Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with TDSS or MBR Rootkit


  • This topic is locked This topic is locked
9 replies to this topic

#1 desertized

desertized

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 30 March 2013 - 02:15 PM

I am certain my laptop has been infected with a rootkit or malware.  It's possible it's a hard drive failure but I don't believe that is the case. 

 

I have used several types of cleaner programs and all have failed.  I have tried clean installs of the OS, I have wiped the drive securely using Darik's Boot and Nuke, I have used Hirens Boot CD and tried everything I could get to work - all to no avail.  I have yet to get the Seagate harddrive to even be recognized using Seagate hard disk tools.  On this last install of the OS I used Rogue Killer and it again flagged the same found registry keys.  I have run DDS and while I am not an expert it looks F'd up to me.  I have updated Windows after this last install this morning and I'm ready to get after this problem. 

 

Help!  I will be donating to whoever helps me with this problem.  I am eager to donate.  I need this laptop to work.  I cant take on this problem myself after having tried.  TDSS Killer comes up with nothing. From reading about some of the stuff that has been flagged I get the impression this is an MBR rootkit?   Using one program in Hirens Boot CD I was told I have a virus in memory.  Whatever it is, it won't go away.

 

Thanks.

 

My DDS log follows.  Attached is my other DDS log and my Rogue Killer report. 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16521
Run by LMG at 11:46:30 on 2013-03-30
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6052.4435 [GMT -7:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ccSvcHst.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\System32\WUDFHost.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ccSvcHst.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Users\LMG\Desktop\RogueKiller.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_2_202_228_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\taskeng.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\IPS\ipsbho.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\coieplg.dll
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{18710E79-107B-4DB6-891C-33661F6513F0} : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe"
x64-Run: [Logitech Download Assistant] C:\windows\System32\rundll32.exe C:\windows\System32\LogiLDA.dll,LogiFetch
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\windows\System32\drivers\N360x64\1403000.024\SymDS64.sys [2013-3-30 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\System32\drivers\N360x64\1403000.024\SymEFA64.sys [2013-3-30 1139800]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\BASHDefs\20130322.001\BHDrvx64.sys [2013-3-21 1387608]
R1 ccSet_N360;Norton 360 Settings Manager;C:\windows\System32\drivers\N360x64\1403000.024\ccSetx64.sys [2013-3-30 168096]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\IPSDefs\20130329.001\IDSviA64.sys [2013-3-29 513184]
R1 SymIRON;Symantec Iron Driver;C:\windows\System32\drivers\N360x64\1403000.024\Ironx64.sys [2013-3-30 224416]
R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\drivers\N360x64\1403000.024\symnets.sys [2013-3-30 432800]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-6-18 89600]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [2011-5-20 146592]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe [2011-5-20 80032]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-12 249648]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-6-18 13336]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ccSvcHst.exe [2013-3-30 144520]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-6-18 1695040]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-6-18 2656280]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\windows\System32\drivers\btath_flt.sys [2011-5-20 36000]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\windows\System32\drivers\btath_a2dp.sys [2011-5-20 298656]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\windows\System32\drivers\btath_bus.sys [2011-5-20 29344]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\windows\System32\drivers\btath_hcrp.sys [2011-5-20 201376]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\windows\System32\drivers\btath_lwflt.sys [2011-5-20 55456]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\windows\System32\drivers\btath_rcp.sys [2011-5-20 154272]
R3 BtFilter;BtFilter;C:\windows\System32\drivers\btfilter.sys [2011-5-20 282272]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2012-6-18 317440]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2012-6-18 250984]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-3-30 19456]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2013-3-30 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2013-3-30 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2013-3-30 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-03-30 18:33:49 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2013-03-30 18:17:06 -------- d-----w- C:\ProgramData\Norton
2013-03-30 18:02:37 -------- d-----w- C:\windows\SysWow64\Wat
2013-03-30 18:02:36 -------- d-----w- C:\windows\System32\Wat
2013-03-30 17:53:09 3072 ----a-w- C:\windows\System32\drivers\en-US\tsusbflt.sys.mui
2013-03-30 17:50:59 2776576 ----a-w- C:\windows\System32\msmpeg2vdec.dll
2013-03-30 17:25:58 9728 ----a-w- C:\windows\System32\Wdfres.dll
2013-03-30 17:25:58 785512 ----a-w- C:\windows\System32\drivers\Wdf01000.sys
2013-03-30 17:25:58 54376 ----a-w- C:\windows\System32\drivers\WdfLdr.sys
2013-03-30 17:25:58 2560 ----a-w- C:\windows\System32\drivers\en-US\wdf01000.sys.mui
2013-03-30 17:11:31 46080 ----a-w- C:\windows\System32\atmlib.dll
2013-03-30 17:11:31 367616 ----a-w- C:\windows\System32\atmfd.dll
2013-03-30 17:11:31 34304 ----a-w- C:\windows\SysWow64\atmlib.dll
2013-03-30 17:11:31 295424 ----a-w- C:\windows\SysWow64\atmfd.dll
2013-03-30 17:10:55 87040 ----a-w- C:\windows\System32\drivers\WUDFPf.sys
2013-03-30 17:10:55 84992 ----a-w- C:\windows\System32\WUDFSvc.dll
2013-03-30 17:10:55 198656 ----a-w- C:\windows\System32\drivers\WUDFRd.sys
2013-03-30 17:10:55 194048 ----a-w- C:\windows\System32\WUDFPlatform.dll
2013-03-30 17:10:54 744448 ----a-w- C:\windows\System32\WUDFx.dll
2013-03-30 17:10:54 45056 ----a-w- C:\windows\System32\WUDFCoinstaller.dll
2013-03-30 17:10:54 229888 ----a-w- C:\windows\System32\WUDFHost.exe
2013-03-30 17:03:33 19968 ----a-w- C:\windows\System32\drivers\usb8023.sys
2013-03-30 17:01:49 45568 ----a-w- C:\windows\SysWow64\oflc-nz.rs
2013-03-30 17:00:04 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2013-03-30 17:00:04 2048 ----a-w- C:\windows\System32\tzres.dll
2013-03-30 16:58:54 209920 ----a-w- C:\windows\System32\profsvc.dll
2013-03-30 16:57:32 1499136 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2013-03-30 16:53:36 90624 ----a-w- C:\windows\System32\drivers\bowser.sys
2013-03-30 16:53:24 559104 ----a-w- C:\windows\System32\spoolsv.exe
2013-03-30 16:53:23 67072 ----a-w- C:\windows\splwow64.exe
2013-03-30 16:45:09 -------- d-----w- C:\Users\LMG\AppData\Local\CrashDumps
2013-03-30 16:37:00 -------- d-----w- C:\Users\LMG\AppData\Roaming\Dell
2013-03-30 16:36:55 -------- d-----w- C:\Users\LMG\AppData\Roaming\Fingertapps
2013-03-30 16:36:55 -------- d-----w- C:\Users\LMG\AppData\Local\BMExplorer
2013-03-30 16:36:51 -------- d-----w- C:\Users\LMG\AppData\Local\Dell
2013-03-30 16:36:49 -------- d-----w- C:\Users\LMG\AppData\Roaming\Intel Corporation
2013-03-30 16:36:19 -------- d-sh--w- C:\$RECYCLE.BIN
2013-03-30 16:36:18 -------- d-----w- C:\Users\LMG\AppData\Local\VirtualStore
2013-03-30 16:32:35 2622464 ----a-w- C:\windows\System32\wucltux.dll
2013-03-30 16:32:18 99840 ----a-w- C:\windows\System32\wudriver.dll
2013-03-30 16:14:57 -------- d-----w- C:\windows\SMINST
.
==================== Find3M  ====================
.
2013-03-30 18:19:43 177312 ----a-w- C:\windows\System32\drivers\SYMEVENT64x86.SYS
2013-02-12 05:45:24 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 308736 ----a-w- C:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 111104 ----a-w- C:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 474112 ----a-w- C:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- C:\windows\apppatch\AcGenral.dll
2013-01-31 03:18:18 432800 ----a-r- C:\windows\System32\drivers\N360x64\1403000.024\symnets.sys
2013-01-31 03:18:06 1139800 ----a-r- C:\windows\System32\drivers\N360x64\1403000.024\SymEFA64.sys
2013-01-29 01:45:19 796248 ----a-r- C:\windows\System32\drivers\N360x64\1403000.024\srtsp64.sys
2013-01-29 01:45:19 36952 ----a-r- C:\windows\System32\drivers\N360x64\1403000.024\srtspx64.sys
2013-01-22 02:15:33 493656 ----a-r- C:\windows\System32\drivers\N360x64\1403000.024\SymDS64.sys
2013-01-13 21:17:03 9728 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17:02 2560 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16:42 10752 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12:46 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11:21 4096 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11:08 5632 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11:07 5632 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35:31 9728 ---ha-w- C:\windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35:31 2560 ---ha-w- C:\windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35:18 10752 ---ha-w- C:\windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32:07 3584 ---ha-w- C:\windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31:48 4096 ---ha-w- C:\windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31:41 5632 ---ha-w- C:\windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31:40 5632 ---ha-w- C:\windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31:00 1247744 ----a-w- C:\windows\SysWow64\DWrite.dll
2013-01-13 20:22:22 1988096 ----a-w- C:\windows\SysWow64\d3d10warp.dll
2013-01-13 20:20:31 293376 ----a-w- C:\windows\SysWow64\dxgi.dll
2013-01-13 20:09:00 249856 ----a-w- C:\windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08:43 220160 ----a-w- C:\windows\SysWow64\d3d10core.dll
2013-01-13 20:08:35 1504768 ----a-w- C:\windows\SysWow64\d3d11.dll
2013-01-13 19:59:04 1643520 ----a-w- C:\windows\System32\DWrite.dll
2013-01-13 19:58:28 1175552 ----a-w- C:\windows\System32\FntCache.dll
2013-01-13 19:54:01 604160 ----a-w- C:\windows\SysWow64\d3d10level9.dll
2013-01-13 19:53:58 207872 ----a-w- C:\windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53:14 187392 ----a-w- C:\windows\SysWow64\UIAnimation.dll
2013-01-13 19:51:30 2565120 ----a-w- C:\windows\System32\d3d10warp.dll
2013-01-13 19:49:17 363008 ----a-w- C:\windows\System32\dxgi.dll
2013-01-13 19:48:47 161792 ----a-w- C:\windows\SysWow64\d3d10_1.dll
2013-01-13 19:46:25 1080832 ----a-w- C:\windows\SysWow64\d3d10.dll
2013-01-13 19:43:21 1230336 ----a-w- C:\windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38:39 333312 ----a-w- C:\windows\System32\d3d10_1core.dll
2013-01-13 19:38:32 1887232 ----a-w- C:\windows\System32\d3d11.dll
2013-01-13 19:38:21 296960 ----a-w- C:\windows\System32\d3d10core.dll
2013-01-13 19:37:57 3419136 ----a-w- C:\windows\SysWow64\d2d1.dll
2013-01-13 19:25:04 245248 ----a-w- C:\windows\System32\WindowsCodecsExt.dll
2013-01-13 19:24:33 648192 ----a-w- C:\windows\System32\d3d10level9.dll
2013-01-13 19:24:30 221184 ----a-w- C:\windows\System32\UIAnimation.dll
2013-01-13 19:20:42 194560 ----a-w- C:\windows\System32\d3d10_1.dll
2013-01-13 19:20:04 1238528 ----a-w- C:\windows\System32\d3d10.dll
2013-01-13 19:15:40 1424384 ----a-w- C:\windows\System32\WindowsCodecs.dll
2013-01-13 19:10:36 3928064 ----a-w- C:\windows\System32\d2d1.dll
2013-01-13 19:02:06 417792 ----a-w- C:\windows\SysWow64\WMPhoto.dll
2013-01-13 18:34:58 364544 ----a-w- C:\windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32:43 465920 ----a-w- C:\windows\System32\WMPhoto.dll
2013-01-13 18:09:52 522752 ----a-w- C:\windows\System32\XpsGdiConverter.dll
2013-01-13 17:26:42 1158144 ----a-w- C:\windows\SysWow64\XpsPrint.dll
2013-01-13 17:05:09 1682432 ----a-w- C:\windows\System32\XpsPrint.dll
2013-01-05 05:53:43 5553512 ----a-w- C:\windows\System32\ntoskrnl.exe
2013-01-05 05:00:15 3967848 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00:11 3913064 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2013-01-04 06:11:21 2284544 ----a-w- C:\windows\SysWow64\msmpeg2vdec.dll
2013-01-04 05:46:09 215040 ----a-w- C:\windows\System32\winsrv.dll
2013-01-04 04:51:16 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2013-01-04 04:43:21 44032 ----a-w- C:\windows\apppatch\acwow64.dll
2013-01-04 03:26:48 3153408 ----a-w- C:\windows\System32\win32k.sys
2013-01-04 02:47:35 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2013-01-04 02:47:34 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2013-01-04 02:47:34 2048 ----a-w- C:\windows\SysWow64\user.exe
2013-01-04 02:47:33 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2013-01-03 06:00:54 1913192 ----a-w- C:\windows\System32\drivers\tcpip.sys
2013-01-03 06:00:42 288088 ----a-w- C:\windows\System32\drivers\FWPKCLNT.SYS
.
============= FINISH: 11:47:01.92 ===============

 



 

Attached Files



BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:45 AM

Posted 30 March 2013 - 06:51 PM

Hello and welcome.  Please follow these guidelines while we work on your PC:

  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.”  Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click
icon11.gif   Download and save it to a flash drive.  Note: You need the 64 bit version

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.


To enter System Recovery Options by using Windows installation disc:


  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.


On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64)  and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


Edited by RPMcMurphy, 30 March 2013 - 06:52 PM.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 desertized

desertized
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 30 March 2013 - 11:54 PM

I'm sorry to delay this action, but where you tell me to click on the little yellow icon and download the 64bit version, I am not getting anything except the image of the icon.  I don't see "thread tools" anywhere either.  Please advice.  Thanks for your help on this. 



#4 desertized

desertized
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 31 March 2013 - 01:04 AM

OK, I did a search for frst64.exe and was able to continue.  Here is the log...

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-03-2013 (ATTENTION: FRST version is 17 days old)
Ran by SYSTEM at 30-03-2013 22:58:11
Running from G:\
Windows 7 Home Premium  Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [608112 2011-03-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-05-27] (IDT, Inc.)
HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3668336 2011-03-24] (Dell Inc.)
HKLM\...\Run: [AtherosBtStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" [627360 2011-05-20] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe" [379552 2011-05-20] (Atheros Commnucations)
HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1832760 2012-09-20] (Logitech, Inc.)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-11-15] (Adobe Systems Incorporated)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

==================== Services (Whitelisted) ===================

2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-05-20] (Atheros)
2 N360; "C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ccSvcHst.exe" /s "N360" /m "C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\diMaster.dll" /prefetch:1 [551728 2013-02-06] (Symantec Corporation)

==================== Drivers (Whitelisted) =====================

1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\BASHDefs\20130322.001\BHDrvx64.sys [1387608 2013-03-21] (Symantec Corporation)
1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1403000.024\ccSetx64.sys [168096 2012-11-15] (Symantec Corporation)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-03-29] (Symantec Corporation)
3 EraserUtilDrv11220; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys [138912 2013-03-29] (Symantec Corporation)
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\IPSDefs\20130329.001\IDSvia64.sys [513184 2013-03-29] (Symantec Corporation)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20130330.009\ENG64.SYS [126192 2013-03-29] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20130330.009\EX64.SYS [2087664 2013-03-29] (Symantec Corporation)
3 SRTSP; C:\Windows\system32\drivers\N360x64\1403000.024\SRTSP64.SYS [796248 2013-01-28] (Symantec Corporation)
1 SRTSPX; C:\Windows\system32\drivers\N360x64\1403000.024\SRTSPX64.SYS [36952 2013-01-28] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\N360x64\1403000.024\SYMDS64.SYS [493656 2013-01-21] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\N360x64\1403000.024\SYMEFA64.SYS [1139800 2013-01-30] (Symantec Corporation)
3 SymEvent; \??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-03-30] (Symantec Corporation)
1 SymIRON; C:\Windows\system32\drivers\N360x64\1403000.024\Ironx64.SYS [224416 2012-11-15] (Symantec Corporation)
1 SymNetS; C:\Windows\system32\drivers\N360x64\1403000.024\SYMNETS.SYS [432800 2013-01-30] (Symantec Corporation)
3 CtClsFlt; C:\Windows\System32\DRIVERS\CtClsFlt.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2013-03-30 22:58 - 2013-03-30 22:58 - 00000000 ____D C:\FRST
2013-03-30 20:06 - 2013-03-30 20:08 - 00000000 ____D C:\Program Files\Dell Support Center
2013-03-30 20:04 - 2013-03-30 20:06 - 00000000 ____D C:\Users\LMG\Application Data\PCDr
2013-03-30 20:04 - 2013-03-30 20:06 - 00000000 ____D C:\Users\LMG\AppData\Roaming\PCDr
2013-03-30 20:03 - 2013-03-30 20:07 - 00000000 ____D C:\ProgramData\PCDr
2013-03-30 11:14 - 2013-03-30 11:14 - 00001126 ____A C:\Users\LMG\Desktop\RKreport[1]_S_03302013_02d1135.zip
2013-03-30 11:13 - 2013-03-30 11:13 - 00001796 ____A C:\Users\LMG\Desktop\attach.zip
2013-03-30 10:53 - 2013-03-30 10:53 - 00020246 ____A C:\Users\LMG\Desktop\DDSnote.txt
2013-03-30 10:49 - 2013-03-30 10:49 - 00020246 ____A C:\Users\LMG\My Documents\DDS.txt
2013-03-30 10:49 - 2013-03-30 10:49 - 00020246 ____A C:\Users\LMG\Documents\DDS.txt
2013-03-30 10:47 - 2013-03-30 11:12 - 00020262 ____A C:\Users\LMG\Desktop\dds.txt
2013-03-30 10:47 - 2013-03-30 11:12 - 00004997 ____A C:\Users\LMG\Desktop\attach.txt
2013-03-30 10:44 - 2013-03-30 10:44 - 00688992 ____R (Swearware) C:\Users\LMG\Desktop\dds.com
2013-03-30 10:35 - 2013-03-30 10:35 - 00001810 ____A C:\Users\LMG\Desktop\RKreport[1]_S_03302013_02d1135.txt
2013-03-30 10:34 - 2013-03-30 10:35 - 00000000 ____D C:\Users\LMG\Desktop\RK_Quarantine
2013-03-30 10:34 - 2013-03-22 20:17 - 00890798 ____A C:\Users\LMG\Desktop\SecurityCheck.exe
2013-03-30 10:34 - 2013-03-21 21:16 - 00816128 ____A C:\Users\LMG\Desktop\RogueKiller.exe
2013-03-30 10:33 - 2013-03-24 12:48 - 04745728 ____A (AVAST Software) C:\Users\LMG\Desktop\aswMBR.exe
2013-03-30 10:33 - 2013-03-22 20:21 - 00688992 ____A (Swearware) C:\Users\LMG\Desktop\dds.scr
2013-03-30 10:33 - 2013-03-22 20:15 - 00050477 ____A C:\Users\LMG\Desktop\Defogger.exe
2013-03-30 10:32 - 2013-03-30 09:53 - 00609993 ____A C:\Users\LMG\Desktop\AdwCleaner.exe
2013-03-30 10:32 - 2013-03-24 12:49 - 00377856 ____A C:\Users\LMG\Desktop\630o4wzk.exe
2013-03-30 10:23 - 2013-03-30 09:44 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\LMG\Desktop\funlittleprogram.exe
2013-03-30 10:20 - 2013-03-30 10:20 - 00000000 ____D C:\Users\LMG\My Documents\Symantec
2013-03-30 10:20 - 2013-03-30 10:20 - 00000000 ____D C:\Users\LMG\Documents\Symantec
2013-03-30 10:19 - 2013-03-30 10:19 - 00177312 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2013-03-30 10:19 - 2013-03-30 10:19 - 00007466 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
2013-03-30 10:19 - 2013-03-30 10:19 - 00002397 ____A C:\Users\Public\Desktop\Norton 360.lnk
2013-03-30 10:19 - 2013-03-30 10:19 - 00000000 ____D C:\Windows\System32\Drivers\N360x64
2013-03-30 10:19 - 2013-03-30 10:19 - 00000000 ____D C:\Program Files\Symantec
2013-03-30 10:19 - 2013-03-30 10:19 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-03-30 10:19 - 2013-03-30 10:19 - 00000000 ____D C:\Program Files (x86)\Norton 360
2013-03-30 10:17 - 2013-03-30 10:20 - 00000000 ____D C:\ProgramData\Norton
2013-03-30 10:17 - 2013-03-30 10:17 - 00001262 ____A C:\Users\LMG\Desktop\Norton Installation Files.lnk
2013-03-30 10:17 - 2013-03-30 10:17 - 00000000 ____D C:\Users\Public\Downloads\Norton
2013-03-30 10:10 - 2013-03-30 10:10 - 01019328 ____A (Symantec Corporation) C:\Users\LMG\Downloads\N360Downloader.exe
2013-03-30 10:05 - 2013-03-30 10:05 - 00000000 ____D C:\Users\LMG\Application Data\Adobe
2013-03-30 10:05 - 2013-03-30 10:05 - 00000000 ____D C:\Users\LMG\AppData\Roaming\Adobe
2013-03-30 09:54 - 2013-03-30 09:54 - 19221504 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 15407616 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 14317568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 13761024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-03-30 09:54 - 2013-03-30 09:54 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-03-30 09:54 - 2013-03-30 09:54 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 02240512 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 02046464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 01766912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-03-30 09:54 - 2013-03-30 09:54 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-03-30 09:54 - 2013-03-30 09:54 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-03-30 09:54 - 2013-03-30 09:54 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-03-30 09:54 - 2013-03-30 09:54 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 01129984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-03-30 09:54 - 2013-03-30 09:54 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00526848 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-03-30 09:54 - 2013-03-30 09:54 - 00391680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-03-30 09:54 - 2013-03-30 09:54 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-03-30 09:54 - 2013-03-30 09:54 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-03-30 09:54 - 2013-03-30 09:54 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-03-30 09:54 - 2013-03-30 09:54 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-03-30 09:54 - 2013-03-30 09:54 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-03-30 09:54 - 2013-03-30 09:54 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-03-30 09:54 - 2013-03-30 09:54 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-03-30 09:54 - 2013-03-30 09:54 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-03-30 09:54 - 2013-03-30 09:54 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-03-30 09:54 - 2013-03-30 09:54 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-03-30 09:54 - 2013-03-30 09:54 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-03-30 09:54 - 2013-03-30 09:54 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-03-30 09:54 - 2013-03-30 09:54 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-03-30 09:54 - 2013-03-30 09:54 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00039936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-03-30 09:54 - 2013-03-30 09:54 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-03-30 09:54 - 2013-03-30 09:54 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-03-30 09:54 - 2013-03-30 09:54 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-03-30 09:53 - 2013-03-30 09:56 - 00007147 ____A C:\Windows\IE10_main.log
2013-03-30 09:53 - 2012-08-23 06:13 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\rdpudd.dll
2013-03-30 09:53 - 2012-08-23 06:10 - 00019456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys
2013-03-30 09:53 - 2012-08-23 06:08 - 00030208 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbGD.sys
2013-03-30 09:53 - 2012-08-23 06:07 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys
2013-03-30 09:53 - 2012-08-23 05:47 - 00046592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2013-03-30 09:53 - 2012-08-23 05:46 - 00016896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2013-03-30 09:53 - 2012-08-23 05:41 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2013-03-30 09:53 - 2012-08-23 05:40 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2013-03-30 09:53 - 2012-08-23 05:24 - 00015360 ____A (Microsoft Corporation) C:\Windows\System32\RdpGroupPolicyExtension.dll
2013-03-30 09:53 - 2012-08-23 05:20 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\MsRdpWebAccess.dll
2013-03-30 09:53 - 2012-08-23 05:18 - 00037376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-03-30 09:53 - 2012-08-23 05:17 - 00018432 ____A (Microsoft Corporation) C:\Windows\System32\wksprtPS.dll
2013-03-30 09:53 - 2012-08-23 05:06 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbGDCoInstaller.dll
2013-03-30 09:53 - 2012-08-23 04:52 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-03-30 09:53 - 2012-08-23 03:20 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
2013-03-30 09:53 - 2012-08-23 03:15 - 00269312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-03-30 09:53 - 2012-08-23 03:14 - 00384000 ____A (Microsoft Corporation) C:\Windows\System32\wksprt.exe
2013-03-30 09:53 - 2012-08-23 03:12 - 00192000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2013-03-30 09:53 - 2012-08-23 02:54 - 00322560 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2013-03-30 09:53 - 2012-08-23 02:51 - 00228864 ____A (Microsoft Corporation) C:\Windows\System32\rdpendp_winip.dll
2013-03-30 09:53 - 2012-08-23 02:39 - 01048064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2013-03-30 09:53 - 2012-08-23 02:22 - 01123840 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe
2013-03-30 09:53 - 2012-08-23 01:51 - 03174912 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2013-03-30 09:53 - 2012-08-23 00:19 - 04916224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-03-30 09:53 - 2012-08-23 00:13 - 05773824 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-03-30 09:50 - 2013-01-13 13:17 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-30 09:50 - 2013-01-13 13:17 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-03-30 09:50 - 2013-01-13 13:16 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-03-30 09:50 - 2013-01-13 13:12 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-03-30 09:50 - 2013-01-13 13:11 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-03-30 09:50 - 2013-01-13 13:11 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-03-30 09:50 - 2013-01-13 13:11 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-03-30 09:50 - 2013-01-13 13:11 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-03-30 09:50 - 2013-01-13 13:11 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-03-30 09:50 - 2013-01-13 12:35 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-03-30 09:50 - 2013-01-13 12:35 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-30 09:50 - 2013-01-13 12:35 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-03-30 09:50 - 2013-01-13 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-03-30 09:50 - 2013-01-13 12:31 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-03-30 09:50 - 2013-01-13 12:31 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-03-30 09:50 - 2013-01-13 12:31 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-03-30 09:50 - 2013-01-13 12:31 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-03-30 09:50 - 2013-01-13 12:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-03-30 09:50 - 2013-01-13 12:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-03-30 09:50 - 2013-01-13 12:22 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-03-30 09:50 - 2013-01-13 12:20 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-03-30 09:50 - 2013-01-13 12:09 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-03-30 09:50 - 2013-01-13 12:08 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-03-30 09:50 - 2013-01-13 12:08 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-03-30 09:50 - 2013-01-13 11:59 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-03-30 09:50 - 2013-01-13 11:58 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-03-30 09:50 - 2013-01-13 11:54 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-03-30 09:50 - 2013-01-13 11:53 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-03-30 09:50 - 2013-01-13 11:53 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-03-30 09:50 - 2013-01-13 11:51 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-03-30 09:50 - 2013-01-13 11:49 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-03-30 09:50 - 2013-01-13 11:48 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-03-30 09:50 - 2013-01-13 11:46 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-03-30 09:50 - 2013-01-13 11:43 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-03-30 09:50 - 2013-01-13 11:38 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-03-30 09:50 - 2013-01-13 11:38 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-03-30 09:50 - 2013-01-13 11:38 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-03-30 09:50 - 2013-01-13 11:37 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-03-30 09:50 - 2013-01-13 11:25 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-03-30 09:50 - 2013-01-13 11:24 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-03-30 09:50 - 2013-01-13 11:24 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-03-30 09:50 - 2013-01-13 11:20 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-03-30 09:50 - 2013-01-13 11:20 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-03-30 09:50 - 2013-01-13 11:15 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-03-30 09:50 - 2013-01-13 11:10 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-03-30 09:50 - 2013-01-13 11:02 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-03-30 09:50 - 2013-01-13 10:34 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-03-30 09:50 - 2013-01-13 10:32 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-03-30 09:50 - 2013-01-13 10:09 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-03-30 09:50 - 2013-01-13 09:26 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-03-30 09:50 - 2013-01-13 09:05 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-03-30 09:50 - 2013-01-03 22:11 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-03-30 09:50 - 2013-01-03 22:11 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-03-30 09:50 - 2012-08-24 10:13 - 00154480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2013-03-30 09:50 - 2012-08-24 10:09 - 00458712 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2013-03-30 09:50 - 2012-08-24 10:05 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-03-30 09:50 - 2012-08-24 10:03 - 01448448 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2013-03-30 09:50 - 2012-08-24 08:57 - 00247808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-03-30 09:50 - 2012-08-24 08:57 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-03-30 09:50 - 2012-08-24 08:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-03-30 09:50 - 2012-05-04 03:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2013-03-30 09:50 - 2012-05-04 01:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2013-03-30 09:34 - 2013-03-04 13:53 - 72013344 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-03-30 09:25 - 2012-07-25 20:55 - 00785512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2013-03-30 09:25 - 2012-07-25 20:55 - 00054376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2013-03-30 09:25 - 2012-07-25 18:36 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
2013-03-30 09:25 - 2012-06-02 06:35 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2013-03-30 09:11 - 2012-12-16 09:11 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2013-03-30 09:11 - 2012-12-16 06:45 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2013-03-30 09:11 - 2012-12-16 06:13 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-03-30 09:11 - 2012-12-16 06:13 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-03-30 09:10 - 2012-07-25 19:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
2013-03-30 09:10 - 2012-07-25 19:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
2013-03-30 09:10 - 2012-07-25 19:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
2013-03-30 09:10 - 2012-07-25 19:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
2013-03-30 09:10 - 2012-07-25 19:08 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
2013-03-30 09:10 - 2012-07-25 18:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2013-03-30 09:10 - 2012-07-25 18:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2013-03-30 09:10 - 2012-06-02 06:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2013-03-30 09:03 - 2013-02-11 20:12 - 00019968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys
2013-03-30 09:02 - 2012-11-29 21:45 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2013-03-30 09:02 - 2012-11-29 21:45 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-03-30 09:02 - 2012-11-29 21:45 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2013-03-30 09:02 - 2012-11-29 21:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2013-03-30 09:02 - 2012-11-29 21:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-03-30 09:02 - 2012-11-29 21:41 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2013-03-30 09:02 - 2012-11-29 21:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2013-03-30 09:02 - 2012-11-29 21:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2013-03-30 09:02 - 2012-11-29 21:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2013-03-30 09:02 - 2012-11-29 21:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2013-03-30 09:02 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-03-30 09:02 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2013-03-30 09:02 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2013-03-30 09:02 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2013-03-30 09:02 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-03-30 09:02 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-03-30 09:02 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-03-30 09:02 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2013-03-30 09:02 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2013-03-30 09:02 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-03-30 09:02 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2013-03-30 09:02 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2013-03-30 09:02 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2013-03-30 09:02 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2013-03-30 09:02 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2013-03-30 09:02 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2013-03-30 09:02 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2013-03-30 09:02 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2013-03-30 09:02 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2013-03-30 09:02 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-03-30 09:02 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2013-03-30 09:02 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2013-03-30 09:02 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2013-03-30 09:02 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2013-03-30 09:02 - 2012-11-29 20:53 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-03-30 09:02 - 2012-11-29 20:53 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-03-30 09:02 - 2012-11-29 20:45 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-03-30 09:02 - 2012-11-29 20:45 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-03-30 09:02 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-03-30 09:02 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-03-30 09:02 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-03-30 09:02 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-03-30 09:02 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-03-30 09:02 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-03-30 09:02 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-03-30 09:02 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-03-30 09:02 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-03-30 09:02 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-03-30 09:02 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-03-30 09:02 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-03-30 09:02 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-03-30 09:02 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-03-30 09:02 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-03-30 09:02 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-03-30 09:02 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-03-30 09:02 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-03-30 09:02 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-03-30 09:02 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-03-30 09:02 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-03-30 09:02 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-03-30 09:02 - 2012-11-29 19:23 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2013-03-30 09:02 - 2012-11-29 18:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-03-30 09:02 - 2012-11-29 18:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-03-30 09:02 - 2012-11-29 18:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-03-30 09:02 - 2012-11-29 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-03-30 09:02 - 2012-11-29 15:17 - 00420064 ____A C:\Windows\SysWOW64\locale.nls
2013-03-30 09:02 - 2012-11-29 15:15 - 00420064 ____A C:\Windows\System32\locale.nls
2013-03-30 09:01 - 2013-01-03 21:46 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-03-30 09:01 - 2013-01-03 20:51 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-03-30 09:01 - 2013-01-03 18:47 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-03-30 09:01 - 2013-01-03 18:47 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-03-30 09:01 - 2013-01-03 18:47 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-03-30 09:01 - 2013-01-03 18:47 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-03-30 09:01 - 2012-12-07 05:20 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\Wpc.dll
2013-03-30 09:01 - 2012-12-07 05:15 - 02746368 ____A (Microsoft Corporation) C:\Windows\System32\gameux.dll
2013-03-30 09:01 - 2012-12-07 04:26 - 00308736 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2013-03-30 09:01 - 2012-12-07 04:20 - 02576384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2013-03-30 09:01 - 2012-12-07 03:20 - 00045568 ____A (Microsoft) C:\Windows\System32\oflc-nz.rs
2013-03-30 09:01 - 2012-12-07 03:20 - 00044544 ____A (Microsoft) C:\Windows\System32\pegibbfc.rs
2013-03-30 09:01 - 2012-12-07 03:20 - 00043520 ____A (Microsoft) C:\Windows\System32\csrr.rs
2013-03-30 09:01 - 2012-12-07 03:20 - 00030720 ____A (Microsoft) C:\Windows\System32\usk.rs
2013-03-30 09:01 - 2012-12-07 03:20 - 00023552 ____A (Microsoft) C:\Windows\System32\oflc.rs
2013-03-30 09:01 - 2012-12-07 03:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-pt.rs
2013-03-30 09:01 - 2012-12-07 03:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-fi.rs
2013-03-30 09:01 - 2012-12-07 03:19 - 00055296 ____A (Microsoft) C:\Windows\System32\cero.rs
2013-03-30 09:01 - 2012-12-07 03:19 - 00051712 ____A (Microsoft) C:\Windows\System32\esrb.rs
2013-03-30 09:01 - 2012-12-07 03:19 - 00046592 ____A (Microsoft) C:\Windows\System32\fpb.rs
2013-03-30 09:01 - 2012-12-07 03:19 - 00040960 ____A (Microsoft) C:\Windows\System32\cob-au.rs
2013-03-30 09:01 - 2012-12-07 03:19 - 00021504 ____A (Microsoft) C:\Windows\System32\grb.rs
2013-03-30 09:01 - 2012-12-07 03:19 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi.rs
2013-03-30 09:01 - 2012-12-07 03:19 - 00015360 ____A (Microsoft) C:\Windows\System32\djctq.rs
2013-03-30 09:01 - 2012-12-07 02:46 - 00055296 ____A (Microsoft) C:\Windows\SysWOW64\cero.rs
2013-03-30 09:01 - 2012-12-07 02:46 - 00051712 ____A (Microsoft) C:\Windows\SysWOW64\esrb.rs
2013-03-30 09:01 - 2012-12-07 02:46 - 00046592 ____A (Microsoft) C:\Windows\SysWOW64\fpb.rs
2013-03-30 09:01 - 2012-12-07 02:46 - 00045568 ____A (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
2013-03-30 09:01 - 2012-12-07 02:46 - 00044544 ____A (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
2013-03-30 09:01 - 2012-12-07 02:46 - 00043520 ____A (Microsoft) C:\Windows\SysWOW64\csrr.rs
2013-03-30 09:01 - 2012-12-07 02:46 - 00040960 ____A (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2013-03-30 09:01 - 2012-12-07 02:46 - 00030720 ____A (Microsoft) C:\Windows\SysWOW64\usk.rs
2013-03-30 09:01 - 2012-12-07 02:46 - 00023552 ____A (Microsoft) C:\Windows\SysWOW64\oflc.rs
2013-03-30 09:01 - 2012-12-07 02:46 - 00021504 ____A (Microsoft) C:\Windows\SysWOW64\grb.rs
2013-03-30 09:01 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
2013-03-30 09:01 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
2013-03-30 09:01 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi.rs
2013-03-30 09:01 - 2012-12-07 02:46 - 00015360 ____A (Microsoft) C:\Windows\SysWOW64\djctq.rs
2013-03-30 09:01 - 2012-09-25 14:47 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2013-03-30 09:01 - 2012-09-25 14:46 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
2013-03-30 09:00 - 2012-11-08 21:45 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-03-30 09:00 - 2012-11-08 20:42 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-03-30 09:00 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-03-30 09:00 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-03-30 08:59 - 2013-01-04 21:53 - 05553512 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-03-30 08:59 - 2013-01-04 21:00 - 03967848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-03-30 08:59 - 2013-01-04 21:00 - 03913064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-03-30 08:59 - 2013-01-02 22:00 - 01913192 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-03-30 08:59 - 2013-01-02 22:00 - 00288088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2013-03-30 08:59 - 2012-10-31 21:43 - 02002432 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2013-03-30 08:59 - 2012-10-31 21:43 - 01882624 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2013-03-30 08:59 - 2012-10-31 20:47 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2013-03-30 08:59 - 2012-10-31 20:47 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2013-03-30 08:59 - 2012-10-09 10:17 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll
2013-03-30 08:59 - 2012-10-09 10:17 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll
2013-03-30 08:59 - 2012-10-09 09:40 - 00193536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2013-03-30 08:59 - 2012-10-09 09:40 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2013-03-30 08:59 - 2012-10-03 09:44 - 00303104 ____A (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2013-03-30 08:59 - 2012-10-03 09:44 - 00246272 ____A (Microsoft Corporation) C:\Windows\System32\netcorehc.dll
2013-03-30 08:59 - 2012-10-03 09:44 - 00216576 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll
2013-03-30 08:59 - 2012-10-03 09:44 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
2013-03-30 08:59 - 2012-10-03 09:44 - 00018944 ____A (Microsoft Corporation) C:\Windows\System32\netevent.dll
2013-03-30 08:59 - 2012-10-03 09:42 - 00569344 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll
2013-03-30 08:59 - 2012-10-03 08:42 - 00175104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2013-03-30 08:59 - 2012-10-03 08:42 - 00156672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2013-03-30 08:59 - 2012-10-03 08:42 - 00018944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2013-03-30 08:59 - 2012-10-03 08:07 - 00045568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2013-03-30 08:59 - 2012-08-31 10:19 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-03-30 08:59 - 2012-08-22 10:12 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2013-03-30 08:59 - 2012-08-21 13:01 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2013-03-30 08:59 - 2012-08-10 16:56 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2013-03-30 08:59 - 2012-08-10 15:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2013-03-30 08:59 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2013-03-30 08:59 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2013-03-30 08:59 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2013-03-30 08:59 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2013-03-30 08:59 - 2012-01-12 23:12 - 00052224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2013-03-30 08:59 - 2011-04-08 22:58 - 00142336 ____A (Microsoft Corporation) C:\Windows\System32\poqexec.exe
2013-03-30 08:59 - 2011-04-08 21:56 - 00123904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2013-03-30 08:59 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2013-03-30 08:59 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2013-03-30 08:58 - 2013-01-03 19:26 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-03-30 08:58 - 2012-11-22 19:13 - 00068608 ____A (Microsoft Corporation) C:\Windows\System32\taskhost.exe
2013-03-30 08:58 - 2012-11-21 21:44 - 00800768 ____A (Microsoft Corporation) C:\Windows\System32\usp10.dll
2013-03-30 08:58 - 2012-11-21 20:45 - 00626688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2013-03-30 08:58 - 2012-11-19 21:48 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-03-30 08:58 - 2012-11-19 20:51 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-03-30 08:58 - 2012-11-08 21:45 - 00750592 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-03-30 08:58 - 2012-11-08 20:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-03-30 08:58 - 2012-11-01 21:59 - 00478208 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll
2013-03-30 08:58 - 2012-11-01 21:11 - 00376832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2013-03-30 08:58 - 2012-08-24 10:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2013-03-30 08:58 - 2012-08-24 08:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-03-30 08:58 - 2012-08-22 10:12 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2013-03-30 08:58 - 2012-07-06 12:07 - 00552960 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
2013-03-30 08:58 - 2012-07-04 14:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2013-03-30 08:58 - 2012-07-04 14:13 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2013-03-30 08:58 - 2012-07-04 14:13 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2013-03-30 08:58 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2013-03-30 08:58 - 2012-07-04 13:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2013-03-30 08:58 - 2012-07-04 12:26 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
2013-03-30 08:58 - 2012-06-01 21:41 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-03-30 08:58 - 2012-06-01 21:41 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-03-30 08:58 - 2012-06-01 21:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-03-30 08:58 - 2012-06-01 20:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-03-30 08:58 - 2012-06-01 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-03-30 08:58 - 2012-06-01 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-03-30 08:58 - 2012-05-13 21:26 - 00956928 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2013-03-30 08:58 - 2012-05-05 00:36 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
2013-03-30 08:58 - 2012-05-04 23:46 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2013-03-30 08:58 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2013-03-30 08:58 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2013-03-30 08:58 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2013-03-30 08:58 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2013-03-30 08:58 - 2012-03-16 23:58 - 00075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2013-03-30 08:57 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2013-03-30 08:57 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2013-03-30 08:53 - 2012-02-10 22:36 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
2013-03-30 08:53 - 2012-02-10 22:36 - 00067072 ____A (Microsoft Corporation) C:\Windows\splwow64.exe
2013-03-30 08:53 - 2011-02-22 20:55 - 00090624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bowser.sys
2013-03-30 08:45 - 2013-03-30 10:28 - 00000000 ____D C:\Users\LMG\Local Settings\CrashDumps
2013-03-30 08:45 - 2013-03-30 10:28 - 00000000 ____D C:\Users\LMG\Local Settings\Application Data\CrashDumps
2013-03-30 08:45 - 2013-03-30 10:28 - 00000000 ____D C:\Users\LMG\AppData\Local\CrashDumps
2013-03-30 08:37 - 2013-03-30 08:37 - 00000000 ____D C:\Users\LMG\Application Data\Dell
2013-03-30 08:37 - 2013-03-30 08:37 - 00000000 ____D C:\Users\LMG\AppData\Roaming\Dell
2013-03-30 08:36 - 2013-03-30 08:41 - 00000000 ____D C:\Users\LMG\Application Data\Creative
2013-03-30 08:36 - 2013-03-30 08:41 - 00000000 ____D C:\Users\LMG\AppData\Roaming\Creative
2013-03-30 08:36 - 2013-03-30 08:37 - 00000000 ____D C:\Users\LMG\Local Settings\Dell
2013-03-30 08:36 - 2013-03-30 08:37 - 00000000 ____D C:\Users\LMG\Local Settings\Application Data\Dell
2013-03-30 08:36 - 2013-03-30 08:37 - 00000000 ____D C:\Users\LMG\AppData\Local\Dell
2013-03-30 08:36 - 2013-03-30 08:36 - 00000000 ____D C:\Users\LMG\My Documents\Bluetooth Folder
2013-03-30 08:36 - 2013-03-30 08:36 - 00000000 ____D C:\Users\LMG\Local Settings\VirtualStore
2013-03-30 08:36 - 2013-03-30 08:36 - 00000000 ____D C:\Users\LMG\Local Settings\BMExplorer
2013-03-30 08:36 - 2013-03-30 08:36 - 00000000 ____D C:\Users\LMG\Local Settings\Application Data\VirtualStore
2013-03-30 08:36 - 2013-03-30 08:36 - 00000000 ____D C:\Users\LMG\Local Settings\Application Data\BMExplorer
2013-03-30 08:36 - 2013-03-30 08:36 - 00000000 ____D C:\Users\LMG\Documents\Bluetooth Folder
2013-03-30 08:36 - 2013-03-30 08:36 - 00000000 ____D C:\Users\LMG\Application Data\Leadertech
2013-03-30 08:36 - 2013-03-30 08:36 - 00000000 ____D C:\Users\LMG\Application Data\Intel Corporation
2013-03-30 08:36 - 2013-03-30 08:36 - 00000000 ____D C:\Users\LMG\AppData\Roaming\Leadertech
2013-03-30 08:36 - 2013-03-30 08:36 - 00000000 ____D C:\Users\LMG\AppData\Roaming\Intel Corporation
2013-03-30 08:36 - 2013-03-30 08:36 - 00000000 ____D C:\Users\LMG\AppData\Local\VirtualStore
2013-03-30 08:36 - 2013-03-30 08:36 - 00000000 ____D C:\Users\LMG\AppData\Local\BMExplorer
2013-03-30 08:32 - 2013-03-30 09:47 - 00058016 ____A C:\Users\LMG\Local Settings\GDIPFONTCACHEV1.DAT
2013-03-30 08:32 - 2013-03-30 09:47 - 00058016 ____A C:\Users\LMG\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-03-30 08:32 - 2013-03-30 09:47 - 00058016 ____A C:\Users\LMG\AppData\Local\GDIPFONTCACHEV1.DAT
2013-03-30 08:32 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2013-03-30 08:32 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2013-03-30 08:32 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2013-03-30 08:32 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2013-03-30 08:32 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2013-03-30 08:31 - 2013-03-30 08:36 - 00000000 ____D C:\users\LMG
2013-03-30 08:31 - 2013-03-30 08:31 - 00000020 ___SH C:\Users\LMG\ntuser.ini
2013-03-30 08:31 - 2013-03-30 08:31 - 00000000 ____D C:\Users\LMG\Local Settings\SoftThinks
2013-03-30 08:31 - 2013-03-30 08:31 - 00000000 ____D C:\Users\LMG\Local Settings\Application Data\SoftThinks
2013-03-30 08:31 - 2013-03-30 08:31 - 00000000 ____D C:\Users\LMG\AppData\Local\SoftThinks
2013-03-30 08:31 - 2012-06-18 18:29 - 00000000 ____D C:\Users\LMG\Application Data\Macromedia
2013-03-30 08:31 - 2012-06-18 18:29 - 00000000 ____D C:\Users\LMG\AppData\Roaming\Macromedia
2013-03-30 08:31 - 2012-06-02 14:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2013-03-30 08:31 - 2012-06-02 14:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2013-03-30 08:14 - 2013-03-30 08:34 - 00000000 ____D C:\Windows\SMINST

==================== One Month Modified Files and Folders =======

2013-03-30 22:58 - 2013-03-30 22:58 - 00000000 ____D C:\FRST
2013-03-30 20:20 - 2012-06-18 18:18 - 01838709 ____A C:\Windows\WindowsUpdate.log
2013-03-30 20:18 - 2012-06-18 18:23 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-03-30 20:17 - 2009-07-13 20:51 - 00045325 ____A C:\Windows\setupact.log
2013-03-30 20:14 - 2009-07-13 21:13 - 00778834 ____A C:\Windows\System32\PerfStringBackup.INI
2013-03-30 20:08 - 2013-03-30 20:06 - 00000000 ____D C:\Program Files\Dell Support Center
2013-03-30 20:07 - 2013-03-30 20:03 - 00000000 ____D C:\ProgramData\PCDr
2013-03-30 20:06 - 2013-03-30 20:04 - 00000000 ____D C:\Users\LMG\Application Data\PCDr
2013-03-30 20:06 - 2013-03-30 20:04 - 00000000 ____D C:\Users\LMG\AppData\Roaming\PCDr
2013-03-30 13:03 - 2009-07-13 20:45 - 00020928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-03-30 13:03 - 2009-07-13 20:45 - 00020928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-03-30 13:01 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-03-30 11:14 - 2013-03-30 11:14 - 00001126 ____A C:\Users\LMG\Desktop\RKreport[1]_S_03302013_02d1135.zip
2013-03-30 11:13 - 2013-03-30 11:13 - 00001796 ____A C:\Users\LMG\Desktop\attach.zip
2013-03-30 11:12 - 2013-03-30 10:47 - 00020262 ____A C:\Users\LMG\Desktop\dds.txt
2013-03-30 11:12 - 2013-03-30 10:47 - 00004997 ____A C:\Users\LMG\Desktop\attach.txt
2013-03-30 10:53 - 2013-03-30 10:53 - 00020246 ____A C:\Users\LMG\Desktop\DDSnote.txt
2013-03-30 10:49 - 2013-03-30 10:49 - 00020246 ____A C:\Users\LMG\My Documents\DDS.txt
2013-03-30 10:49 - 2013-03-30 10:49 - 00020246 ____A C:\Users\LMG\Documents\DDS.txt
2013-03-30 10:44 - 2013-03-30 10:44 - 00688992 ____R (Swearware) C:\Users\LMG\Desktop\dds.com
2013-03-30 10:35 - 2013-03-30 10:35 - 00001810 ____A C:\Users\LMG\Desktop\RKreport[1]_S_03302013_02d1135.txt
2013-03-30 10:35 - 2013-03-30 10:34 - 00000000 ____D C:\Users\LMG\Desktop\RK_Quarantine
2013-03-30 10:28 - 2013-03-30 08:45 - 00000000 ____D C:\Users\LMG\Local Settings\CrashDumps
2013-03-30 10:28 - 2013-03-30 08:45 - 00000000 ____D C:\Users\LMG\Local Settings\Application Data\CrashDumps
2013-03-30 10:28 - 2013-03-30 08:45 - 00000000 ____D C:\Users\LMG\AppData\Local\CrashDumps
2013-03-30 10:28 - 2012-06-18 18:48 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-03-30 10:27 - 2010-11-20 19:47 - 00011916 ____A C:\Windows\PFRO.log
2013-03-30 10:27 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-03-30 10:20 - 2013-03-30 10:20 - 00000000 ____D C:\Users\LMG\My Documents\Symantec
2013-03-30 10:20 - 2013-03-30 10:20 - 00000000 ____D C:\Users\LMG\Documents\Symantec
2013-03-30 10:20 - 2013-03-30 10:17 - 00000000 ____D C:\ProgramData\Norton
2013-03-30 10:19 - 2013-03-30 10:19 - 00177312 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2013-03-30 10:19 - 2013-03-30 10:19 - 00007466 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
2013-03-30 10:19 - 2013-03-30 10:19 - 00002397 ____A C:\Users\Public\Desktop\Norton 360.lnk
2013-03-30 10:19 - 2013-03-30 10:19 - 00000000 ____D C:\Windows\System32\Drivers\N360x64
2013-03-30 10:19 - 2013-03-30 10:19 - 00000000 ____D C:\Program Files\Symantec
2013-03-30 10:19 - 2013-03-30 10:19 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-03-30 10:19 - 2013-03-30 10:19 - 00000000 ____D C:\Program Files (x86)\Norton 360
2013-03-30 10:17 - 2013-03-30 10:17 - 00001262 ____A C:\Users\LMG\Desktop\Norton Installation Files.lnk
2013-03-30 10:17 - 2013-03-30 10:17 - 00000000 ____D C:\Users\Public\Downloads\Norton
2013-03-30 10:15 - 2012-06-18 18:45 - 00000000 ____D C:\ProgramData\McAfee
2013-03-30 10:10 - 2013-03-30 10:10 - 01019328 ____A (Symantec Corporation) C:\Users\LMG\Downloads\N360Downloader.exe
2013-03-30 10:05 - 2013-03-30 10:05 - 00000000 ____D C:\Users\LMG\Application Data\Adobe
2013-03-30 10:05 - 2013-03-30 10:05 - 00000000 ____D C:\Users\LMG\AppData\Roaming\Adobe
2013-03-30 10:02 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-03-30 10:02 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-03-30 10:02 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\zh-HK
2013-03-30 10:02 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\tr-TR
2013-03-30 10:02 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-03-30 09:56 - 2013-03-30 09:53 - 00007147 ____A C:\Windows\IE10_main.log
2013-03-30 09:54 - 2013-03-30 09:54 - 19221504 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 15407616 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 14317568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 13761024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-03-30 09:54 - 2013-03-30 09:54 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-03-30 09:54 - 2013-03-30 09:54 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 02240512 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 02046464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 01766912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-03-30 09:54 - 2013-03-30 09:54 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-03-30 09:54 - 2013-03-30 09:54 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-03-30 09:54 - 2013-03-30 09:54 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-03-30 09:54 - 2013-03-30 09:54 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 01129984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-03-30 09:54 - 2013-03-30 09:54 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00526848 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-03-30 09:54 - 2013-03-30 09:54 - 00391680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-03-30 09:54 - 2013-03-30 09:54 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-03-30 09:54 - 2013-03-30 09:54 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-03-30 09:54 - 2013-03-30 09:54 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-03-30 09:54 - 2013-03-30 09:54 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-03-30 09:54 - 2013-03-30 09:54 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-03-30 09:54 - 2013-03-30 09:54 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-03-30 09:54 - 2013-03-30 09:54 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-03-30 09:54 - 2013-03-30 09:54 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-03-30 09:54 - 2013-03-30 09:54 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-03-30 09:54 - 2013-03-30 09:54 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-03-30 09:54 - 2013-03-30 09:54 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-03-30 09:54 - 2013-03-30 09:54 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-03-30 09:54 - 2013-03-30 09:54 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-03-30 09:54 - 2013-03-30 09:54 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00039936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-03-30 09:54 - 2013-03-30 09:54 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-03-30 09:54 - 2013-03-30 09:54 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-03-30 09:54 - 2013-03-30 09:54 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-03-30 09:54 - 2013-03-30 09:54 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-03-30 09:53 - 2013-03-30 10:32 - 00609993 ____A C:\Users\LMG\Desktop\AdwCleaner.exe
2013-03-30 09:47 - 2013-03-30 08:32 - 00058016 ____A C:\Users\LMG\Local Settings\GDIPFONTCACHEV1.DAT
2013-03-30 09:47 - 2013-03-30 08:32 - 00058016 ____A C:\Users\LMG\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-03-30 09:47 - 2013-03-30 08:32 - 00058016 ____A C:\Users\LMG\AppData\Local\GDIPFONTCACHEV1.DAT
2013-03-30 09:45 - 2009-07-13 20:45 - 00275712 ____A C:\Windows\System32\FNTCACHE.DAT
2013-03-30 09:44 - 2013-03-30 10:23 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\LMG\Desktop\funlittleprogram.exe
2013-03-30 09:44 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\System
2013-03-30 09:43 - 2012-06-18 21:10 - 00000000 ____D C:\Program Files\Windows Journal
2013-03-30 09:33 - 2012-06-08 00:48 - 00773050 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-03-30 08:44 - 2012-06-18 18:35 - 00000000 ____D C:\Program Files (x86)\Dell
2013-03-30 08:44 - 2012-06-18 18:27 - 00000000 ____D C:\ProgramData\Dell
2013-03-30 08:42 - 2012-06-18 22:02 - 00000000 ____D C:\Dell
2013-03-30 08:41 - 2013-03-30 08:36 - 00000000 ____D C:\Users\LMG\Application Data\Creative
2013-03-30 08:41 - 2013-03-30 08:36 - 00000000 ____D C:\Users\LMG\AppData\Roaming\Creative
2013-03-30 08:38 - 2012-06-18 18:48 - 00015652 ____A C:\Windows\RPSETUP.EXE.LOG
2013-03-30 08:37 - 2013-03-30 08:37 - 00000000 ____D C:\Users\LMG\Application Data\Dell
2013-03-30 08:37 - 2013-03-30 08:37 - 00000000 ____D C:\Users\LMG\AppData\Roaming\Dell
2013-03-30 08:37 - 2013-03-30 08:36 - 00000000 ____D C:\Users\LMG\Local Settings\Dell
2013-03-30 08:37 - 2013-03-30 08:36 - 00000000 ____D C:\Users\LMG\Local Settings\Application Data\Dell
2013-03-30 08:37 - 2013-03-30 08:36 - 00000000 ____D C:\Users\LMG\AppData\Local\Dell
2013-03-30 08:36 - 2013-03-30 08:36 - 00000000 ____D C:\Users\LMG\My Documents\Bluetooth Folder
2013-03-30 08:36 - 2013-03-30 08:36 - 00000000 ____D C:\Users\LMG\Local Settings\VirtualStore
2013-03-30 08:36 - 2013-03-30 08:36 - 00000000 ____D C:\Users\LMG\Local Settings\BMExplorer
2013-03-30 08:36 - 2013-03-30 08:36 - 00000000 ____D C:\Users\LMG\Local Settings\Application Data\VirtualStore
2013-03-30 08:36 - 2013-03-30 08:36 - 00000000 ____D C:\Users\LMG\Local Settings\Application Data\BMExplorer
2013-03-30 08:36 - 2013-03-30 08:36 - 00000000 ____D C:\Users\LMG\Documents\Bluetooth Folder
2013-03-30 08:36 - 2013-03-30 08:36 - 00000000 ____D C:\Users\LMG\Application Data\Leadertech
2013-03-30 08:36 - 2013-03-30 08:36 - 00000000 ____D C:\Users\LMG\Application Data\Intel Corporation
2013-03-30 08:36 - 2013-03-30 08:36 - 00000000 ____D C:\Users\LMG\AppData\Roaming\Leadertech
2013-03-30 08:36 - 2013-03-30 08:36 - 00000000 ____D C:\Users\LMG\AppData\Roaming\Intel Corporation
2013-03-30 08:36 - 2013-03-30 08:36 - 00000000 ____D C:\Users\LMG\AppData\Local\VirtualStore
2013-03-30 08:36 - 2013-03-30 08:36 - 00000000 ____D C:\Users\LMG\AppData\Local\BMExplorer
2013-03-30 08:36 - 2013-03-30 08:31 - 00000000 ____D C:\users\LMG
2013-03-30 08:36 - 2012-06-18 18:59 - 00000000 ____D C:\ProgramData\Atheros
2013-03-30 08:36 - 2012-06-08 02:59 - 00000000 ___AD C:\Windows\WisTools
2013-03-30 08:34 - 2013-03-30 08:14 - 00000000 ____D C:\Windows\SMINST
2013-03-30 08:31 - 2013-03-30 08:31 - 00000020 ___SH C:\Users\LMG\ntuser.ini
2013-03-30 08:31 - 2013-03-30 08:31 - 00000000 ____D C:\Users\LMG\Local Settings\SoftThinks
2013-03-30 08:31 - 2013-03-30 08:31 - 00000000 ____D C:\Users\LMG\Local Settings\Application Data\SoftThinks
2013-03-30 08:31 - 2013-03-30 08:31 - 00000000 ____D C:\Users\LMG\AppData\Local\SoftThinks
2013-03-30 08:31 - 2012-06-18 18:59 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2013-03-24 12:49 - 2013-03-30 10:32 - 00377856 ____A C:\Users\LMG\Desktop\630o4wzk.exe
2013-03-24 12:48 - 2013-03-30 10:33 - 04745728 ____A (AVAST Software) C:\Users\LMG\Desktop\aswMBR.exe
2013-03-22 20:21 - 2013-03-30 10:33 - 00688992 ____A (Swearware) C:\Users\LMG\Desktop\dds.scr
2013-03-22 20:17 - 2013-03-30 10:34 - 00890798 ____A C:\Users\LMG\Desktop\SecurityCheck.exe
2013-03-22 20:15 - 2013-03-30 10:33 - 00050477 ____A C:\Users\LMG\Desktop\Defogger.exe
2013-03-21 21:16 - 2013-03-30 10:34 - 00816128 ____A C:\Users\LMG\Desktop\RogueKiller.exe
2013-03-04 13:53 - 2013-03-30 09:34 - 72013344 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================


==================== Memory info ===========================

Percentage of memory in use: 16%
Total physical RAM: 6052.27 MB
Available physical RAM: 5064.8 MB
Total Pagefile: 6050.47 MB
Available Pagefile: 5060.11 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:97.65 GB) (Free:70.31 GB) NTFS
3 Drive e: (Recovery) (Fixed) (Total:19.53 GB) (Free:11.65 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: (ALCHEMY) (Fixed) (Total:812.33 GB) (Free:812.22 GB) NTFS
5 Drive g: () (Removable) (Total:3.72 GB) (Free:3.72 GB) FAT32
6 Drive h: () (Removable) (Total:7.46 GB) (Free:5.6 GB) FAT32
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          931 GB      0 B        
  Disk 1    Online         3819 MB  1920 KB        *
  Disk 2    Online         7644 MB      0 B        

Partitions of Disk 0:
===============

Disk ID: 37BEBF00

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    OEM               2047 MB    31 KB
  Partition 2    Primary             19 GB  2047 MB
  Partition 3    Primary             97 GB    21 GB
  Partition 4    Primary            812 GB   119 GB

==================================================================================

Disk: 0
Partition 1
Type  : DE
Hidden: Yes
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 6                      NTFS   Partition   2047 MB  Healthy    Hidden 

=========================================================

Disk: 0
Partition 2
Type  : 07
Hidden: No
Active: Yes

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     E   Recovery     NTFS   Partition     19 GB  Healthy           

=========================================================

Disk: 0
Partition 3
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     C   OS           NTFS   Partition     97 GB  Healthy           

=========================================================

Disk: 0
Partition 4
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3     F   ALCHEMY      NTFS   Partition    812 GB  Healthy           

=========================================================

Partitions of Disk 1:
===============

Disk ID: {7BA219A1-DE85-4E9C-AB07-B4390638A79B}

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary           3817 MB    64 KB

==================================================================================

Disk: 1
Partition 1
Type    : ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Hidden  : No
Required: No
Attrib  : 0X8000000000000000

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 4     G                FAT32  Removable   3817 MB  Healthy           

=========================================================

Partitions of Disk 2:
===============

Disk ID: 00000000

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary           7640 MB  4096 KB

==================================================================================

Disk: 2
Partition 1
Type  : 0B
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 5     H                FAT32  Removable   7640 MB  Healthy           

=========================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: 37BEBF00

Partition 1:
=========
Hex: 00010100DEFE7F043F00000086FA3F00
Active: NO
Type: DE
Size: 2 GB

Partition 2:
=========
Hex: 8000410507FEFFFFC5FA3F00B5D77002
Active: YES
Type: 07 (NTFS)
Size: 20 GB

Partition 3:
=========
Hex: 00FEFFFF07FEFFFF7AD2B002CCF2340C
Active: NO
Type: 07 (NTFS)
Size: 98 GB

Partition 4:
=========
Hex: 00FEFFFF07FEFFFF46C5E50E7B948A65
Active: NO
Type: 07 (NTFS)
Size: 812 GB

==============================
Partitions of Disk 1:
===============
Disk ID: 00000000

Partition 1:
=========
Hex: 00000200EEFFFFFF01000000FFFFFFFF
Active: NO
Type: EE
Size: -512 byte

==============================
Partitions of Disk 2:
===============
Disk ID: 00000000

Partition 1:
=========
Hex: 008203000B78EACE0020000000C0EE00
Active: NO
Type: 0B
Size: 7 GB


Last Boot: 2013-03-30 11:58

==================== End Of Log =============================



#5 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:45 AM

Posted 31 March 2013 - 12:15 PM

Please do this next:

 

icon11.gif  Go to this page and download Malwarebytes Anti-Rootkit (MBAR)

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • MBAR will create logs that you will find in the same folder you found MBAR.exe.  Please post those for me to review.


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#6 desertized

desertized
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 31 March 2013 - 01:39 PM

The program found nothing to clean up.  Here is the log...

 

Malwarebytes Anti-Rootkit BETA 1.01.0.1022

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16521

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 2.394000 GHz
Memory total: 6346268672, free: 4108083200

------------ Kernel report ------------
     03/31/2013 10:27:13
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\N360x64\1403000.024\SYMDS64.SYS
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\N360x64\1403000.024\SYMEFA64.SYS
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\drivers\N360x64\1403000.024\ccSetx64.sys
\SystemRoot\system32\drivers\N360x64\1403000.024\Ironx64.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\drivers\N360x64\1403000.024\SYMNETS.SYS
\??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS
\SystemRoot\system32\drivers\N360x64\1403000.024\SRTSPX64.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\IPSDefs\20130329.001\IDSvia64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\BASHDefs\20130322.001\BHDrvx64.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\Apfiltr.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\btath_bus.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\system32\DRIVERS\portcls.sys
\SystemRoot\system32\DRIVERS\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\btfilter.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\RtsUStor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\btath_rcp.sys
\SystemRoot\system32\drivers\btath_a2dp.sys
\SystemRoot\system32\DRIVERS\btath_hcrp.sys
\SystemRoot\system32\DRIVERS\btath_flt.sys
\SystemRoot\system32\DRIVERS\btath_lwflt.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\drivers\N360x64\1403000.024\SRTSP64.SYS
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20130330.009\EX64.SYS
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20130330.009\ENG64.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\??\C:\windows\system32\drivers\mbamchameleon.sys
\??\C:\windows\system32\drivers\mbamswissarmy.sys
\WINDOWS\System32\ntdll.dll
\WINDOWS\System32\smss.exe
\WINDOWS\System32\apisetschema.dll
\WINDOWS\System32\autochk.exe
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa8009149060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000082\
Lower Device Object: 0xfffffa8008fbbaa0
Lower Device Driver Name: \Driver\RSUSBSTOR\
Driver name found: RSUSBSTOR
Load Function returned 0xc0000001
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa800595f060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000079\
Lower Device Object: 0xfffffa800595b550
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8007843060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8005984050
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
Initialization returned 0x0
Load Function returned 0x0
Downloaded database version: v2013.03.31.04
Downloaded database version: v2013.03.25.01
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 3
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007843060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007843b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007843060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800596e2e0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8005984050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a014319250, 0xfffffa8007843060, 0xfffffa80078ed790
Lower DeviceData: 0xfffff8a0143e4a80, 0xfffffa8005984050, 0xfffffa800a977090
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 3
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 37BEBF00

Partition information:

    Partition 0 type is Other (0xde)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 4192902

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 4192965  Numsec = 40949685
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 45142650  Numsec = 204796620

    Partition 3 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 249939270  Numsec = 1703580795

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-1953505168-1953525168)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa800595f060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800595fb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800595f060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800595b550, DeviceName: \Device\00000079\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a00f9b5530, 0xfffffa800595f060, 0xfffffa80078be090
Lower DeviceData: 0xfffff8a013909cf0, 0xfffffa800595b550, 0xfffffa8005632090
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 0

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 340852965
    GPT Header CurrentLba = 1 BackupLba 7821311
    GPT Header FirstUsableLba 34  LastUsableLba 7821278
    GPT Header Guid 7ba219a1-de85-4e9c-ab7-b439638a79b
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 340852965
    Backup GPT header CurrentLba = 7821311 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 7821278
    Backup GPT header Guid 7ba219a1-de85-4e9c-ab7-b439638a79b
    Backup GPT header Contains 128 partition entries starting at LBA 7821279
    Backup GPT header Partition entry size = 128

    Partition 0 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 9bc0303b-a95a-46f5-9caa-3af7135e497f
    FirstLBA 128  Last LBA 7817343
    Attributes 0
    Partition Name                 Basic data partition

Disk Size: 4004511744 bytes
Sector size: 512 bytes

Physical Sector Size: 512
Drive: 2, DevicePointer: 0xfffffa8009149060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8009149b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8009149060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8008fbbaa0, DeviceName: \Device\00000082\, DriverName: \Driver\RSUSBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 0

Partition information:

    Partition 0 type is Other (0xb)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 8192  Numsec = 15646720

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 8015314944 bytes
Sector size: 512 bytes

Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================



#7 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:45 AM

Posted 31 March 2013 - 04:27 PM

Run this for me, please:

 

 

icon11.gif  Go to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  •  

    Threads are closed after 5 days of inactivity.

    ASAP & UNITE Member


    The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


    #8 desertized

    desertized
    • Topic Starter

    • Members
    • 20 posts
    • OFFLINE
    •  
    • Local time:01:45 AM

    Posted 31 March 2013 - 05:41 PM

    Two threats found.  I exported the info to a text file.  Here is the info...

     

    C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application

     



    #9 RPMcMurphy

    RPMcMurphy

      Bleeping *^#@%~


    • Malware Response Team
    • 3,970 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:04:45 AM

    Posted 01 April 2013 - 03:07 PM

    Those ESET detections are false positives that get flagged because of their hidden start properties.  In this case they are legitimate files related to your Dell DataSafe.

     

    I have mixed news for you.  I see no signs of malware in any of your logs.  Additionally, if you used Darik's Boot and Nuke, that would have removed any malware from your machine, (including TDSS and MBR infections). 

     

    While this is good news, I realize that it doesn't solve your issues with that drive.  I'd recommend that you look for help in our hardware forums that you can find HERE, or possible check with Seagate's support.


    Threads are closed after 5 days of inactivity.

    ASAP & UNITE Member


    The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


    #10 RPMcMurphy

    RPMcMurphy

      Bleeping *^#@%~


    • Malware Response Team
    • 3,970 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:04:45 AM

    Posted 10 April 2013 - 12:43 PM

    It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

    Threads are closed after 5 days of inactivity.

    ASAP & UNITE Member


    The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif





    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users