:24 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-08-24 13:05 - 2012-10-28 22:23 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-08-24 11:57 - 2012-10-28 22:23 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-08-23 12:12 - 2012-08-23 12:10 - 05680343 ____A C:\Users\Sam\Downloads\Install_Vista_6239_06212010.zip
2012-08-22 13:12 - 2012-10-28 22:24 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-08-22 13:12 - 2012-10-28 22:24 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-08-22 13:12 - 2012-10-28 22:24 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-08-22 13:12 - 2012-10-28 22:24 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-08-21 16:01 - 2012-10-28 22:23 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2012-08-21 13:44 - 2012-08-21 13:44 - 00041984 ____A C:\Users\Sam\Downloads\334 (1).xls
2012-08-21 13:43 - 2012-08-21 13:43 - 00041984 ____A C:\Users\Sam\Downloads\334.xls
2012-08-21 12:01 - 2012-10-06 10:10 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-08-21 12:01 - 2012-03-23 09:57 - 00125872 ____A (GEAR Software Inc.) C:\Windows\System32\GEARAspi64.dll
2012-08-21 12:01 - 2012-03-23 09:57 - 00106928 ____A (GEAR Software Inc.) C:\Windows\SysWOW64\GEARAspi.dll
2012-08-20 13:48 - 2012-10-28 22:24 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-08-20 13:48 - 2012-10-28 22:24 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-08-20 13:48 - 2012-10-28 22:24 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-08-20 13:48 - 2012-10-28 22:24 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-08-20 13:48 - 2012-10-28 22:24 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-08-20 13:48 - 2012-10-28 22:24 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-08-20 13:48 - 2012-10-28 22:24 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-08-20 13:46 - 2012-10-28 22:24 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-08-20 13:38 - 2012-10-28 22:24 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 13:38 - 2012-10-28 22:24 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-08-20 13:38 - 2012-10-28 22:24 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 13:38 - 2012-10-28 22:24 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 13:38 - 2012-10-28 22:24 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 13:38 - 2012-10-28 22:24 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 13:38 - 2012-10-28 22:24 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 13:38 - 2012-10-28 22:24 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 13:38 - 2012-10-28 22:24 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 13:38 - 2012-10-28 22:24 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 13:38 - 2012-10-28 22:24 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 13:38 - 2012-10-28 22:24 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 13:38 - 2012-10-28 22:24 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 13:38 - 2012-10-28 22:24 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 13:38 - 2012-10-28 22:24 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 13:38 - 2012-10-28 22:24 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 13:38 - 2012-10-28 22:24 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-08-20 13:38 - 2012-10-28 22:24 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-08-20 13:38 - 2012-10-28 22:24 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 13:38 - 2012-10-28 22:24 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-08-20 13:38 - 2012-10-28 22:24 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 13:38 - 2012-10-28 22:24 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 13:38 - 2012-10-28 22:24 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 13:38 - 2012-10-28 22:24 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 13:38 - 2012-10-28 22:24 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 13:38 - 2012-10-28 22:24 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 13:38 - 2012-10-28 22:24 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 13:38 - 2012-10-28 22:24 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-08-20 12:40 - 2012-10-28 22:24 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-08-20 12:38 - 2012-10-28 22:24 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-08-20 12:37 - 2012-10-28 22:24 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-08-20 12:37 - 2012-10-28 22:24 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-08-20 12:37 - 2012-10-28 22:24 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-08-20 12:32 - 2012-10-28 22:24 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-08-20 12:32 - 2012-10-28 22:24 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 12:32 - 2012-10-28 22:24 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 12:32 - 2012-10-28 22:24 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 12:32 - 2012-10-28 22:24 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 12:32 - 2012-10-28 22:24 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 12:32 - 2012-10-28 22:24 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 12:32 - 2012-10-28 22:24 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 12:32 - 2012-10-28 22:24 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 12:32 - 2012-10-28 22:24 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 12:32 - 2012-10-28 22:24 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 12:32 - 2012-10-28 22:24 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 12:32 - 2012-10-28 22:24 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 12:32 - 2012-10-28 22:24 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-08-20 12:32 - 2012-10-28 22:24 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 12:32 - 2012-10-28 22:24 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 12:32 - 2012-10-28 22:24 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-08-20 12:32 - 2012-10-28 22:24 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 12:32 - 2012-10-28 22:24 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 12:32 - 2012-10-28 22:24 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 12:32 - 2012-10-28 22:24 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 12:32 - 2012-10-28 22:24 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 12:32 - 2012-10-28 22:24 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 12:32 - 2012-10-28 22:24 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-08-20 10:38 - 2012-10-28 22:24 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-08-20 10:38 - 2012-10-28 22:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-08-20 10:33 - 2012-10-28 22:24 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 10:33 - 2012-10-28 22:24 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 10:33 - 2012-10-28 22:24 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 10:33 - 2012-10-28 22:24 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-08-15 20:00 - 2012-08-15 20:00 - 00001097 ____A C:\Users\Sam\Desktop\HDD Regenerator - Shortcut.lnk
2012-08-15 19:27 - 2012-08-15 19:27 - 00803584 ____A (Microsoft Corporation) C:\Users\Sam\Desktop\mssstool32.exe
2012-08-15 09:45 - 2012-08-15 09:45 - 542680775 ____A C:\Users\Sam\My Documents\Windows XP Home Edition + SP3 - Clean Untouched - www.GuruFuel.com.rar
2012-08-15 09:45 - 2012-08-15 09:45 - 542680775 ____A C:\Users\Sam\Documents\Windows XP Home Edition + SP3 - Clean Untouched - www.GuruFuel.com.rar
2012-08-14 09:57 - 2012-08-14 09:57 - 15212951 ____A C:\Users\Sam\Downloads\xp&vista&seven loader by technohackzs.rar
2012-08-10 19:56 - 2012-10-28 22:24 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-08-10 18:56 - 2012-10-28 22:24 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2012-08-09 09:29 - 2012-08-09 09:29 - 01009803 ____A C:\Users\Sam\Downloads\1520_A09.EXE
2012-08-07 15:43 - 2012-08-07 11:45 - 00010235 ____A C:\Users\Sam\My Documents\Cranknut Screen Repairs.xlsx
2012-08-07 15:43 - 2012-08-07 11:45 - 00010235 ____A C:\Users\Sam\Documents\Cranknut Screen Repairs.xlsx
2012-08-02 12:58 - 2012-10-28 22:24 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-08-02 11:57 - 2012-10-28 22:24 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll

ZeroAccess:
C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}
C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\L

ZeroAccess:
C:\Users\Sam\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}
C:\Users\Sam\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\L
C:\Users\Sam\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-10-23 07:54:30
Restore point made on: 2012-10-26 13:11:10
Restore point made on: 2012-10-27 15:49:17
Restore point made on: 2012-10-27 15:49:47
Restore point made on: 2012-10-28 22:24:57
Restore point made on: 2012-10-28 22:26:31

==================== Memory info ===========================

Percentage of memory in use: 22%
Total physical RAM: 4003.17 MB
Available physical RAM: 3098.86 MB
Total Pagefile: 4001.37 MB
Available Pagefile: 3101.11 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:314.5 GB) NTFS
2 Drive d: (Recovery) (Fixed) (Total:13.66 GB) (Free:3.14 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: (DELLUTILITY) (Fixed) (Total:0.1 GB) (Free:0.1 GB) FAT
6 Drive j: () (Removable) (Total:3.8 GB) (Free:3.63 GB) FAT32
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 1016 MB
Disk 1 Online 3894 MB 0 B
Disk 2 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 13 GB 101 MB
Partition 3 Primary 451 GB 14 GB

==================================================================================

Disk: 0
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 F DELLUTILITY FAT Partition 100 MB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D Recovery NTFS Partition 13 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C OS NTFS Partition 451 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3894 MB 64 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 J FAT32 Removable 3894 MB Healthy

=========================================================

Last Boot: 2012-10-26 12:55

==================== End Of Log =============================

#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:48 PM

Posted 30 October 2012 - 08:55 AM

Zero Access infection found. We will use this tool to remove it.


Please download RogueKiller© by Tigzy from one of the links below and save it to your desktop.

Link 1 Bleepingcomputer
Link 2 RogueKiller (par Tigzy)

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

#14 yankmansg

yankmansg
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 30 October 2012 - 09:06 AM

RogueKiller V8.2.1 [10/29/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Sam [Admin rights]
Mode : Scan -- Date : 10/30/2012 10:00:49

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[TASK][SUSP PATH] {2C4DA4AF-41AB-4BC7-B454-55D2DE17DEBA} : C:\windows\system32\pcalua.exe -a C:\Users\Sam\Desktop\HDDREG\setup.exe -d C:\Users\Sam\Desktop\HDDREG -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] L : C:\windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\L --> FOUND
[ZeroAccess][FOLDER] U : C:\Users\Sam\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U --> FOUND
[ZeroAccess][FOLDER] L : C:\Users\Sam\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\L --> FOUND

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess|Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000BPVT-75HXZT3 +++++
--- User ---
[MBR] e6466cd71c36b38ff4597a226dc32ca1
[BSP] e6901791ae57aa8c18721a361b31ee36 : Xpaj MBR Code!
Partition table:
0 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 13983 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 461838 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: SanDisk Cruzer Edge USB Device +++++
--- User ---
[MBR] 33a0f33fb7e7f518f64aedcb9dad35b0
[BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 32 | Size: 7633 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt

#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:48 PM

Posted 30 October 2012 - 10:01 AM

Run RogueKiller again and click Scan
When the scan completes > click on the Registry tab
Put a check next to all of these and uncheck the rest: (if found)

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND


Now click Delete on the right hand column under Options
===

Next click on the Files tab and put a check next to these and uncheck the rest. (if found)

[ZeroAccess][FOLDER] L : C:\windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\L --> FOUND
[ZeroAccess][FOLDER] U : C:\Users\Sam\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U --> FOUND
[ZeroAccess][FOLDER] L : C:\Users\Sam\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\L --> FOUND


Now click Delete on the right hand column under Options

Post back the report which should be located on your desktop.
===

Try now to execute the instuctions in post N0. 8 and post the logs for my review.

Let me know what problem persists.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users