Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Gmer log.. ZW and SSDT Rootkit Detected


  • Please log in to reply
31 replies to this topic

#1 kcp

kcp

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:41 AM

Posted 10 August 2014 - 04:00 PM

Hello, I hope someone can help me.  I have been having issues with slow page loading, random freezes of computer.  I scanned with Avast and it says I am secure...I scanned with Gmer and this is the log... I don't know how to remove it using GMER can someone help please....

 

 

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-08-09 01:20:13
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK3018GAP rev.M2.01_A 27.95GB
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\agxdapob.sys
 
 
---- System - GMER 2.1 ----
 
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                       ZwAddBootEntry [0xA8535BA6]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                       ZwAssignProcessToJobObject [0xA8536684]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                       ZwClose [0xA857AD80]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                       ZwCreateEvent [0xA85426F8]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                       ZwCreateEventPair [0xA8542744]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                       ZwCreateIoCompletion [0xA85428DE]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                       ZwCreateKey [0xA857A734]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                       ZwCreateMutant [0xA8542666]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                       ZwCreateSection [0xA8542788]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                       ZwCreateSemaphore [0xA85426AE]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                       ZwCreateThread [0xA8536BBA]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                       ZwCreateTimer [0xA8542898]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                       ZwDebugActiveProcess [0xA8537472]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                       ZwDeleteBootEntry [0xA8535C0C]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                       ZwDeleteKey [0xA857B446]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                       ZwDeleteValueKey [0xA857B6FC]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                       ZwDuplicateObject [0xA853AC68]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                       ZwEnumerateKey [0xA857B2B1]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                       ZwEnumerateValueKey [0xA857B11C]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                       ZwLoadDriver [0xA85357F8]
SSDT   \SystemRoot\system32\drivers\aswSP.sys                                                                        ZwMapViewOfSection [0xA87ABED0]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                       ZwModifyBootEntry [0xA8535C72]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                       ZwNotifyChangeKey [0xA853B05E]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                       ZwNotifyChangeMultipleKeys [0xA8537F5A]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                       ZwOpenEvent [0xA8542722]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                       ZwOpenEventPair [0xA8542766]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                       ZwOpenIoCompletion [0xA8542902]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                       ZwOpenKey [0xA857AA90]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                       ZwOpenMutant [0xA854268C]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                       ZwOpenProcess [0xA853A560]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                       ZwOpenSection [0xA8542816]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                       ZwOpenSemaphore [0xA85426D6]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                       ZwOpenThread [0xA853A94C]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                       ZwOpenTimer [0xA85428BC]
SSDT   \SystemRoot\system32\drivers\aswSP.sys                                                                        ZwProtectVirtualMemory [0xA87ABC6E]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                       ZwQueryKey [0xA857AF97]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                       ZwQueryObject [0xA8537DCE]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                       ZwQueryValueKey [0xA857ADE9]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                       ZwQueueApcThread [0xA8537924]
SSDT   \SystemRoot\system32\drivers\aswSP.sys                                                                        ZwRenameKey [0xA87B9E1A]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                       ZwRestoreKey [0xA8579D77]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                       ZwSetBootEntryOrder [0xA8535CD8]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                       ZwSetBootOptions [0xA8535D3E]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                       ZwSetContextThread [0xA85372EC]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                       ZwSetSystemInformation [0xA8535892]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                       ZwSetSystemPowerState [0xA8535A64]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                       ZwSetValueKey [0xA857B54D]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                       ZwShutdownSystem [0xA85359F2]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                       ZwSuspendProcess [0xA853763C]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                       ZwSuspendThread [0xA853779E]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                       ZwSystemDebugControl [0xA8535AEC]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                       ZwTerminateProcess [0xA853712A]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                       ZwTerminateThread [0xA85372CC]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                       ZwVdmControl [0xA8535DA4]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                       ZwWriteVirtualMemory [0xA85366E0]
 
---- Kernel code sections - GMER 2.1 ----
 
.text  ntoskrnl.exe!_abnormal_termination + F0                                                                       804E274C 2 Bytes  [34, A7] {XOR AL, 0xa7}
.text  ntoskrnl.exe!_abnormal_termination + F3                                                                       804E274F 1 Byte  [A8]
.text  ntoskrnl.exe!_abnormal_termination + 168                                                                      804E27C4 2 Bytes  [B1, B2] {MOV CL, 0xb2}
.text  ntoskrnl.exe!_abnormal_termination + 16B                                                                      804E27C7 1 Byte  [A8]
.text  ntoskrnl.exe!_abnormal_termination + 2CC                                                                      804E2928 2 Bytes  [97, AF] {XCHG EDI, EAX; SCASD }
.text  ...                                                                                                           
PAGE   ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC                                                                   8056B712 4 Bytes  CALL A853862B \SystemRoot\system32\drivers\aswSnx.sys
LCODE  C:\WINDOWS\system32\DRIVERS\pcx500.sys                                                                        entry point in "LCODE" section [0xBABF57A8]
 
---- User code sections - GMER 2.1 ----
 
.text  C:\Program Files\Google\Update\GoogleUpdate.exe[448] ntdll.dll!RtlDosSearchPath_U + 1D1                       7C9171AA 1 Byte  [62]
.text  C:\Program Files\Google\Update\GoogleUpdate.exe[448] kernel32.dll!GetBinaryTypeW + 80                         7C868C2C 1 Byte  [62]
.text  C:\Program Files\AVAST Software\Avast\AvastUI.exe[516] ntdll.dll!RtlDosSearchPath_U + 1D1                     7C9171AA 1 Byte  [62]
.text  C:\Program Files\AVAST Software\Avast\AvastUI.exe[516] kernel32.dll!SetUnhandledExceptionFilter               7C8449FD 8 Bytes  [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
.text  C:\Program Files\AVAST Software\Avast\AvastUI.exe[516] kernel32.dll!GetBinaryTypeW + 80                       7C868C2C 1 Byte  [62]
.text  C:\WINDOWS\System32\smss.exe[644] ntdll.dll!RtlDosSearchPath_U + 1D1                                          7C9171AA 1 Byte  [62]
.text  C:\WINDOWS\system32\svchost.exe[728] ntdll.dll!RtlDosSearchPath_U + 1D1                                       7C9171AA 1 Byte  [62]
.text  C:\WINDOWS\system32\svchost.exe[728] kernel32.dll!GetBinaryTypeW + 80                                         7C868C2C 1 Byte  [62]
.text  C:\WINDOWS\system32\csrss.exe[764] ntdll.dll!RtlDosSearchPath_U + 1D1                                         7C9171AA 1 Byte  [62]
.text  C:\WINDOWS\system32\csrss.exe[764] KERNEL32.dll!GetBinaryTypeW + 80                                           7C868C2C 1 Byte  [62]
.text  C:\WINDOWS\system32\winlogon.exe[792] ntdll.dll!RtlDosSearchPath_U + 1D1                                      7C9171AA 1 Byte  [62]
.text  C:\WINDOWS\system32\winlogon.exe[792] kernel32.dll!GetBinaryTypeW + 80                                        7C868C2C 1 Byte  [62]
.text  C:\WINDOWS\system32\services.exe[836] ntdll.dll!RtlDosSearchPath_U + 1D1                                      7C9171AA 1 Byte  [62]
.text  C:\WINDOWS\system32\services.exe[836] kernel32.dll!GetBinaryTypeW + 80                                        7C868C2C 1 Byte  [62]
.text  C:\WINDOWS\system32\lsass.exe[848] ntdll.dll!RtlDosSearchPath_U + 1D1                                         7C9171AA 1 Byte  [62]
.text  C:\WINDOWS\system32\lsass.exe[848] kernel32.dll!GetBinaryTypeW + 80                                           7C868C2C 1 Byte  [62]
.text  C:\WINDOWS\system32\Ati2evxx.exe[1036] ntdll.dll!RtlDosSearchPath_U + 1D1                                     7C9171AA 1 Byte  [62]
.text  C:\WINDOWS\system32\Ati2evxx.exe[1036] kernel32.dll!GetBinaryTypeW + 80                                       7C868C2C 1 Byte  [62]
.text  C:\WINDOWS\system32\svchost.exe[1068] ntdll.dll!RtlDosSearchPath_U + 1D1                                      7C9171AA 1 Byte  [62]
.text  C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!GetBinaryTypeW + 80                                        7C868C2C 1 Byte  [62]
.text  C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!RtlDosSearchPath_U + 1D1                                      7C9171AA 1 Byte  [62]
.text  C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!GetBinaryTypeW + 80                                        7C868C2C 1 Byte  [62]
.text  C:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!RtlDosSearchPath_U + 1D1                                      7C9171AA 1 Byte  [62]
.text  C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!GetBinaryTypeW + 80                                        7C868C2C 1 Byte  [62]
.text  C:\WINDOWS\System32\alg.exe[1344] ntdll.dll!RtlDosSearchPath_U + 1D1                                          7C9171AA 1 Byte  [62]
.text  C:\WINDOWS\System32\alg.exe[1344] kernel32.dll!GetBinaryTypeW + 80                                            7C868C2C 1 Byte  [62]
.text  C:\WINDOWS\system32\svchost.exe[1452] ntdll.dll!RtlDosSearchPath_U + 1D1                                      7C9171AA 1 Byte  [62]
.text  C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!GetBinaryTypeW + 80                                        7C868C2C 1 Byte  [62]
.text  C:\WINDOWS\system32\svchost.exe[1532] ntdll.dll!RtlDosSearchPath_U + 1D1                                      7C9171AA 1 Byte  [62]
.text  C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!GetBinaryTypeW + 80                                        7C868C2C 1 Byte  [62]
.text  C:\WINDOWS\Explorer.EXE[1568] ntdll.dll!RtlDosSearchPath_U + 1D1                                              7C9171AA 1 Byte  [62]
.text  C:\WINDOWS\Explorer.EXE[1568] kernel32.dll!GetBinaryTypeW + 80                                                7C868C2C 1 Byte  [62]
.text  C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1712] ntdll.dll!RtlDosSearchPath_U + 1D1                   7C9171AA 1 Byte  [62]
.text  C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1712] kernel32.dll!SetUnhandledExceptionFilter             7C8449FD 8 Bytes  [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
.text  C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1712] kernel32.dll!GetBinaryTypeW + 80                     7C868C2C 1 Byte  [62]
.text  C:\WINDOWS\system32\spoolsv.exe[2028] ntdll.dll!RtlDosSearchPath_U + 1D1                                      7C9171AA 1 Byte  [62]
.text  C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!GetBinaryTypeW + 80                                        7C868C2C 1 Byte  [62]
.text  C:\WINDOWS\system32\wbem\unsecapp.exe[2392] ntdll.dll!RtlDosSearchPath_U + 1D1                                7C9171AA 1 Byte  [62]
.text  C:\WINDOWS\system32\wbem\unsecapp.exe[2392] kernel32.dll!GetBinaryTypeW + 80                                  7C868C2C 1 Byte  [62]
.text  C:\WINDOWS\system32\wbem\wmiprvse.exe[2488] ntdll.dll!RtlDosSearchPath_U + 1D1                                7C9171AA 1 Byte  [62]
.text  C:\WINDOWS\system32\wbem\wmiprvse.exe[2488] kernel32.dll!GetBinaryTypeW + 80                                  7C868C2C 1 Byte  [62]
.text  C:\Documents and Settings\Administrator\Desktop\gmer.exe[3360] ntdll.dll!RtlDosSearchPath_U + 1D1             7C9171AA 1 Byte  [62]
.text  C:\Documents and Settings\Administrator\Desktop\gmer.exe[3360] kernel32.dll!GetBinaryTypeW + 80               7C868C2C 1 Byte  [62]
.text  C:\WINDOWS\system32\taskmgr.exe[4060] ntdll.dll!RtlDosSearchPath_U + 1D1                                      7C9171AA 1 Byte  [62]
.text  C:\WINDOWS\system32\taskmgr.exe[4060] kernel32.dll!GetBinaryTypeW + 80                                        7C868C2C 1 Byte  [62]
 
---- User IAT/EAT - GMER 2.1 ----
 
IAT    C:\WINDOWS\system32\services.exe[836] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW]  00380002
IAT    C:\WINDOWS\system32\services.exe[836] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW]        00380000
 
---- Registry - GMER 2.1 ----
 
Reg    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout                            15
Reg    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota                               10000
Reg    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler                                             yes
Reg    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk                                            
Reg    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout                            90
Reg    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota                              10000
 
---- EOF - GMER 2.1 ----
 


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:41 AM

Posted 15 August 2014 - 04:05 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/543970 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 kcp

kcp
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:41 AM

Posted 17 August 2014 - 12:58 AM

Thank You for the response I have downloaded DDS and will post the log in a few minutes,



#4 kcp

kcp
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:41 AM

Posted 17 August 2014 - 04:32 AM

could not get dds to run...i gave xp sp3 with 1.5 gigs of ram and p4 chip



#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:41 AM

Posted 17 August 2014 - 08:34 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.
 
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===
 
If you have a CD Emulator Software (Daemon Tools, Alcohol etc) installed, the drivers this software uses can interfere with the Anti-Rootkit tools we use. These interferences can take a few forms, like GMER crashing or causing BSODs, or Rootkit scans produces large amounts of FPs and general dross. This 'dross' often makes it hard to differentiate between genuine malicious Rootkits, and the legitimate drivers used by CM Emulators.
 
Disable the CD emulators....
 
Please download DeFogger to your desktop.
 
Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.
 
Do not re-enable these drivers until otherwise instructed. Or when this computer is clean.
 
HOW TO: Enable the CD Emulators...  < restore only when we are finished.
 
To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.
 
Your Emulation drivers are now re-enabled.[/list]
===
 
Read carefully and follow these steps.
TDSS
  •  
  • Doubleclick on TDSSKiller.exe to run the application.
  • Then click on Start Scan.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
 
TDSSKillerSuspicious-1.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • Important: Do NOT change the default action on your own unless instructed by a malware Helper! Doing so may render your computer unbootable.
TDSSKillerMal-1.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
 
TDSSKillerCompleted.png
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
 
 
===
 
Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
  •  
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
 
There shall also be a file on your desktop named MBR.dat.  Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===
 


#6 kcp

kcp
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:41 AM

Posted 17 August 2014 - 02:07 PM

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 23:28 on 03/01/1980 (Administrator)
 
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
 
Checking for services/drivers...
 
 
-=E.O.F=-
23:28:57.0551 0x0c08  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
23:29:09.0638 0x0c08  ============================================================
23:29:09.0648 0x0c08  Current date / time: 1980/01/03 23:29:09.0638
23:29:09.0648 0x0c08  SystemInfo:
23:29:09.0648 0x0c08  
23:29:09.0648 0x0c08  OS Version: 5.1.2600 ServicePack: 3.0
23:29:09.0648 0x0c08  Product type: Workstation
23:29:09.0648 0x0c08  ComputerName: OWN-CB0A44EAA34
23:29:09.0648 0x0c08  UserName: Administrator
23:29:09.0648 0x0c08  Windows directory: C:\WINDOWS
23:29:09.0648 0x0c08  System windows directory: C:\WINDOWS
23:29:09.0648 0x0c08  Processor architecture: Intel x86
23:29:09.0648 0x0c08  Number of processors: 1
23:29:09.0648 0x0c08  Page size: 0x1000
23:29:09.0648 0x0c08  Boot type: Normal boot
23:29:09.0648 0x0c08  ============================================================
23:29:14.0125 0x0c08  KLMD registered as C:\WINDOWS\system32\drivers\93796266.sys
23:29:15.0407 0x0c08  System UUID: {42D0B253-A7D7-1F33-D102-207734CEF42B}
23:29:19.0302 0x0c08  Drive \Device\Harddisk0\DR0 - Size: 0x6FC7C8000 ( 27.95 Gb ), SectorSize: 0x200, Cylinders: 0xF24, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
23:29:19.0312 0x0c08  ============================================================
23:29:19.0312 0x0c08  \Device\Harddisk0\DR0:
23:29:19.0312 0x0c08  MBR partitions:
23:29:19.0312 0x0c08  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x37E3E01
23:29:19.0312 0x0c08  ============================================================
23:29:19.0382 0x0c08  C: <-> \Device\Harddisk0\DR0\Partition1
23:29:19.0382 0x0c08  ============================================================
23:29:19.0382 0x0c08  Initialize success
23:29:19.0382 0x0c08  ============================================================
23:29:21.0876 0x0ed8  ============================================================
23:29:21.0876 0x0ed8  Scan started
23:29:21.0876 0x0ed8  Mode: Manual; 
23:29:21.0876 0x0ed8  ============================================================
23:29:21.0876 0x0ed8  KSN ping started
23:29:22.0216 0x0ed8  KSN ping finished: true
23:29:23.0508 0x0ed8  ================ Scan system memory ========================
23:29:23.0508 0x0ed8  System memory - ok
23:29:23.0518 0x0ed8  ================ Scan services =============================
23:29:23.0558 0x0ed8  A2DDA - ok
23:29:23.0799 0x0ed8  Abiosdsk - ok
23:29:23.0819 0x0ed8  abp480n5 - ok
23:29:23.0949 0x0ed8  [ 0F2D66D5F08EBE2F77BB904288DCF6F0, 5969A64B6995DCAF16F9A76BD1235472F76D71DFE629B956221D2C3D73EDF98A ] ac97intc        C:\WINDOWS\system32\drivers\ac97intc.sys
23:29:23.0959 0x0ed8  ac97intc - ok
23:29:24.0219 0x0ed8  [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:29:24.0229 0x0ed8  ACPI - ok
23:29:24.0289 0x0ed8  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
23:29:24.0289 0x0ed8  ACPIEC - ok
23:29:24.0309 0x0ed8  adpu160m - ok
23:29:24.0390 0x0ed8  [ 3CB6AE5435987B1F8C83FD2730479878, 4DACBB2381717E8250F8BA6FACAFF56143EC4A13F4917C3B0B85F1A267DD6673 ] aeaudio         C:\WINDOWS\system32\drivers\aeaudio.sys
23:29:24.0430 0x0ed8  aeaudio - ok
23:29:24.0560 0x0ed8  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
23:29:24.0570 0x0ed8  aec - ok
23:29:24.0700 0x0ed8  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
23:29:24.0710 0x0ed8  AFD - ok
23:29:24.0800 0x0ed8  [ 08FD04AA961BDC77FB983F328334E3D7, A784EC8A9EDB579262366B5A9AB177DB7BEC0A421BDE85431D0AD4959D5AF5E7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
23:29:24.0810 0x0ed8  agp440 - ok
23:29:24.0830 0x0ed8  Aha154x - ok
23:29:24.0850 0x0ed8  aic78u2 - ok
23:29:24.0860 0x0ed8  aic78xx - ok
23:29:24.0930 0x0ed8  [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
23:29:24.0940 0x0ed8  Alerter - ok
23:29:25.0000 0x0ed8  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
23:29:25.0000 0x0ed8  ALG - ok
23:29:25.0020 0x0ed8  AliIde - ok
23:29:25.0040 0x0ed8  amsint - ok
23:29:25.0131 0x0ed8  [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
23:29:25.0191 0x0ed8  AppMgmt - ok
23:29:25.0261 0x0ed8  [ B5B8A80875C1DEDEDA8B02765642C32F, AD0C71D73B1B8225351FBF4FFB43001A32B4DAE69504C59970CD2428BB33D4EF ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
23:29:25.0261 0x0ed8  Arp1394 - ok
23:29:25.0281 0x0ed8  asc - ok
23:29:25.0301 0x0ed8  asc3350p - ok
23:29:25.0321 0x0ed8  asc3550 - ok
23:29:25.0391 0x0ed8  [ 3BFBB5DAE801CB893B8B46345FED6437, 2C2B71C1294585265D4871E74F17541500CA20DE34AC516F2A906DD81964C833 ] aswHwid         C:\WINDOWS\system32\drivers\aswHwid.sys
23:29:25.0391 0x0ed8  aswHwid - ok
23:29:25.0451 0x0ed8  [ C3014C735F450FE822C97FFBB0627113, 1CCFE845AED1757B8C1F52D310933076FF1EC197D82E499DB4592B09D66137B0 ] aswMonFlt       C:\WINDOWS\system32\drivers\aswMonFlt.sys
23:29:25.0461 0x0ed8  aswMonFlt - ok
23:29:25.0521 0x0ed8  [ D6C9024F5D14843D33ADA8A6A10A1BE1, D40022D0A360FD4010D3D5D452BBC4CE9EE68224DEAB9584626E6F435E128857 ] aswRdr          C:\WINDOWS\system32\drivers\aswRdr.sys
23:29:25.0521 0x0ed8  aswRdr - ok
23:29:25.0561 0x0ed8  [ B7750AF7EDFD95674EB7CA92BCDD3358, A097577004F3CF71E2F9465F02B073D39926D7DEE2E2A9516D888158A5CB19E9 ] aswRvrt         C:\WINDOWS\system32\drivers\aswRvrt.sys
23:29:25.0561 0x0ed8  aswRvrt - ok
23:29:25.0882 0x0ed8  [ 51FDE588D860857A97E4C4B560E40C9B, 8A3AC3E55249DAE6CCD95593989F8B100D5C4712A16681A36E5D0F2F08BD57AA ] aswSnx          C:\WINDOWS\system32\drivers\aswSnx.sys
23:29:25.0922 0x0ed8  aswSnx - ok
23:29:26.0172 0x0ed8  [ 1AEB8CDB797666AF709A291B47AE81E0, 12AC4DBC6338BA5E5C04B449FF8362E7EC8EBFCA675C4F21BE847DFDCAE8F7C9 ] aswSP           C:\WINDOWS\system32\drivers\aswSP.sys
23:29:26.0202 0x0ed8  aswSP - ok
23:29:26.0282 0x0ed8  [ 26C51C289E39E8EE0F12B8B06B71E436, 81382FC3E836698432EE832A166F09251CC9164B17584E90F73037A1FA54E4F7 ] aswTdi          C:\WINDOWS\system32\drivers\aswTdi.sys
23:29:26.0292 0x0ed8  aswTdi - ok
23:29:26.0382 0x0ed8  [ 90BEE0170D70D6744CEF2355EEAF8086, 8F9FF53F529B854934020E2F8163605DC794FF48464D3D4439BAAF70ECE8E963 ] aswVmm          C:\WINDOWS\system32\drivers\aswVmm.sys
23:29:26.0392 0x0ed8  aswVmm - ok
23:29:26.0452 0x0ed8  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:29:26.0462 0x0ed8  AsyncMac - ok
23:29:26.0553 0x0ed8  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
23:29:26.0563 0x0ed8  atapi - ok
23:29:26.0583 0x0ed8  Atdisk - ok
23:29:26.0783 0x0ed8  [ A8464CA51C598101A3FEF341F4F0B6E0, 0B1E830D1D0B7E6EE318E094B8784EF08F9B7CB4F8614C03A0F708196549F4F7 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
23:29:26.0953 0x0ed8  Ati HotKey Poller - ok
23:29:27.0294 0x0ed8  [ 83F24E252908E59C4A7EF203BF7F4C02, CD44BC14A918DD9190B0E60A17949243A3E0DB75D69E59071BA4113FFCFFD3D2 ] ati2mtag        C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
23:29:27.0374 0x0ed8  ati2mtag - ok
23:29:27.0454 0x0ed8  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:29:27.0464 0x0ed8  Atmarpc - ok
23:29:27.0544 0x0ed8  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
23:29:27.0554 0x0ed8  AudioSrv - ok
23:29:27.0624 0x0ed8  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
23:29:27.0624 0x0ed8  audstub - ok
23:29:27.0734 0x0ed8  [ 73F5C13B431915BAE35254B4E95DFB71, 393A045859382C44133C004598B1512048046BCC129FED2247A77FDBFCDB6DFF ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
23:29:27.0754 0x0ed8  avast! Antivirus - ok
23:29:27.0844 0x0ed8  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
23:29:27.0854 0x0ed8  Beep - ok
23:29:28.0075 0x0ed8  [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            C:\WINDOWS\system32\qmgr.dll
23:29:28.0235 0x0ed8  BITS - ok
23:29:28.0325 0x0ed8  [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser         C:\WINDOWS\System32\browser.dll
23:29:28.0345 0x0ed8  Browser - ok
23:29:28.0405 0x0ed8  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
23:29:28.0405 0x0ed8  cbidf2k - ok
23:29:28.0425 0x0ed8  cd20xrnt - ok
23:29:28.0495 0x0ed8  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
23:29:28.0495 0x0ed8  Cdaudio - ok
23:29:28.0576 0x0ed8  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
23:29:28.0586 0x0ed8  Cdfs - ok
23:29:28.0676 0x0ed8  [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:29:28.0686 0x0ed8  Cdrom - ok
23:29:28.0706 0x0ed8  Changer - ok
23:29:28.0756 0x0ed8  [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
23:29:28.0756 0x0ed8  CiSvc - ok
23:29:28.0776 0x0ed8  cleanhlp - ok
23:29:28.0816 0x0ed8  [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
23:29:28.0846 0x0ed8  ClipSrv - ok
23:29:28.0906 0x0ed8  [ 0F6C187D38D98F8DF904589A5F94D411, DB987093446216CEE913AC27503BF7E23E5A62DF169B355730285DAB64F6ED28 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
23:29:28.0906 0x0ed8  CmBatt - ok
23:29:28.0926 0x0ed8  CmdIde - ok
23:29:28.0946 0x0ed8  [ 6E4C9F21F0FAE8940661144F41B13203, 731202A0DD021FCF9287FEA631212603AAAC23F9E7F76B2882F913B18A971F1C ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
23:29:28.0956 0x0ed8  Compbatt - ok
23:29:28.0976 0x0ed8  COMSysApp - ok
23:29:29.0006 0x0ed8  Cpqarray - ok
23:29:29.0096 0x0ed8  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
23:29:29.0106 0x0ed8  CryptSvc - ok
23:29:29.0126 0x0ed8  dac2w2k - ok
23:29:29.0146 0x0ed8  dac960nt - ok
23:29:29.0357 0x0ed8  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
23:29:29.0517 0x0ed8  DcomLaunch - ok
23:29:29.0637 0x0ed8  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
23:29:29.0677 0x0ed8  Dhcp - ok
23:29:29.0717 0x0ed8  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
23:29:29.0717 0x0ed8  Disk - ok
23:29:29.0737 0x0ed8  dmadmin - ok
23:29:30.0078 0x0ed8  [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
23:29:30.0118 0x0ed8  dmboot - ok
23:29:30.0238 0x0ed8  [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
23:29:30.0248 0x0ed8  dmio - ok
23:29:30.0318 0x0ed8  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
23:29:30.0318 0x0ed8  dmload - ok
23:29:30.0378 0x0ed8  [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
23:29:30.0378 0x0ed8  dmserver - ok
23:29:30.0428 0x0ed8  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
23:29:30.0438 0x0ed8  DMusic - ok
23:29:30.0518 0x0ed8  [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
23:29:30.0528 0x0ed8  Dnscache - ok
23:29:30.0638 0x0ed8  [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
23:29:30.0699 0x0ed8  Dot3svc - ok
23:29:30.0709 0x0ed8  dpti2o - ok
23:29:30.0729 0x0ed8  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
23:29:30.0739 0x0ed8  drmkaud - ok
23:29:30.0849 0x0ed8  [ 3FCA03CBCA11269F973B70FA483C88EF, 0995989B9EBE5CE1C5489139849FB2AD69DE9749650BBC262AD754E5CE457C59 ] E100B           C:\WINDOWS\system32\DRIVERS\e100b325.sys
23:29:30.0859 0x0ed8  E100B - ok
23:29:30.0929 0x0ed8  [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
23:29:30.0949 0x0ed8  EapHost - ok
23:29:31.0009 0x0ed8  [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
23:29:31.0009 0x0ed8  ERSvc - ok
23:29:31.0119 0x0ed8  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog        C:\WINDOWS\system32\services.exe
23:29:31.0179 0x0ed8  Eventlog - ok
23:29:31.0319 0x0ed8  [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem     C:\WINDOWS\system32\es.dll
23:29:31.0390 0x0ed8  EventSystem - ok
23:29:31.0520 0x0ed8  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
23:29:31.0530 0x0ed8  Fastfat - ok
23:29:31.0640 0x0ed8  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
23:29:31.0700 0x0ed8  FastUserSwitchingCompatibility - ok
23:29:31.0750 0x0ed8  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
23:29:31.0750 0x0ed8  Fdc - ok
23:29:31.0820 0x0ed8  [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
23:29:31.0830 0x0ed8  Fips - ok
23:29:31.0860 0x0ed8  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
23:29:31.0870 0x0ed8  Flpydisk - ok
23:29:31.0980 0x0ed8  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
23:29:31.0990 0x0ed8  FltMgr - ok
23:29:32.0061 0x0ed8  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:29:32.0061 0x0ed8  Fs_Rec - ok
23:29:32.0141 0x0ed8  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:29:32.0151 0x0ed8  Ftdisk - ok
23:29:32.0231 0x0ed8  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:29:32.0231 0x0ed8  Gpc - ok
23:29:32.0331 0x0ed8  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
23:29:32.0351 0x0ed8  gupdate - ok
23:29:32.0411 0x0ed8  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
23:29:32.0431 0x0ed8  gupdatem - ok
23:29:32.0541 0x0ed8  [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:29:32.0551 0x0ed8  helpsvc - ok
23:29:32.0561 0x0ed8  HidServ - ok
23:29:32.0651 0x0ed8  [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
23:29:32.0691 0x0ed8  hkmsvc - ok
23:29:32.0711 0x0ed8  hpn - ok
23:29:32.0842 0x0ed8  [ 970178E8E003EB1481293830069624B9, 411E7224347D7CB001667CDE013D7C30A3CC07AC7968FBFF4975A79D63BCA7D0 ] HSFHWBS2        C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys
23:29:32.0852 0x0ed8  HSFHWBS2 - ok
23:29:33.0302 0x0ed8  [ EBB354438A4C5A3327FB97306260714A, 95C5008E44815343FBC4F7DEE47370EB9A28AFC12AE2447A0B298789504DB6B9 ] HSF_DP          C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys
23:29:33.0352 0x0ed8  HSF_DP - ok
23:29:33.0523 0x0ed8  [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
23:29:33.0543 0x0ed8  HTTP - ok
23:29:33.0613 0x0ed8  [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
23:29:33.0633 0x0ed8  HTTPFilter - ok
23:29:33.0653 0x0ed8  i2omgmt - ok
23:29:33.0663 0x0ed8  i2omp - ok
23:29:33.0743 0x0ed8  [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:29:33.0743 0x0ed8  i8042prt - ok
23:29:33.0783 0x0ed8  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
23:29:33.0783 0x0ed8  Imapi - ok
23:29:33.0903 0x0ed8  [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    C:\WINDOWS\system32\imapi.exe
23:29:33.0943 0x0ed8  ImapiService - ok
23:29:33.0963 0x0ed8  ini910u - ok
23:29:34.0013 0x0ed8  [ B5466A9250342A7AA0CD1FBA13420678, 87E735C4E8924A883AB692D387A83BCBFAE6E165688336AE7AB488F7CA8D339E ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
23:29:34.0013 0x0ed8  IntelIde - ok
23:29:34.0103 0x0ed8  [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:29:34.0103 0x0ed8  intelppm - ok
23:29:34.0154 0x0ed8  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
23:29:34.0164 0x0ed8  Ip6Fw - ok
23:29:34.0224 0x0ed8  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:29:34.0234 0x0ed8  IpFilterDriver - ok
23:29:34.0264 0x0ed8  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:29:34.0264 0x0ed8  IpInIp - ok
23:29:34.0364 0x0ed8  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:29:34.0384 0x0ed8  IpNat - ok
23:29:34.0474 0x0ed8  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:29:34.0484 0x0ed8  IPSec - ok
23:29:34.0594 0x0ed8  [ ACA5E7B54409F9CB5EED97ED0C81120E, 1E22F442EA77596F58D133F1A5887CDC4F3325DD0836D24A665E1D31287ABFF7 ] irda            C:\WINDOWS\system32\DRIVERS\irda.sys
23:29:34.0594 0x0ed8  irda - ok
23:29:34.0674 0x0ed8  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
23:29:34.0674 0x0ed8  IRENUM - ok
23:29:34.0714 0x0ed8  [ 49CC4533CE897CB2E93C1E84A818FDE5, F2AC81CDB971F630699616509748DCE133874EFC79B9D6230517B5A4DFBE193D ] Irmon           C:\WINDOWS\System32\irmon.dll
23:29:34.0724 0x0ed8  Irmon - ok
23:29:34.0774 0x0ed8  [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:29:34.0784 0x0ed8  isapnp - ok
23:29:34.0845 0x0ed8  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:29:34.0845 0x0ed8  Kbdclass - ok
23:29:34.0955 0x0ed8  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
23:29:34.0975 0x0ed8  kmixer - ok
23:29:35.0055 0x0ed8  [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
23:29:35.0075 0x0ed8  KSecDD - ok
23:29:35.0165 0x0ed8  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
23:29:35.0215 0x0ed8  LanmanServer - ok
23:29:35.0345 0x0ed8  [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
23:29:35.0415 0x0ed8  lanmanworkstation - ok
23:29:35.0435 0x0ed8  lbrtfdc - ok
23:29:35.0536 0x0ed8  [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
23:29:35.0546 0x0ed8  LmHosts - ok
23:29:35.0576 0x0ed8  [ 195741AEE20369980796B557358CD774, 4AD0E691A7543539578FBF849828B5F1DDB5BCD697B4F9D28CF2AAB3F555D56B ] mdmxsdk         C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
23:29:35.0576 0x0ed8  mdmxsdk - ok
23:29:35.0636 0x0ed8  [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
23:29:35.0656 0x0ed8  Messenger - ok
23:29:35.0726 0x0ed8  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
23:29:35.0726 0x0ed8  mnmdd - ok
23:29:35.0816 0x0ed8  [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
23:29:35.0836 0x0ed8  mnmsrvc - ok
23:29:35.0896 0x0ed8  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
23:29:35.0896 0x0ed8  Modem - ok
23:29:35.0926 0x0ed8  [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:29:35.0926 0x0ed8  Mouclass - ok
23:29:35.0976 0x0ed8  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
23:29:35.0986 0x0ed8  MountMgr - ok
23:29:36.0006 0x0ed8  mraid35x - ok
23:29:36.0106 0x0ed8  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:29:36.0126 0x0ed8  MRxDAV - ok
23:29:36.0347 0x0ed8  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:29:36.0377 0x0ed8  MRxSmb - ok
23:29:36.0437 0x0ed8  [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
23:29:36.0457 0x0ed8  MSDTC - ok
23:29:36.0487 0x0ed8  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
23:29:36.0487 0x0ed8  Msfs - ok
23:29:36.0507 0x0ed8  MSIServer - ok
23:29:36.0547 0x0ed8  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:29:36.0547 0x0ed8  MSKSSRV - ok
23:29:36.0587 0x0ed8  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:29:36.0587 0x0ed8  MSPCLOCK - ok
23:29:36.0617 0x0ed8  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
23:29:36.0627 0x0ed8  MSPQM - ok
23:29:36.0687 0x0ed8  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:29:36.0687 0x0ed8  mssmbios - ok
23:29:36.0787 0x0ed8  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
23:29:36.0797 0x0ed8  Mup - ok
23:29:36.0958 0x0ed8  [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        C:\WINDOWS\System32\qagentrt.dll
23:29:37.0078 0x0ed8  napagent - ok
23:29:37.0198 0x0ed8  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
23:29:37.0208 0x0ed8  NDIS - ok
23:29:37.0288 0x0ed8  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:29:37.0288 0x0ed8  NdisTapi - ok
23:29:37.0358 0x0ed8  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:29:37.0358 0x0ed8  Ndisuio - ok
23:29:37.0438 0x0ed8  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:29:37.0448 0x0ed8  NdisWan - ok
23:29:37.0518 0x0ed8  [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
23:29:37.0518 0x0ed8  NDProxy - ok
23:29:37.0568 0x0ed8  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
23:29:37.0568 0x0ed8  NetBIOS - ok
23:29:37.0659 0x0ed8  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
23:29:37.0669 0x0ed8  NetBT - ok
23:29:37.0759 0x0ed8  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
23:29:37.0809 0x0ed8  NetDDE - ok
23:29:37.0869 0x0ed8  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
23:29:37.0879 0x0ed8  NetDDEdsdm - ok
23:29:37.0949 0x0ed8  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\system32\lsass.exe
23:29:37.0959 0x0ed8  Netlogon - ok
23:29:38.0059 0x0ed8  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
23:29:38.0129 0x0ed8  Netman - ok
23:29:38.0199 0x0ed8  [ E9E47CFB2D461FA0FC75B7A74C6383EA, 544136F5BFD4DC23D45E90F12FA48B82FD9EAEA9EAF3E0F5F0BD27E23D672C3E ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
23:29:38.0199 0x0ed8  NIC1394 - ok
23:29:38.0320 0x0ed8  [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla             C:\WINDOWS\System32\mswsock.dll
23:29:38.0410 0x0ed8  Nla - ok
23:29:38.0490 0x0ed8  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
23:29:38.0490 0x0ed8  Npfs - ok
23:29:38.0570 0x0ed8  [ 2ADC0CA9945C65284B3D19BC18765974, A8E2B848E85A3B38350F4134DE9CA6749854B988F9A0087C60D97E19D474CBF3 ] NSCIRDA         C:\WINDOWS\system32\DRIVERS\nscirda.sys
23:29:38.0580 0x0ed8  NSCIRDA - ok
23:29:38.0850 0x0ed8  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
23:29:38.0880 0x0ed8  Ntfs - ok
23:29:38.0910 0x0ed8  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
23:29:38.0920 0x0ed8  NtLmSsp - ok
23:29:39.0131 0x0ed8  [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
23:29:39.0321 0x0ed8  NtmsSvc - ok
23:29:39.0361 0x0ed8  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
23:29:39.0371 0x0ed8  Null - ok
23:29:39.0441 0x0ed8  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:29:39.0441 0x0ed8  NwlnkFlt - ok
23:29:39.0471 0x0ed8  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:29:39.0481 0x0ed8  NwlnkFwd - ok
23:29:39.0541 0x0ed8  [ CA33832DF41AFB202EE7AEB05145922F, 9DD0089C2E13C7F81214C3B5A4A61276292052F9BBFEA7FCD0F6AA27815D5F95 ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
23:29:39.0551 0x0ed8  ohci1394 - ok
23:29:39.0601 0x0ed8  [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
23:29:39.0611 0x0ed8  Parport - ok
23:29:39.0641 0x0ed8  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
23:29:39.0651 0x0ed8  PartMgr - ok
23:29:39.0712 0x0ed8  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
23:29:39.0722 0x0ed8  ParVdm - ok
23:29:39.0762 0x0ed8  [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
23:29:39.0762 0x0ed8  PCI - ok
23:29:39.0782 0x0ed8  PCIDump - ok
23:29:39.0802 0x0ed8  PCIIde - ok
23:29:39.0922 0x0ed8  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\DRIVERS\pcmcia.sys
23:29:39.0932 0x0ed8  Pcmcia - ok
23:29:40.0042 0x0ed8  [ 3C186F80F43708FCA0115138ED41F92A, FEBDC338402A30E609948C9C363087C26A898B0EB89564141FC969D09B33D2FE ] PCX500          C:\WINDOWS\system32\DRIVERS\pcx500.sys
23:29:40.0072 0x0ed8  PCX500 - ok
23:29:40.0122 0x0ed8  [ 90B87F93CBD0B908DFA0D461CB1E7945, B1C5AA251E6E820E704B361287A28562CAD2B54AE631962A38287DF9D4D0774E ] PCX500MP        C:\WINDOWS\system32\DRIVERS\pcx500mp.sys
23:29:40.0142 0x0ed8  PCX500MP - ok
23:29:40.0152 0x0ed8  PDCOMP - ok
23:29:40.0182 0x0ed8  PDFRAME - ok
23:29:40.0192 0x0ed8  PDRELI - ok
23:29:40.0212 0x0ed8  PDRFRAME - ok
23:29:40.0232 0x0ed8  perc2 - ok
23:29:40.0242 0x0ed8  perc2hib - ok
23:29:40.0292 0x0ed8  PEVSystemStart - ok
23:29:40.0362 0x0ed8  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay        C:\WINDOWS\system32\services.exe
23:29:40.0383 0x0ed8  PlugPlay - ok
23:29:40.0413 0x0ed8  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
23:29:40.0413 0x0ed8  PolicyAgent - ok
23:29:40.0473 0x0ed8  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:29:40.0483 0x0ed8  PptpMiniport - ok
23:29:40.0503 0x0ed8  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
23:29:40.0513 0x0ed8  ProtectedStorage - ok
23:29:40.0553 0x0ed8  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
23:29:40.0563 0x0ed8  PSched - ok
23:29:40.0583 0x0ed8  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:29:40.0593 0x0ed8  Ptilink - ok
23:29:40.0603 0x0ed8  ql1080 - ok
23:29:40.0623 0x0ed8  Ql10wnt - ok
23:29:40.0643 0x0ed8  ql12160 - ok
23:29:40.0663 0x0ed8  ql1240 - ok
23:29:40.0683 0x0ed8  ql1280 - ok
23:29:40.0723 0x0ed8  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:29:40.0723 0x0ed8  RasAcd - ok
23:29:40.0813 0x0ed8  [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         C:\WINDOWS\System32\rasauto.dll
23:29:40.0853 0x0ed8  RasAuto - ok
23:29:40.0923 0x0ed8  [ 0207D26DDF796A193CCD9F83047BB5FC, 13613036BCB869FBD7229A0FE25D324710308385D8C35E5D990A40E52BE040DF ] Rasirda         C:\WINDOWS\system32\DRIVERS\rasirda.sys
23:29:40.0923 0x0ed8  Rasirda - ok
23:29:40.0963 0x0ed8  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:29:40.0973 0x0ed8  Rasl2tp - ok
23:29:41.0084 0x0ed8  [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          C:\WINDOWS\System32\rasmans.dll
23:29:41.0154 0x0ed8  RasMan - ok
23:29:41.0194 0x0ed8  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:29:41.0204 0x0ed8  RasPppoe - ok
23:29:41.0254 0x0ed8  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
23:29:41.0264 0x0ed8  Raspti - ok
23:29:41.0354 0x0ed8  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:29:41.0364 0x0ed8  Rdbss - ok
23:29:41.0404 0x0ed8  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:29:41.0404 0x0ed8  RDPCDD - ok
23:29:41.0524 0x0ed8  [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:29:41.0534 0x0ed8  rdpdr - ok
23:29:41.0674 0x0ed8  [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
23:29:41.0684 0x0ed8  RDPWD - ok
23:29:41.0815 0x0ed8  [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
23:29:41.0875 0x0ed8  RDSessMgr - ok
23:29:41.0935 0x0ed8  [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
23:29:41.0935 0x0ed8  redbook - ok
23:29:42.0025 0x0ed8  [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
23:29:42.0055 0x0ed8  RemoteAccess - ok
23:29:42.0125 0x0ed8  [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
23:29:42.0165 0x0ed8  RemoteRegistry - ok
23:29:42.0235 0x0ed8  [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      C:\WINDOWS\system32\locator.exe
23:29:42.0275 0x0ed8  RpcLocator - ok
23:29:42.0466 0x0ed8  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs           C:\WINDOWS\system32\rpcss.dll
23:29:42.0506 0x0ed8  RpcSs - ok
23:29:42.0616 0x0ed8  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\system32\rsvp.exe
23:29:42.0676 0x0ed8  RSVP - ok
23:29:42.0726 0x0ed8  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           C:\WINDOWS\system32\lsass.exe
23:29:42.0736 0x0ed8  SamSs - ok
23:29:42.0836 0x0ed8  [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
23:29:42.0876 0x0ed8  SCardSvr - ok
23:29:43.0016 0x0ed8  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
23:29:43.0086 0x0ed8  Schedule - ok
23:29:43.0146 0x0ed8  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:29:43.0146 0x0ed8  Secdrv - ok
23:29:43.0237 0x0ed8  [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        C:\WINDOWS\System32\seclogon.dll
23:29:43.0247 0x0ed8  seclogon - ok
23:29:43.0287 0x0ed8  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            C:\WINDOWS\system32\sens.dll
23:29:43.0297 0x0ed8  SENS - ok
23:29:43.0347 0x0ed8  [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
23:29:43.0347 0x0ed8  serenum - ok
23:29:43.0387 0x0ed8  [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
23:29:43.0397 0x0ed8  Serial - ok
23:29:43.0437 0x0ed8  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
23:29:43.0437 0x0ed8  Sfloppy - ok
23:29:43.0597 0x0ed8  [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
23:29:43.0707 0x0ed8  SharedAccess - ok
23:29:43.0787 0x0ed8  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
23:29:43.0807 0x0ed8  ShellHWDetection - ok
23:29:43.0827 0x0ed8  Simbad - ok
23:29:44.0108 0x0ed8  [ 972B66C19C6625D7E3D8D81F9C85598D, DB2E1ECE9DFA932BC44A6BE0AE00E41E8D7E989EBB68A5124D4C035CE285B7F6 ] smwdm           C:\WINDOWS\system32\drivers\smwdm.sys
23:29:44.0188 0x0ed8  smwdm - ok
23:29:44.0338 0x0ed8  [ 3978F082274F723AD5A0A8058C2417DD, B3C07E4686414BA64491C70BD6185ABE41AC2EFBC1EC9FF54A8C3760054FA0BF ] SoundMAX Agent Service (default) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
23:29:44.0368 0x0ed8  SoundMAX Agent Service (default) - ok
23:29:44.0388 0x0ed8  Sparrow - ok
23:29:44.0418 0x0ed8  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
23:29:44.0418 0x0ed8  splitter - ok
23:29:44.0518 0x0ed8  [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
23:29:44.0528 0x0ed8  Spooler - ok
23:29:44.0629 0x0ed8  [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
23:29:44.0639 0x0ed8  sr - ok
23:29:44.0739 0x0ed8  [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice       C:\WINDOWS\system32\srsvc.dll
23:29:44.0809 0x0ed8  srservice - ok
23:29:45.0019 0x0ed8  [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
23:29:45.0049 0x0ed8  Srv - ok
23:29:45.0159 0x0ed8  [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
23:29:45.0189 0x0ed8  SSDPSRV - ok
23:29:45.0380 0x0ed8  [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
23:29:45.0540 0x0ed8  stisvc - ok
23:29:45.0570 0x0ed8  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
23:29:45.0580 0x0ed8  swenum - ok
23:29:45.0630 0x0ed8  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
23:29:45.0630 0x0ed8  swmidi - ok
23:29:45.0660 0x0ed8  SwPrv - ok
23:29:45.0680 0x0ed8  symc810 - ok
23:29:45.0700 0x0ed8  symc8xx - ok
23:29:45.0710 0x0ed8  sym_hi - ok
23:29:45.0730 0x0ed8  sym_u3 - ok
23:29:45.0780 0x0ed8  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
23:29:45.0790 0x0ed8  sysaudio - ok
23:29:45.0890 0x0ed8  [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
23:29:45.0940 0x0ed8  SysmonLog - ok
23:29:46.0071 0x0ed8  [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
23:29:46.0171 0x0ed8  TapiSrv - ok
23:29:46.0371 0x0ed8  [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:29:46.0391 0x0ed8  Tcpip - ok
23:29:46.0461 0x0ed8  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
23:29:46.0461 0x0ed8  TDPIPE - ok
23:29:46.0511 0x0ed8  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
23:29:46.0521 0x0ed8  TDTCP - ok
23:29:46.0581 0x0ed8  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
23:29:46.0581 0x0ed8  TermDD - ok
23:29:46.0732 0x0ed8  [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService     C:\WINDOWS\System32\termsrv.dll
23:29:46.0842 0x0ed8  TermService - ok
23:29:46.0912 0x0ed8  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes          C:\WINDOWS\System32\shsvcs.dll
23:29:46.0932 0x0ed8  Themes - ok
23:29:47.0022 0x0ed8  [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
23:29:47.0062 0x0ed8  TlntSvr - ok
23:29:47.0082 0x0ed8  TosIde - ok
23:29:47.0152 0x0ed8  [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
23:29:47.0212 0x0ed8  TrkWks - ok
23:29:47.0302 0x0ed8  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
23:29:47.0302 0x0ed8  Udfs - ok
23:29:47.0322 0x0ed8  ultra - ok
23:29:47.0533 0x0ed8  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
23:29:47.0553 0x0ed8  Update - ok
23:29:47.0683 0x0ed8  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
23:29:47.0763 0x0ed8  upnphost - ok
23:29:47.0803 0x0ed8  [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS             C:\WINDOWS\System32\ups.exe
23:29:47.0823 0x0ed8  UPS - ok
23:29:47.0883 0x0ed8  [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:29:47.0883 0x0ed8  usbehci - ok
23:29:47.0933 0x0ed8  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:29:47.0943 0x0ed8  usbhub - ok
23:29:48.0013 0x0ed8  [ 0DAECCE65366EA32B162F85F07C6753B, 3C33AC2FC95E876933F2016CF0CDA2745491679728684DA8DF95A515CE4804BD ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
23:29:48.0013 0x0ed8  usbohci - ok
23:29:48.0054 0x0ed8  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
23:29:48.0064 0x0ed8  VgaSave - ok
23:29:48.0084 0x0ed8  ViaIde - ok
23:29:48.0144 0x0ed8  [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
23:29:48.0144 0x0ed8  VolSnap - ok
23:29:48.0304 0x0ed8  [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS             C:\WINDOWS\System32\vssvc.exe
23:29:48.0434 0x0ed8  VSS - ok
23:29:48.0554 0x0ed8  [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time         C:\WINDOWS\system32\w32time.dll
23:29:48.0654 0x0ed8  W32Time - ok
23:29:48.0704 0x0ed8  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:29:48.0714 0x0ed8  Wanarp - ok
23:29:48.0735 0x0ed8  WDICA - ok
23:29:48.0835 0x0ed8  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
23:29:48.0845 0x0ed8  wdmaud - ok
23:29:48.0895 0x0ed8  [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient       C:\WINDOWS\System32\webclnt.dll
23:29:48.0925 0x0ed8  WebClient - ok
23:29:49.0195 0x0ed8  [ 1225EBEA76AAC3C84DF6C54FE5E5D8BE, 48EF4217924D15D54F9B3E1D5E51944FF16E7832982D32A978A3FA8165417611 ] winachsf        C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys
23:29:49.0235 0x0ed8  winachsf - ok
23:29:49.0426 0x0ed8  [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
23:29:49.0476 0x0ed8  winmgmt - ok
23:29:49.0576 0x0ed8  [ C7E39EA41233E9F5B86C8DA3A9F1E4A8, 98C21DEEB7124426D749FACDAD06EBD7F500AE5C465A98D558919C2A51C08554 ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll
23:29:49.0606 0x0ed8  WmdmPmSN - ok
23:29:49.0876 0x0ed8  [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] Wmi             C:\WINDOWS\System32\advapi32.dll
23:29:50.0086 0x0ed8  Wmi - ok
23:29:50.0247 0x0ed8  [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
23:29:50.0297 0x0ed8  WmiApSrv - ok
23:29:50.0377 0x0ed8  [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
23:29:50.0377 0x0ed8  WS2IFSL - ok
23:29:50.0477 0x0ed8  [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
23:29:50.0507 0x0ed8  wscsvc - ok
23:29:50.0587 0x0ed8  [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
23:29:50.0637 0x0ed8  wuauserv - ok
23:29:50.0848 0x0ed8  [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
23:29:51.0028 0x0ed8  WZCSVC - ok
23:29:51.0148 0x0ed8  [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
23:29:51.0218 0x0ed8  xmlprov - ok
23:29:51.0248 0x0ed8  ================ Scan global ===============================
23:29:51.0308 0x0ed8  [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
23:29:51.0488 0x0ed8  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
23:29:51.0719 0x0ed8  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
23:29:51.0809 0x0ed8  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
23:29:51.0829 0x0ed8  [ Global ] - ok
23:29:51.0829 0x0ed8  ================ Scan MBR ==================================
23:29:51.0869 0x0ed8  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
23:29:52.0139 0x0ed8  \Device\Harddisk0\DR0 - ok
23:29:52.0139 0x0ed8  ================ Scan VBR ==================================
23:29:52.0149 0x0ed8  [ 6279923ACB979DF194E4C6A38EEF860A ] \Device\Harddisk0\DR0\Partition1
23:29:52.0159 0x0ed8  \Device\Harddisk0\DR0\Partition1 - ok
23:29:52.0169 0x0ed8  ================ Scan generic autorun ======================
23:29:53.0722 0x0ed8  [ 26B558B2D31C7425B455B00E562EAD93, B64D128A2F1FC42BA4376F8EB08D70F4B705745CB983D0631DB45851BF34BBDF ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
23:29:55.0154 0x0ed8  AvastUI.exe - ok
23:29:55.0244 0x0ed8  [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe
23:29:55.0254 0x0ed8  ctfmon.exe - ok
23:29:55.0264 0x0ed8  Waiting for KSN requests completion. In queue: 194
23:29:56.0386 0x0ed8  AV detected via SS1: avast! Antivirus, 5.0.150996965, enabled, updated
23:29:56.0396 0x0ed8  Win FW state via NFM: enabled
23:29:56.0736 0x0ed8  ============================================================
23:29:56.0736 0x0ed8  Scan finished
23:29:56.0736 0x0ed8  ============================================================
23:29:56.0756 0x0790  Detected object count: 0
23:29:56.0756 0x0790  aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 1980-01-03 23:30:19
-----------------------------
23:30:19.339    OS Version: Windows 5.1.2600 Service Pack 3
23:30:19.339    Number of processors: 1 586 0x204
23:30:19.339    ComputerName: OWN-CB0A44EAA34  UserName: Administrator
23:30:20.250    Initialize success
23:30:20.250    VM: initialized successfully
23:30:20.250    VM: Intel CPU virtualization not supported 
23:30:21.422    AVAST engine defs: 14081700
23:30:41.941    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
23:30:41.951    Disk 0 Vendor: TOSHIBA_MK3018GAP M2.01_A Size: 28615MB BusType: 3
23:30:42.201    Disk 0 MBR read successfully
23:30:42.201    Disk 0 MBR scan
23:30:42.211    Disk 0 Windows XP default MBR code
23:30:42.211    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        28615 MB offset 63
23:30:42.211    Disk 0 default boot code
23:30:42.231    Disk 0 scanning sectors +58605120
23:30:42.482    Disk 0 scanning C:\WINDOWS\system32\drivers
23:31:01.689    Service scanning
23:31:41.266    Modules scanning
23:32:04.149    Disk 0 trace - called modules:
23:32:04.169    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys 
23:32:04.169    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89848ab8]
23:32:04.169    3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\0000007f[0x898b93b8]
23:32:04.169    5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8989c940]
23:32:05.081    AVAST engine scan C:\WINDOWS
23:32:21.955    AVAST engine scan C:\WINDOWS\system32
23:37:33.543    AVAST engine scan C:\WINDOWS\system32\drivers
23:37:56.035    AVAST engine scan C:\Documents and Settings\Administrator
23:45:30.338    AVAST engine scan C:\Documents and Settings\All Users
23:46:05.870    Scan finished successfully
23:58:10.502    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\My Documents\MBR.dat"
23:58:10.512    The log file has been saved successfully to "C:\Documents and Settings\Administrator\My Documents\aswMBR.txt"
 
here are the logs
Actual detected object count: 0
23:30:13.0110 0x0b94  Deinitialize success
 
 
 


#7 kcp

kcp
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:41 AM

Posted 17 August 2014 - 04:01 PM

sorry here is dat file

Attached Files

  • Attached File  MBR.zip   499bytes   0 downloads


#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:41 AM

Posted 18 August 2014 - 07:50 AM

The Boot sector is good.

 

Download the version of this tool for your operating system.
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===
 
How is the computer performing?


#9 kcp

kcp
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:41 AM

Posted 18 August 2014 - 01:23 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-08-2014 01
Ran by Administrator (administrator) on OWN-CB0A44EAA34 on 18-08-2014 13:14:00
Running from C:\Documents and Settings\Administrator\Desktop\New Folder
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() C:\WINDOWS\system32\ati2evxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} -  No File
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} -  No File
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} -  No File
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} -  No File
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} -  No File
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} -  No File
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} -  No File
 
FireFox:
========
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
 
Chrome: 
=======
CHR HomePage: 
CHR Extension: (Google Docs) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-08]
CHR Extension: (Cool Clock) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icegcmhgphfkgglbljbkdegiaaihifce [2014-08-14]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-08]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [397312 2004-05-15] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-08] (AVAST Software)
R2 SoundMAX Agent Service (default); C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [45056 2002-09-20] (Analog Devices, Inc.) [File not signed]
S2 PEVSystemStart; "C:\gjhgggt5d\pev.3XE" EXEC /i "C:\gjhgggt5d\HIDEC.3XE" "C:\gjhgggt5d\SWREG.3XE" ACL "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_Beep" /RESET /Q
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ac97intc; C:\WINDOWS\System32\drivers\ac97intc.sys [96256 2001-08-17] (Intel Corporation)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-08-08] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-08-08] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55112 2014-08-08] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-08-08] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [779536 2014-08-08] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [414520 2014-08-08] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57800 2014-08-08] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [192352 2014-08-08] ()
R3 HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFBS2S2.sys [220032 2008-04-13] (Conexant Systems, Inc.)
R3 HSF_DP; C:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys [1041536 2008-04-13] (Conexant Systems, Inc.)
S3 PCX500; C:\WINDOWS\System32\DRIVERS\pcx500.sys [118272 2007-11-16] (Cisco Systems)
S3 PCX500MP; C:\WINDOWS\System32\DRIVERS\pcx500mp.sys [4990 2002-08-05] (Cisco Systems, Inc.)
R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
R3 winachsf; C:\WINDOWS\System32\DRIVERS\HSFCXTS2.sys [685056 2008-04-13] (Conexant Systems, Inc.)
S1 A2DDA; \??\C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [X]
S3 cleanhlp; \??\C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-18 13:13 - 2014-08-18 13:14 - 00000000 ____D () C:\FRST
2014-08-18 13:13 - 2014-08-18 13:14 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\New Folder
2014-08-18 12:45 - 2014-08-18 12:45 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
2014-08-18 12:41 - 2014-08-18 12:41 - 00000000 __SHD () C:\found.000
2014-08-17 15:58 - 2014-08-17 15:58 - 00000499 _____ () C:\Documents and Settings\Administrator\My Documents\MBR.zip
2014-08-17 03:54 - 2014-08-17 03:54 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Macromedia
2014-08-17 03:54 - 2014-08-17 03:54 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Adobe
2014-08-17 03:53 - 2014-08-17 03:53 - 00699568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-08-17 03:53 - 2014-08-17 03:53 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-08-17 03:53 - 2014-08-17 03:53 - 00000000 ____D () C:\WINDOWS\system32\Macromed
2014-08-17 02:10 - 2014-08-17 02:10 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Sun
2014-08-17 02:06 - 2014-08-17 02:06 - 00030396 _____ () C:\Documents and Settings\Administrator\My Documents\bookmarks_8_17_14.html
2014-08-17 00:54 - 2014-08-17 00:55 - 00688992 ____R (Swearware) C:\Documents and Settings\Administrator\Desktop\dds.com
2014-08-17 00:33 - 2014-08-18 13:05 - 00000438 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{AC78C0C4-4FEA-4699-AC03-C90B0B987359}.job
2014-08-17 00:33 - 2014-08-17 00:33 - 00000000 __SHD () C:\Documents and Settings\Administrator\IECompatCache
2014-08-17 00:32 - 2014-08-17 00:32 - 00000000 __SHD () C:\Documents and Settings\Administrator\PrivacIE
2014-08-17 00:27 - 2014-08-17 00:27 - 00000187 _____ () C:\WINDOWS\spupdsvc.log.1.log
2014-08-17 00:26 - 2014-08-18 12:45 - 00000238 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-08-17 00:26 - 2014-08-17 01:39 - 00000232 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-08-17 00:24 - 2014-08-17 00:24 - 00006342 _____ () C:\WINDOWS\KB2964358-IE8.log
2014-08-17 00:24 - 2014-08-17 00:24 - 00005663 _____ () C:\WINDOWS\KB2934207.log
2014-08-17 00:24 - 2014-08-17 00:24 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-08-17 00:23 - 2014-08-17 00:23 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2014-08-17 00:22 - 2014-08-17 10:51 - 00006076 _____ () C:\WINDOWS\setupapi.log
2014-08-17 00:22 - 2014-08-17 00:23 - 00005844 _____ () C:\WINDOWS\WgaNotify.log
2014-08-16 23:59 - 2014-08-17 00:00 - 00004879 _____ () C:\WINDOWS\KB2909210-IE8.log
2014-08-16 23:58 - 2014-08-16 23:59 - 00007580 _____ () C:\WINDOWS\KB2510531-IE8.log
2014-08-16 20:44 - 2014-02-25 20:59 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe
2014-08-16 20:44 - 2014-02-25 20:59 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe
2014-08-15 03:52 - 2014-08-15 03:52 - 00090296 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-08-15 03:52 - 2014-08-15 03:52 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-08-15 03:34 - 2014-08-15 03:34 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-08-15 03:34 - 2014-08-15 03:34 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2868626$
2014-08-15 03:33 - 2014-08-15 03:34 - 00033975 _____ () C:\WINDOWS\KB951376-v2.log
2014-08-15 03:33 - 2014-08-15 03:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB959426$
2014-08-15 03:33 - 2014-08-15 03:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB951376-v2$
2014-08-15 03:31 - 2014-08-15 03:33 - 00038657 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-08-15 03:30 - 2014-08-15 03:31 - 00039256 _____ () C:\WINDOWS\KB2909921-IE8.log
2014-08-15 03:28 - 2014-08-15 03:30 - 00042052 _____ () C:\WINDOWS\KB2862772-IE8.log
2014-08-15 03:27 - 2014-08-15 03:27 - 00036211 _____ () C:\WINDOWS\KB2598845-IE8.log
2014-08-15 03:27 - 2014-08-15 03:27 - 00035478 _____ () C:\WINDOWS\KB2467659.log
2014-08-15 03:27 - 2014-08-15 03:27 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2467659$
2014-08-15 03:27 - 2014-03-06 12:59 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll
2014-08-15 03:27 - 2011-08-16 05:45 - 00006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iecompat.dll
2014-08-15 03:25 - 2014-08-17 00:24 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-08-15 03:25 - 2014-08-15 03:27 - 00046493 _____ () C:\WINDOWS\KB982381-IE8.log
2014-08-15 03:24 - 2014-08-17 00:27 - 00009075 _____ () C:\WINDOWS\spupdsvc.log
2014-08-15 03:24 - 2014-08-15 03:50 - 00065536 _____ () C:\WINDOWS\system32\config\Internet.evt
2014-08-15 03:24 - 2014-03-06 12:59 - 11113472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll
2014-08-15 03:24 - 2014-03-06 12:59 - 02006016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll
2014-08-15 03:24 - 2014-03-06 12:59 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll
2014-08-15 03:24 - 2014-03-06 12:59 - 00630272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll
2014-08-15 03:24 - 2014-03-06 12:59 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll
2014-08-15 03:24 - 2014-03-06 12:59 - 00055296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2014-08-15 03:24 - 2014-03-06 12:59 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll
2014-08-15 03:20 - 2014-08-15 03:24 - 00000000 __HDC () C:\WINDOWS\ie8
2014-08-15 03:19 - 2014-08-15 03:24 - 00046866 _____ () C:\WINDOWS\ie8.log
2014-08-15 03:09 - 2014-08-15 03:33 - 00180372 _____ () C:\WINDOWS\ie8_main.log
2014-08-15 03:07 - 2014-08-15 03:08 - 00014743 _____ () C:\WINDOWS\KB2387149.log
2014-08-15 03:07 - 2014-08-15 03:07 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2712808$
2014-08-15 03:07 - 2014-08-15 03:07 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2387149$
2014-08-15 03:06 - 2014-08-15 03:06 - 00011765 _____ () C:\WINDOWS\KB2659262.log
2014-08-15 03:06 - 2014-08-15 03:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB960859$
2014-08-15 03:06 - 2014-08-15 03:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2659262$
2014-08-15 03:06 - 2014-08-15 03:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2479943$
2014-08-15 03:05 - 2014-08-15 03:06 - 00011376 _____ () C:\WINDOWS\KB2564958.log
2014-08-15 03:05 - 2014-08-15 03:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-08-15 03:05 - 2014-08-15 03:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2564958$
2014-08-15 03:05 - 2014-08-15 03:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2544893-v2$
2014-08-15 03:05 - 2014-08-15 03:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2478971$
2014-08-15 03:04 - 2014-08-15 03:04 - 00012450 _____ () C:\WINDOWS\KB2536276-v2.log
2014-08-15 03:04 - 2014-08-15 03:04 - 00009885 _____ () C:\WINDOWS\KB2834886.log
2014-08-15 03:04 - 2014-08-15 03:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2834886$
2014-08-15 03:04 - 2014-08-15 03:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2536276-v2$
2014-08-15 03:04 - 2014-08-15 03:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2345886$
2014-08-15 03:03 - 2014-08-15 03:03 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB970430$
2014-08-15 03:03 - 2014-08-15 03:03 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2631813$
2014-08-15 03:03 - 2014-08-15 03:03 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2585542$
2014-08-15 03:02 - 2014-08-15 03:02 - 00008452 _____ () C:\WINDOWS\KB2296011.log
2014-08-15 03:02 - 2014-08-15 03:02 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2691442$
2014-08-15 03:02 - 2014-08-15 03:02 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2296011$
2014-08-15 03:01 - 2014-08-15 03:01 - 00008832 _____ () C:\WINDOWS\KB975558.log
2014-08-15 03:01 - 2014-08-15 03:01 - 00007282 _____ () C:\WINDOWS\KB2900986.log
2014-08-15 03:01 - 2014-08-15 03:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB975558_WM8$
2014-08-15 03:01 - 2014-08-15 03:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2900986$
2014-08-15 03:01 - 2014-08-15 03:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2115168$
2014-08-15 03:00 - 2014-08-17 00:24 - 00243295 _____ () C:\WINDOWS\iis6.log
2014-08-15 03:00 - 2014-08-17 00:24 - 00228758 _____ () C:\WINDOWS\FaxSetup.log
2014-08-15 03:00 - 2014-08-17 00:24 - 00109372 _____ () C:\WINDOWS\ocgen.log
2014-08-15 03:00 - 2014-08-17 00:24 - 00104377 _____ () C:\WINDOWS\tsoc.log
2014-08-15 03:00 - 2014-08-17 00:24 - 00075309 _____ () C:\WINDOWS\comsetup.log
2014-08-15 03:00 - 2014-08-17 00:24 - 00068694 _____ () C:\WINDOWS\msmqinst.log
2014-08-15 03:00 - 2014-08-17 00:24 - 00045716 _____ () C:\WINDOWS\ntdtcsetup.log
2014-08-15 03:00 - 2014-08-17 00:24 - 00040071 _____ () C:\WINDOWS\netfxocm.log
2014-08-15 03:00 - 2014-08-17 00:24 - 00026629 _____ () C:\WINDOWS\updspapi.log
2014-08-15 03:00 - 2014-08-17 00:24 - 00015725 _____ () C:\WINDOWS\MedCtrOC.log
2014-08-15 03:00 - 2014-08-17 00:24 - 00012654 _____ () C:\WINDOWS\ocmsn.log
2014-08-15 03:00 - 2014-08-17 00:24 - 00011507 _____ () C:\WINDOWS\tabletoc.log
2014-08-15 03:00 - 2014-08-17 00:24 - 00011211 _____ () C:\WINDOWS\msgsocm.log
2014-08-15 03:00 - 2014-08-17 00:24 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-08-15 03:00 - 2014-08-17 00:24 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2014-08-15 03:00 - 2014-08-15 03:01 - 00010444 _____ () C:\WINDOWS\KB955759.log
2014-08-15 03:00 - 2014-08-15 03:00 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB955759$
2014-08-15 03:00 - 2014-08-15 03:00 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2847311$
2014-08-15 03:00 - 2014-08-15 03:00 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-08-15 03:00 - 2014-08-15 03:00 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-08-15 00:43 - 2014-08-15 03:34 - 00038823 _____ () C:\WINDOWS\KB2868626.log
2014-08-15 00:43 - 2014-08-15 03:34 - 00038303 _____ () C:\WINDOWS\KB2922229.log
2014-08-15 00:43 - 2014-08-15 03:33 - 00040572 _____ () C:\WINDOWS\KB959426.log
2014-08-15 00:43 - 2008-06-13 06:05 - 00272128 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2014-08-15 00:43 - 2008-06-13 06:05 - 00272128 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\bthport.sys
2014-08-15 00:41 - 2014-08-15 03:07 - 00020836 _____ () C:\WINDOWS\KB2712808.log
2014-08-15 00:41 - 2014-08-15 03:07 - 00020562 _____ () C:\WINDOWS\KB960859.log
2014-08-15 00:41 - 2014-08-15 03:06 - 00020630 _____ () C:\WINDOWS\KB2479943.log
2014-08-15 00:41 - 2014-08-15 03:05 - 00017542 _____ () C:\WINDOWS\KB2916036.log
2014-08-15 00:41 - 2010-09-18 01:53 - 00974848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mfc42.dll
2014-08-15 00:41 - 2010-09-18 01:53 - 00954368 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mfc40.dll
2014-08-15 00:41 - 2010-09-18 01:53 - 00953856 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mfc40u.dll
2014-08-15 00:40 - 2014-08-15 03:05 - 00019271 _____ () C:\WINDOWS\KB2478971.log
2014-08-15 00:40 - 2014-08-15 03:05 - 00018712 _____ () C:\WINDOWS\KB2544893-v2.log
2014-08-15 00:38 - 2014-08-15 03:04 - 00023232 _____ () C:\WINDOWS\KB2345886.log
2014-08-15 00:38 - 2014-08-15 03:04 - 00023109 _____ () C:\WINDOWS\KB2585542.log
2014-08-15 00:38 - 2011-07-15 08:29 - 00456320 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mrxsmb.sys
2014-08-15 00:34 - 2014-08-15 03:03 - 00017169 _____ () C:\WINDOWS\KB2631813.log
2014-08-15 00:34 - 2010-08-23 11:12 - 00617472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\comctl32.dll
2014-08-15 00:32 - 2014-08-15 03:02 - 00017076 _____ () C:\WINDOWS\KB2691442.log
2014-08-15 00:32 - 2014-08-15 03:01 - 00016178 _____ () C:\WINDOWS\KB2115168.log
2014-08-15 00:31 - 2014-08-15 03:00 - 00013777 _____ () C:\WINDOWS\KB2847311.log
2014-08-15 00:31 - 2009-11-21 10:51 - 01206508 ____C () C:\WINDOWS\system32\dllcache\sysmain.sdb
2014-08-15 00:31 - 2009-11-21 10:51 - 00471552 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\aclayers.dll
2014-08-14 22:11 - 2014-08-14 22:11 - 00000000 ____D () C:\Documents and Settings\Administrator\Start Menu\Programs\Google Chrome
2014-08-14 22:10 - 2014-08-14 22:11 - 00001845 _____ () C:\Documents and Settings\Administrator\Desktop\Chrome App Launcher.lnk
2014-08-14 11:12 - 2014-08-14 11:12 - 01303015 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\census.cache
2014-08-14 11:12 - 2014-08-14 11:12 - 00143334 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\ars.cache
2014-08-14 09:06 - 2014-08-14 09:06 - 00000036 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
2014-08-13 19:28 - 2014-08-13 19:28 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-08-13 19:15 - 2014-08-13 19:27 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HitmanPro
2014-08-13 17:33 - 2014-08-13 17:35 - 29592768 _____ (Microsoft Corporation) C:\Documents and Settings\Administrator\Desktop\Windows-KB890830-V5.15.exe
2014-08-12 22:13 - 2014-08-18 13:06 - 00000258 _____ () C:\WINDOWS\Tasks\Clean System Memory.job
2014-08-12 22:13 - 2014-08-12 22:13 - 00000000 ____D () C:\WINDOWS\CleanMem
2014-08-12 22:13 - 2014-08-12 22:13 - 00000000 ____D () C:\Program Files\CleanMem
2014-08-12 22:13 - 2014-08-12 22:13 - 00000000 ____D () C:\Documents and Settings\Administrator\Start Menu\Programs\CleanMem
2014-08-12 21:53 - 2014-08-18 12:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-12 21:53 - 2014-08-18 06:25 - 00032494 _____ () C:\WINDOWS\SchedLgU.Txt
2014-08-12 21:43 - 2014-08-12 21:43 - 00000000 ___RD () C:\WINDOWS\Offline Web Pages
2014-08-12 21:43 - 2014-08-12 21:43 - 00000000 ____D () C:\Documents and Settings\LocalService\Start Menu\Programs\Accessories
2014-08-12 21:38 - 2014-08-12 21:38 - 00000000 ___HD () C:\Program Files\WindowsUpdate
2014-08-12 08:25 - 2008-04-14 07:00 - 00043520 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLDA.tmp
2014-08-11 22:36 - 2014-08-11 22:36 - 00000784 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-11 22:36 - 2014-08-11 22:36 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-08-11 22:36 - 2014-08-11 22:36 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-08-11 22:36 - 2014-08-11 22:36 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-08-11 22:36 - 2014-08-11 22:36 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2014-08-11 22:36 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-08-11 22:18 - 2014-08-12 21:25 - 00001812 _____ () C:\Documents and Settings\Administrator\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-08-11 22:17 - 2014-08-14 22:13 - 00000000 ____D () C:\Program Files\Tweaking.com
2014-08-11 22:17 - 2014-08-14 22:13 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
2014-08-11 14:25 - 2014-08-18 13:09 - 01675688 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-11 13:05 - 2014-08-11 13:05 - 00000000 ____D () C:\WINDOWS\CSC
2014-08-11 12:05 - 2014-08-11 12:05 - 00000682 _____ () C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2014-08-11 12:05 - 2014-08-11 12:05 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2014-08-11 12:04 - 2014-08-11 12:05 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-11 11:31 - 2014-08-11 11:31 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-08-11 11:25 - 2014-07-31 23:42 - 96303304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-08-11 11:24 - 2014-08-11 11:25 - 00000000 ____D () C:\54f81f8de5149836e56cdf1b3c
2014-08-11 09:05 - 2014-08-12 21:53 - 00000260 _____ () C:\WINDOWS\Tasks\WGASetup.job
2014-08-11 09:05 - 2014-08-11 09:05 - 00000000 ____D () C:\WINDOWS\system32\KB905474
2014-08-11 08:56 - 2014-08-11 08:57 - 00006622 _____ () C:\WINDOWS\system32\TZLog.log
2014-08-11 08:29 - 2014-08-14 22:16 - 00000000 ___SD () C:\Documents and Settings\Administrator\UserData
2014-08-10 20:14 - 2014-08-10 20:14 - 00000044 _____ () C:\WINDOWS\system32\msssc.dll
2014-08-10 20:14 - 2014-08-10 20:14 - 00000000 ____D () C:\WINDOWS\VirtualEar
2014-08-10 20:14 - 2014-08-10 20:14 - 00000000 ____D () C:\Program Files\Analog Devices
2014-08-10 20:14 - 2014-08-10 20:14 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SoundMAX
2014-08-10 20:14 - 2003-12-17 15:29 - 00591936 _____ (Analog Devices, Inc.) C:\WINDOWS\system32\Drivers\smwdm.sys
2014-08-10 20:14 - 2003-10-23 11:17 - 00100384 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\Drivers\aeaudio.sys
2014-08-10 20:14 - 2003-06-16 07:32 - 00049152 _____ (Analog Devices Inc.) C:\WINDOWS\system32\DSndUp.exe
2014-08-10 20:14 - 2003-05-12 15:55 - 00978944 _____ (Analog Devices, Inc.) C:\WINDOWS\SynthCoreA.Dll
2014-08-10 20:14 - 2003-04-08 10:30 - 00003744 _____ (Analog Devices, Inc.) C:\WINDOWS\system32\Drivers\smsens.sys
2014-08-10 20:14 - 2002-11-06 21:23 - 00049152 _____ (SoundMAX) C:\WINDOWS\system32\S11thk32.dll
2014-08-10 20:14 - 2002-11-06 19:00 - 00040820 _____ (SoundMAX) C:\WINDOWS\system32\Syncor11.dll
2014-08-10 20:14 - 2002-08-30 12:59 - 00380928 _____ (Analog Devices, Inc.) C:\WINDOWS\SynCor.exe
2014-08-10 20:14 - 2002-07-24 14:06 - 00045056 _____ (Analog Devices, Inc.) C:\WINDOWS\system32\SynthCore11Resources.dll
2014-08-10 20:14 - 2002-04-17 15:05 - 00045056 _____ (adi) C:\WINDOWS\system32\CleanUp.exe
2014-08-10 20:14 - 2001-10-04 15:50 - 00991232 _____ (Sensaura) C:\WINDOWS\system32\virtear.dll
2014-08-10 20:14 - 2001-09-19 13:47 - 00765952 _____ (Sensaura Ltd) C:\WINDOWS\system\crlds3d.dll
2014-08-10 20:14 - 2001-09-19 13:47 - 00720896 _____ (Sensaura Ltd) C:\WINDOWS\system32\Audio3d.dll
2014-08-10 20:14 - 2001-09-19 13:32 - 00720896 _____ (Sensaura Ltd) C:\WINDOWS\system32\a3d.dll
2014-08-10 20:14 - 2001-09-11 17:20 - 01285632 _____ (Analog Devices) C:\WINDOWS\system32\SMMedia.dll
2014-08-10 20:14 - 2001-09-11 15:20 - 00030208 _____ (Analog Devices Inc.) C:\WINDOWS\system32\wdmioctl.dll
2014-08-10 17:28 - 2013-07-03 22:03 - 02149888 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2014-08-10 17:22 - 2012-01-11 14:06 - 00003072 ____C () C:\WINDOWS\system32\dllcache\iacenc.dll
2014-08-10 17:22 - 2012-01-11 14:06 - 00003072 _____ () C:\WINDOWS\system32\iacenc.dll
2014-08-10 16:49 - 2014-08-16 23:59 - 00000000 ____D () C:\WINDOWS\$hf_mig$
2014-08-10 16:49 - 2014-08-10 16:49 - 00000000 ____D () C:\WINDOWS\system32\PreInstall
2014-08-10 16:49 - 2009-01-07 18:21 - 00026144 _____ (Microsoft Corporation) C:\WINDOWS\system32\spupdsvc.exe
2014-08-10 16:49 - 2009-01-07 18:20 - 00016928 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsg.dll
2014-08-10 16:44 - 2014-08-18 09:50 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\vlc
2014-08-10 16:43 - 2014-08-10 16:43 - 00000719 _____ () C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
2014-08-10 16:43 - 2014-08-10 16:43 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
2014-08-10 16:41 - 2014-08-10 16:41 - 00000000 ____D () C:\Program Files\VideoLAN
2014-08-10 16:08 - 2014-08-17 21:41 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\uTorrent
2014-08-10 16:08 - 2014-08-10 16:08 - 00000630 _____ () C:\Documents and Settings\All Users\Start Menu\µTorrent.lnk
2014-08-10 16:08 - 2014-08-10 16:08 - 00000630 _____ () C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
2014-08-10 16:08 - 2014-08-10 16:08 - 00000000 ____D () C:\Program Files\uTorrent
2014-08-09 08:46 - 2014-08-09 08:46 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Emsisoft
2014-08-09 01:20 - 2014-08-09 01:20 - 00017288 _____ () C:\Documents and Settings\Administrator\My Documents\gmer.log
2014-08-09 00:35 - 2014-08-09 00:35 - 00000899 _____ () C:\Documents and Settings\Administrator\My Documents\jcfcbv.log
2014-08-09 00:19 - 2014-08-18 12:49 - 00357566 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-08-09 00:15 - 2014-08-09 00:15 - 00000000 ____D () C:\WINDOWS\jumpshot.com
2014-08-09 00:15 - 2014-08-09 00:15 - 00000000 ____D () C:\Program Files\windows nt
2014-08-09 00:15 - 2014-08-09 00:15 - 00000000 ____D () C:\Program Files\Common Files\system
2014-08-08 23:35 - 2014-08-08 23:35 - 00006040 _____ () C:\Documents and Settings\Administrator\My Documents\Run Commands.txt
2014-08-08 20:10 - 2014-08-08 20:10 - 00000000 ____D () C:\Program Files\Dropbox
2014-08-08 20:10 - 2014-08-08 20:10 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\DropboxMaster
2014-08-08 20:09 - 2014-08-08 20:09 - 00000000 ____D () C:\Documents and Settings\Administrator\Start Menu\Programs\Dropbox
2014-08-08 20:07 - 2014-08-08 20:11 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Dropbox
2014-08-08 20:07 - 2014-08-08 20:07 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Temp
2014-08-08 20:00 - 2014-08-08 20:00 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\AVAST Software
2014-08-08 19:59 - 2014-08-17 01:38 - 00000378 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-08-08 19:59 - 2014-08-08 19:59 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2014-08-08 19:59 - 2014-08-08 19:59 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avast
2014-08-08 19:57 - 2014-08-08 19:59 - 00414520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-08-08 19:57 - 2014-08-08 19:57 - 00779536 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-08-08 19:57 - 2014-08-08 19:57 - 00276432 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-08-08 19:57 - 2014-08-08 19:57 - 00192352 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-08-08 19:57 - 2014-08-08 19:57 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-08-08 19:57 - 2014-08-08 19:57 - 00057800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-08-08 19:57 - 2014-08-08 19:57 - 00055112 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2014-08-08 19:57 - 2014-08-08 19:57 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-08-08 19:57 - 2014-08-08 19:57 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-08-08 19:57 - 2014-08-08 19:57 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-08-08 19:50 - 2014-08-08 19:50 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-08 19:49 - 2014-08-08 19:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-08-08 19:34 - 2014-08-08 19:34 - 00007113 _____ () C:\Documents and Settings\Administrator\My Documents\Default.reg
2014-08-08 18:06 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr
2014-08-08 18:05 - 2014-08-08 18:06 - 00000000 _RSHD () C:\cmdcons
2014-08-08 18:05 - 2011-06-26 01:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-08-08 18:05 - 2010-11-07 12:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-08-08 18:05 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-08-08 18:05 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-08-08 18:05 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-08-08 18:05 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-08-08 18:05 - 2000-08-30 19:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-08-08 18:05 - 2000-08-30 19:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-08-08 18:05 - 2000-08-30 19:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-08-08 18:04 - 2014-08-08 18:04 - 00000000 ____D () C:\WINDOWS\erdnt
2014-08-08 18:00 - 2014-08-15 12:27 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-08-08 18:00 - 2014-08-08 18:00 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
2014-08-08 17:57 - 2014-08-12 21:53 - 00000900 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-08 17:57 - 2014-08-12 21:53 - 00000896 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-08 17:57 - 2014-08-08 18:00 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2014-08-08 17:57 - 2014-08-08 17:59 - 00000000 ____D () C:\Program Files\Google
2014-08-08 17:55 - 2014-08-08 17:55 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Help
2014-08-08 17:55 - 2014-08-08 17:55 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Help
2014-08-08 17:38 - 2002-11-15 11:13 - 00053248 _____ () C:\WINDOWS\system32\CInsX500.dll
2014-08-08 17:38 - 2002-08-05 14:46 - 00004990 _____ (Cisco Systems, Inc.) C:\WINDOWS\system32\Drivers\pcx500mp.sys
2014-08-08 17:33 - 2014-08-08 17:33 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-08-08 17:30 - 2014-08-10 20:14 - 00000000 ____D () C:\WINDOWS\system32\ReinstallBackups
2014-08-08 17:30 - 2014-08-10 20:14 - 00000000 ____D () C:\Program Files\InstallShield Installation Information
2014-08-08 17:30 - 2014-08-08 19:40 - 00000000 ____D () C:\compaq
2014-08-08 17:30 - 2014-08-08 17:30 - 00000000 ____D () C:\Program Files\Intel
2014-08-08 17:30 - 2014-08-08 17:30 - 00000000 ____D () C:\Program Files\Common Files\InstallShield
2014-08-08 17:27 - 2014-08-18 13:14 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2014-08-08 17:27 - 2014-08-17 10:01 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-08-08 17:27 - 2014-08-15 03:52 - 00000803 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
2014-08-08 17:27 - 2014-08-15 03:52 - 00000000 ___RD () C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
2014-08-08 17:27 - 2014-08-12 21:43 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-08-08 17:27 - 2014-08-08 17:27 - 00000020 ___SH () C:\Documents and Settings\LocalService\ntuser.ini
2014-08-08 17:27 - 2014-08-08 17:27 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Temp
2014-08-08 17:27 - 2014-08-08 17:21 - 00001599 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2014-08-08 17:27 - 1980-01-04 00:28 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-08-08 17:26 - 2014-08-18 12:45 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-08-08 17:26 - 2014-08-08 17:26 - 00000020 ___SH () C:\Documents and Settings\NetworkService\ntuser.ini
2014-08-08 17:24 - 2001-08-17 22:36 - 00023040 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\EXCH_regtrace.exe
2014-08-08 17:21 - 2014-08-12 22:17 - 00001507 _____ () C:\Documents and Settings\All Users\Start Menu\Windows Update.lnk
2014-08-08 17:21 - 2014-08-08 17:21 - 00002577 _____ () C:\WINDOWS\system32\CONFIG.NT
2014-08-08 17:21 - 2014-08-08 17:21 - 00001607 _____ () C:\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk
2014-08-08 17:21 - 2014-08-08 17:21 - 00001599 _____ () C:\Documents and Settings\Default User\Start Menu\Programs\Remote Assistance.lnk
2014-08-08 17:21 - 2014-08-08 17:21 - 00000398 _____ () C:\Documents and Settings\All Users\Start Menu\Windows Catalog.lnk
2014-08-08 17:21 - 2014-08-08 17:21 - 00000000 __RSH () C:\MSDOS.SYS
2014-08-08 17:21 - 2014-08-08 17:21 - 00000000 __RSH () C:\IO.SYS
2014-08-08 17:21 - 2014-08-08 17:21 - 00000000 ____D () C:\WINDOWS\system32\xircom
2014-08-08 17:21 - 2014-08-08 17:21 - 00000000 ____D () C:\Program Files\xerox
2014-08-08 17:21 - 2014-08-08 17:21 - 00000000 ____D () C:\Program Files\microsoft frontpage
2014-08-08 17:21 - 2014-08-08 17:21 - 00000000 _____ () C:\WINDOWS\control.ini
2014-08-08 17:21 - 2014-08-08 17:21 - 00000000 _____ () C:\CONFIG.SYS
2014-08-08 17:21 - 2014-08-08 17:21 - 00000000 _____ () C:\AUTOEXEC.BAT
2014-08-08 17:21 - 2008-04-14 07:00 - 00076800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\logui.ocx
2014-08-08 17:20 - 2014-08-12 21:44 - 00023392 _____ () C:\WINDOWS\system32\nscompat.tlb
2014-08-08 17:20 - 2014-08-12 21:44 - 00016832 _____ () C:\WINDOWS\system32\amcompat.tlb
2014-08-08 17:20 - 2014-08-08 17:20 - 00316640 _____ () C:\WINDOWS\WMSysPr9.prx
2014-08-08 17:20 - 2008-04-14 07:00 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapi32.dll
2014-08-08 17:19 - 2014-08-08 17:19 - 00000000 __SHD () C:\Documents and Settings\All Users\DRM
2014-08-08 17:18 - 2014-08-08 17:21 - 00000000 ___RD () C:\Documents and Settings\Default User\Start Menu\Programs\Accessories
2014-08-08 17:18 - 2014-08-08 17:18 - 00000786 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
2014-08-08 17:17 - 2014-08-11 08:39 - 00000000 ____D () C:\Program Files\Movie Maker
2014-08-08 17:17 - 2014-08-09 00:16 - 00000000 ____D () C:\WINDOWS\srchasst
2014-08-08 17:17 - 2014-08-08 17:17 - 00000000 ____D () C:\Program Files\Common Files\MSSoap
2014-08-08 17:17 - 2012-06-02 15:19 - 01933848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wuaueng.dll
2014-08-08 17:17 - 2012-06-02 15:19 - 01933848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-08-08 17:17 - 2012-06-02 15:19 - 00577048 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wuapi.dll
2014-08-08 17:17 - 2012-06-02 15:19 - 00577048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-08-08 17:17 - 2012-06-02 15:19 - 00329240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wucltui.dll
2014-08-08 17:17 - 2012-06-02 15:19 - 00329240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltui.dll
2014-08-08 17:17 - 2012-06-02 15:19 - 00219160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wuaucpl.cpl
2014-08-08 17:17 - 2012-06-02 15:19 - 00219160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaucpl.cpl
2014-08-08 17:17 - 2012-06-02 15:19 - 00210968 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wuweb.dll
2014-08-08 17:17 - 2012-06-02 15:19 - 00210968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuweb.dll
2014-08-08 17:17 - 2012-06-02 15:19 - 00053784 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wuauclt.exe
2014-08-08 17:17 - 2012-06-02 15:19 - 00053784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-08-08 17:17 - 2012-06-02 15:19 - 00035864 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wups.dll
2014-08-08 17:17 - 2012-06-02 15:19 - 00035864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-08-08 17:17 - 2008-04-14 07:00 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2014-08-08 17:17 - 2008-04-14 07:00 - 00183296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng1.dll
2014-08-08 17:17 - 2008-04-14 07:00 - 00165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt1.exe
2014-08-08 17:17 - 2008-04-14 07:00 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\msg723.acm
2014-08-08 17:17 - 2008-04-14 07:00 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\acctres.dll
2014-08-08 17:17 - 2008-04-14 07:00 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgrprxy.dll
2014-08-08 17:17 - 2008-04-14 07:00 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\icfgnt5.dll
2014-08-08 17:17 - 2008-04-14 07:00 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\nmevtmsg.dll
2014-08-08 17:17 - 2008-04-14 07:00 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\atrace.dll
2014-08-08 17:17 - 2008-04-14 07:00 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\bitsprx2.dll
2014-08-08 17:17 - 2008-04-14 07:00 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\bitsprx4.dll
2014-08-08 17:17 - 2008-04-14 07:00 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\bitsprx3.dll
2014-08-08 17:17 - 2008-04-14 07:00 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauserv.dll
2014-08-08 17:16 - 2014-08-18 12:45 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-08-08 17:16 - 2014-08-11 08:41 - 00000000 ____D () C:\Program Files\Outlook Express
2014-08-08 17:16 - 2014-08-09 00:17 - 00000000 ____D () C:\Program Files\NetMeeting
2014-08-08 17:16 - 2011-10-10 09:22 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-08-08 17:16 - 2010-11-18 13:12 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\isign32.dll
2014-08-08 17:16 - 2008-04-14 07:00 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstask.dll
2014-08-08 17:16 - 2008-04-14 07:00 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcfg.dll
2014-08-08 17:16 - 2008-04-14 07:00 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\msoeacct.dll
2014-08-08 17:16 - 2008-04-14 07:00 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\srrstr.dll
2014-08-08 17:16 - 2008-04-14 07:00 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2014-08-08 17:16 - 2008-04-14 07:00 - 00188416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msh261.drv
2014-08-08 17:16 - 2008-04-14 07:00 - 00171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\srsvc.dll
2014-08-08 17:16 - 2008-04-14 07:00 - 00129792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2014-08-08 17:16 - 2008-04-14 07:00 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\msoert2.dll
2014-08-08 17:16 - 2008-04-14 07:00 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ils.dll
2014-08-08 17:16 - 2008-04-14 07:00 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\icwdial.dll
2014-08-08 17:16 - 2008-04-14 07:00 - 00073472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sr.sys
2014-08-08 17:16 - 2008-04-14 07:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\msconf.dll
2014-08-08 17:16 - 2008-04-14 07:00 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srclient.dll
2014-08-08 17:16 - 2008-04-14 07:00 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\icwphbk.dll
2014-08-08 17:16 - 2008-04-14 07:00 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetres.dll
2014-08-08 17:16 - 2008-04-14 07:00 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\safrslv.dll
2014-08-08 17:16 - 2008-04-14 07:00 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\safrcdlg.dll
2014-08-08 17:16 - 2008-04-14 07:00 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\racpldlg.dll
2014-08-08 17:16 - 2008-04-14 07:00 - 00034560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mnmdd.dll
2014-08-08 17:16 - 2008-04-14 07:00 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mnmsrvc.exe
2014-08-08 17:16 - 2008-04-14 07:00 - 00032768 _____ (Intel Corporation) C:\WINDOWS\system32\isrdbg32.dll
2014-08-08 17:16 - 2008-04-14 07:00 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\safrdm.dll
2014-08-08 17:16 - 2008-04-14 07:00 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\nmmkcert.dll
2014-08-08 17:16 - 2008-04-14 07:00 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\fltMc.exe
2014-08-08 17:16 - 2008-04-14 07:00 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\fltlib.dll
2014-08-08 17:16 - 2008-04-14 07:00 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstinit.exe
2014-08-08 17:15 - 2014-08-12 21:47 - 00000000 ____D () C:\WINDOWS\Registration
2014-08-08 17:14 - 2014-08-08 17:14 - 00000000 ____D () C:\Program Files\MSN Gaming Zone
2014-08-08 17:14 - 2008-04-14 07:00 - 00605696 _____ (Microsoft Corporation) C:\WINDOWS\system32\getuname.dll
2014-08-08 17:14 - 2008-04-14 07:00 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\avtapi.dll
2014-08-08 17:14 - 2008-04-14 07:00 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\sndvol32.exe
2014-08-08 17:14 - 2008-04-14 07:00 - 00126976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshearts.exe
2014-08-08 17:14 - 2008-04-14 07:00 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmine.exe
2014-08-08 17:14 - 2008-04-14 07:00 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\calc.exe
2014-08-08 17:14 - 2008-04-14 07:00 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\charmap.exe
2014-08-08 17:14 - 2008-04-14 07:00 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\avwav.dll
2014-08-08 17:14 - 2008-04-14 07:00 - 00065978 _____ () C:\WINDOWS\Soap Bubbles.bmp
2014-08-08 17:14 - 2008-04-14 07:00 - 00065954 _____ () C:\WINDOWS\Prairie Wind.bmp
2014-08-08 17:14 - 2008-04-14 07:00 - 00065832 _____ () C:\WINDOWS\Santa Fe Stucco.bmp
2014-08-08 17:14 - 2008-04-14 07:00 - 00063488 _____ () C:\WINDOWS\system32\wmimgmt.msc
2014-08-08 17:14 - 2008-04-14 07:00 - 00060458 _____ () C:\WINDOWS\system32\ideograf.uce
2014-08-08 17:14 - 2008-04-14 07:00 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\sol.exe
2014-08-08 17:14 - 2008-04-14 07:00 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\freecell.exe
2014-08-08 17:14 - 2008-04-14 07:00 - 00044544 _____ (Hilgraeve, Inc.) C:\WINDOWS\system32\hticons.dll
2014-08-08 17:14 - 2008-04-14 07:00 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\winchat.exe
2014-08-08 17:14 - 2008-04-14 07:00 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\regini.exe
2014-08-08 17:14 - 2008-04-14 07:00 - 00026680 _____ () C:\WINDOWS\River Sumida.bmp
2014-08-08 17:14 - 2008-04-14 07:00 - 00026582 _____ () C:\WINDOWS\Greenstone.bmp
2014-08-08 17:14 - 2008-04-14 07:00 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\qwinsta.exe
2014-08-08 17:14 - 2008-04-14 07:00 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msg.exe
2014-08-08 17:14 - 2008-04-14 07:00 - 00017362 _____ () C:\WINDOWS\Rhododendron.bmp
2014-08-08 17:14 - 2008-04-14 07:00 - 00017336 _____ () C:\WINDOWS\Gone Fishing.bmp
2014-08-08 17:14 - 2008-04-14 07:00 - 00017062 _____ () C:\WINDOWS\Coffee Bean.bmp
2014-08-08 17:14 - 2008-04-14 07:00 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsshutdn.exe
2014-08-08 17:14 - 2008-04-14 07:00 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\qappsrv.exe
2014-08-08 17:14 - 2008-04-14 07:00 - 00016730 _____ () C:\WINDOWS\FeatherTexture.bmp
2014-08-08 17:14 - 2008-04-14 07:00 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\tskill.exe
2014-08-08 17:14 - 2008-04-14 07:00 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\avmeter.dll
2014-08-08 17:14 - 2008-04-14 07:00 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\rwinsta.exe
2014-08-08 17:14 - 2008-04-14 07:00 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdmodem.dll
2014-08-08 17:14 - 2008-04-14 07:00 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\logoff.exe
2014-08-08 17:14 - 2008-04-14 07:00 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsdiscon.exe
2014-08-08 17:14 - 2008-04-14 07:00 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\tscon.exe
2014-08-08 17:14 - 2008-04-14 07:00 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\shadow.exe
2014-08-08 17:14 - 2008-04-14 07:00 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\reset.exe
2014-08-08 17:14 - 2008-04-14 07:00 - 00009522 _____ () C:\WINDOWS\Zapotec.bmp
2014-08-08 17:14 - 2008-04-14 07:00 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\write.exe
2014-08-08 17:14 - 2008-04-14 07:00 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcfgex.dll
2014-08-08 17:14 - 2008-04-14 07:00 - 00001272 _____ () C:\WINDOWS\Blue Lace 16.bmp
2014-08-08 17:13 - 2014-08-09 00:17 - 00000000 ____D () C:\WINDOWS\system32\Com
2014-08-08 17:13 - 2013-02-27 02:56 - 02067456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-08-08 17:13 - 2012-07-04 09:05 - 00139784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpwd.sys
2014-08-08 17:13 - 2011-01-27 06:57 - 00677888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2014-08-08 17:13 - 2009-12-16 13:43 - 00343040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2014-08-08 17:13 - 2008-06-12 09:23 - 00956928 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2014-08-08 17:13 - 2008-06-12 09:23 - 00428032 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcprx.dll
2014-08-08 17:13 - 2008-06-12 09:23 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcuiu.dll
2014-08-08 17:13 - 2008-06-12 09:23 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2014-08-08 17:13 - 2008-06-12 09:23 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtclog.dll
2014-08-08 17:13 - 2008-04-14 07:00 - 01267200 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2014-08-08 17:13 - 2008-04-14 07:00 - 00625664 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2014-08-08 17:13 - 2008-04-14 07:00 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\comuid.dll
2014-08-08 17:13 - 2008-04-14 07:00 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\spider.exe
2014-08-08 17:13 - 2008-04-14 07:00 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\clbcatq.dll
2014-08-08 17:13 - 2008-04-14 07:00 - 00347136 _____ (Hilgraeve, Inc.) C:\WINDOWS\system32\hypertrm.dll
2014-08-08 17:13 - 2008-04-14 07:00 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-08-08 17:13 - 2008-04-14 07:00 - 00290304 _____ (Microsoft Corporation) C:\WINDOWS\system32\rhttpaa.dll
2014-08-08 17:13 - 2008-04-14 07:00 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrv.dll
2014-08-08 17:13 - 2008-04-14 07:00 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmprops.dll
2014-08-08 17:13 - 2008-04-14 07:00 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\accwiz.exe
2014-08-08 17:13 - 2008-04-14 07:00 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsnap.dll
2014-08-08 17:13 - 2008-04-14 07:00 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdchost.dll
2014-08-08 17:13 - 2008-04-14 07:00 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\sessmgr.exe
2014-08-08 17:13 - 2008-04-14 07:00 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\aaclient.dll
2014-08-08 17:13 - 2008-04-14 07:00 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sndrec32.exe
2014-08-08 17:13 - 2008-04-14 07:00 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mplay32.exe
2014-08-08 17:13 - 2008-04-14 07:00 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\clbcatex.dll
2014-08-08 17:13 - 2008-04-14 07:00 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\clipbrd.exe
2014-08-08 17:13 - 2008-04-14 07:00 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\comrepl.dll
2014-08-08 17:13 - 2008-04-14 07:00 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\tscfgwmi.dll
2014-08-08 17:13 - 2008-04-14 07:00 - 00087176 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpwsx.dll
2014-08-08 17:13 - 2008-04-14 07:00 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvps.dll
2014-08-08 17:13 - 2008-04-14 07:00 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\system32\access.cpl
2014-08-08 17:13 - 2008-04-14 07:00 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdshost.exe
2014-08-08 17:13 - 2008-04-14 07:00 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2014-08-08 17:13 - 2008-04-14 07:00 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remotepg.dll
2014-08-08 17:13 - 2008-04-14 07:00 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\colbact.dll
2014-08-08 17:13 - 2008-04-14 07:00 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\stclient.dll
2014-08-08 17:13 - 2008-04-14 07:00 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\licwmi.dll
2014-08-08 17:13 - 2008-04-14 07:00 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\servdeps.dll
2014-08-08 17:13 - 2008-04-14 07:00 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2014-08-08 17:13 - 2008-04-14 07:00 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll
2014-08-08 17:13 - 2008-04-14 07:00 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxlegih.dll
2014-08-08 17:13 - 2008-04-14 07:00 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxdm.dll
2014-08-08 17:13 - 2008-04-14 07:00 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\comaddin.dll
2014-08-08 17:13 - 2008-04-14 07:00 - 00021896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdtcp.sys
2014-08-08 17:13 - 2008-04-14 07:00 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpsnd.dll
2014-08-08 17:13 - 2008-04-14 07:00 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\qprocess.exe
2014-08-08 17:13 - 2008-04-14 07:00 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmfutil.dll
2014-08-08 17:13 - 2008-04-14 07:00 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdsaddin.exe
2014-08-08 17:13 - 2008-04-14 07:00 - 00012040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdpipe.sys
2014-08-08 17:13 - 2008-04-14 07:00 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\xolehlp.dll
2014-08-08 17:13 - 2008-04-14 07:00 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\icaapi.dll
2014-08-08 17:13 - 2008-04-14 07:00 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtc.exe
2014-08-08 17:13 - 2008-04-14 07:00 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomcnfg.exe
2014-08-08 17:13 - 2008-04-14 07:00 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxex.dll
2014-08-08 17:13 - 2008-04-14 05:43 - 00040840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\termdd.sys
2014-08-08 17:13 - 2008-04-14 00:02 - 00196224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys
2014-08-08 17:11 - 2014-08-11 12:06 - 00000000 ___RD () C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
2014-08-08 12:09 - 2008-04-13 19:15 - 00056576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\swmidi.sys
2014-08-08 12:09 - 2008-04-13 19:15 - 00052864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\DMusic.sys
2014-08-08 12:09 - 2008-04-13 19:15 - 00002944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\drmkaud.sys
2014-08-08 12:09 - 2008-04-13 19:09 - 00007552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\MSKSSRV.sys
2014-08-08 12:09 - 2008-04-13 19:09 - 00005376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\MSPCLOCK.sys
2014-08-08 12:09 - 2008-04-13 19:09 - 00004992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\MSPQM.sys
2014-08-08 12:09 - 2008-04-13 17:09 - 00142592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\aec.sys
2014-08-08 12:08 - 2008-04-14 00:42 - 00151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\irftp.exe
2014-08-08 12:08 - 2008-04-14 00:42 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshirda.dll
2014-08-08 12:08 - 2008-04-14 00:41 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\irmon.dll
2014-08-08 12:08 - 2008-04-13 19:47 - 00083072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wdmaud.sys
2014-08-08 12:08 - 2008-04-13 19:45 - 00060800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sysaudio.sys
2014-08-08 12:08 - 2008-04-13 19:24 - 00088192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\irda.sys
2014-08-08 12:08 - 2008-04-13 19:24 - 00028672 _____ (National Semiconductor Corporation) C:\WINDOWS\system32\Drivers\nscirda.sys
2014-08-08 12:08 - 2008-04-13 19:15 - 00172416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kmixer.sys
2014-08-08 12:08 - 2008-04-13 19:15 - 00006272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\splitter.sys
2014-08-08 12:08 - 2001-08-17 08:59 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\audstub.sys
2014-08-08 12:08 - 2001-08-17 08:51 - 00019584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasirda.sys
2014-08-08 12:07 - 2008-04-13 19:10 - 00057600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\redbook.sys
2014-08-08 12:07 - 2007-11-16 09:43 - 00118272 _____ (Cisco Systems) C:\WINDOWS\system32\Drivers\pcx500.sys
2014-08-08 12:06 - 2008-04-14 05:42 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2014-08-08 12:06 - 2008-04-14 05:41 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksuser.dll
2014-08-08 12:06 - 2008-04-14 00:49 - 00146048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2014-08-08 12:06 - 2008-04-14 00:42 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbui.dll
2014-08-08 12:06 - 2008-04-14 00:41 - 00086016 _____ (Conexant) C:\WINDOWS\system32\mdmxsdk.dll
2014-08-08 12:06 - 2008-04-14 00:41 - 00032285 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\HSFCISP2.dll
2014-08-08 12:06 - 2008-04-14 00:15 - 00060160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\drmk.sys
2014-08-08 12:06 - 2008-04-14 00:06 - 00042368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\AGP440.SYS
2014-08-08 12:06 - 2008-04-13 18:53 - 01041536 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\Drivers\HSFDPSP2.sys
2014-08-08 12:06 - 2008-04-13 18:53 - 00685056 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\Drivers\HSFCXTS2.sys
2014-08-08 12:06 - 2008-04-13 18:53 - 00220032 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\Drivers\HSFBS2S2.sys
2014-08-08 12:06 - 2008-04-13 18:53 - 00011868 _____ (Conexant) C:\WINDOWS\system32\Drivers\mdmxsdk.sys
2014-08-08 12:06 - 2001-08-17 08:46 - 00006400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\enum1394.sys
2014-08-08 12:06 - 2001-08-17 07:20 - 00096256 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\ac97intc.sys
2014-08-08 12:06 - 2001-08-17 07:12 - 00117760 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\e100b325.sys
2014-08-08 12:05 - 2008-04-13 19:06 - 00014208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\battc.sys
2014-08-08 12:05 - 2008-04-13 19:06 - 00013952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\CmBatt.sys
2014-08-08 12:05 - 2008-04-13 19:06 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\compbatt.sys
2014-08-08 12:03 - 2014-08-08 17:28 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-08-08 12:03 - 2014-08-08 17:20 - 00004161 _____ () C:\WINDOWS\ODBCINST.INI
2014-08-08 12:03 - 2014-08-08 12:03 - 00000000 ____D () C:\Program Files\Common Files\SpeechEngines
2014-08-08 12:03 - 2014-08-08 12:03 - 00000000 ____D () C:\Program Files\Common Files\ODBC
2014-08-08 12:03 - 2014-08-08 12:03 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\Temp
2014-08-08 12:03 - 2008-04-14 07:00 - 02144487 ____C () C:\WINDOWS\system32\dllcache\NT5.CAT
2014-08-08 12:03 - 2008-04-14 07:00 - 01296669 ____C () C:\WINDOWS\system32\dllcache\SP3.CAT
2014-08-08 12:03 - 2008-04-14 07:00 - 00176157 _____ (Digi International, Inc.) C:\WINDOWS\system32\dgrpsetu.dll
2014-08-08 12:03 - 2008-04-14 07:00 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system\WINSPOOL.DRV
2014-08-08 12:03 - 2008-04-14 07:00 - 00126912 _____ (Microsoft Corporation) C:\WINDOWS\system\MSVIDEO.DLL
2014-08-08 12:03 - 2008-04-14 07:00 - 00109456 _____ (Microsoft Corporation) C:\WINDOWS\system\AVIFILE.DLL
2014-08-08 12:03 - 2008-04-14 07:00 - 00103424 _____ (Equinox Systems Inc.) C:\WINDOWS\system32\EqnClass.Dll
2014-08-08 12:03 - 2008-04-14 07:00 - 00085020 _____ (Digi International) C:\WINDOWS\system32\dgsetup.dll
2014-08-08 12:03 - 2008-04-14 07:00 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system\OLECLI.DLL
2014-08-08 12:03 - 2008-04-14 07:00 - 00073376 _____ (Microsoft Corporation) C:\WINDOWS\system\MCIAVI.DRV
2014-08-08 12:03 - 2008-04-14 07:00 - 00069584 _____ (Microsoft Corporation) C:\WINDOWS\system\AVICAP.DLL
2014-08-08 12:03 - 2008-04-14 07:00 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\NOTEPAD.EXE
2014-08-08 12:03 - 2008-04-14 07:00 - 00068768 _____ (Microsoft Corporation) C:\WINDOWS\system\MMSYSTEM.DLL
2014-08-08 12:03 - 2008-04-14 07:00 - 00066594 _____ () C:\WINDOWS\system32\c_869.nls
2014-08-08 12:03 - 2008-04-14 07:00 - 00066594 _____ () C:\WINDOWS\system32\c_866.nls
2014-08-08 12:03 - 2008-04-14 07:00 - 00066594 _____ () C:\WINDOWS\system32\c_857.nls
2014-08-08 12:03 - 2008-04-14 07:00 - 00066594 _____ () C:\WINDOWS\system32\c_855.nls
2014-08-08 12:03 - 2008-04-14 07:00 - 00066594 _____ () C:\WINDOWS\system32\c_852.nls
2014-08-08 12:03 - 2008-04-14 07:00 - 00066594 _____ () C:\WINDOWS\system32\c_737.nls
2014-08-08 12:03 - 2008-04-14 07:00 - 00066082 _____ () C:\WINDOWS\system32\c_875.nls
2014-08-08 12:03 - 2008-04-14 07:00 - 00066082 _____ () C:\WINDOWS\system32\c_28603.nls
2014-08-08 12:03 - 2008-04-14 07:00 - 00066082 _____ () C:\WINDOWS\system32\c_28599.nls
2014-08-08 12:03 - 2008-04-14 07:00 - 00066082 _____ () C:\WINDOWS\system32\C_28597.NLS
2014-08-08 12:03 - 2008-04-14 07:00 - 00066082 _____ () C:\WINDOWS\system32\C_28595.NLS
2014-08-08 12:03 - 2008-04-14 07:00 - 00066082 _____ () C:\WINDOWS\system32\C_28594.NLS
2014-08-08 12:03 - 2008-04-14 07:00 - 00066082 _____ () C:\WINDOWS\system32\c_20127.nls
2014-08-08 12:03 - 2008-04-14 07:00 - 00066082 _____ () C:\WINDOWS\system32\c_10082.nls
2014-08-08 12:03 - 2008-04-14 07:00 - 00066082 _____ () C:\WINDOWS\system32\c_10081.nls
2014-08-08 12:03 - 2008-04-14 07:00 - 00066082 _____ () C:\WINDOWS\system32\c_10029.nls
2014-08-08 12:03 - 2008-04-14 07:00 - 00066082 _____ () C:\WINDOWS\system32\c_10017.nls
2014-08-08 12:03 - 2008-04-14 07:00 - 00066082 _____ () C:\WINDOWS\system32\c_10010.nls
2014-08-08 12:03 - 2008-04-14 07:00 - 00066082 _____ () C:\WINDOWS\system32\c_10007.nls
2014-08-08 12:03 - 2008-04-14 07:00 - 00066082 _____ () C:\WINDOWS\system32\c_10006.nls
2014-08-08 12:03 - 2008-04-14 07:00 - 00037484 ____C () C:\WINDOWS\system32\dllcache\MW770.CAT
2014-08-08 12:03 - 2008-04-14 07:00 - 00034747 ____C () C:\WINDOWS\system32\dllcache\mediactr.cat
2014-08-08 12:03 - 2008-04-14 07:00 - 00034063 ____C () C:\WINDOWS\system32\dllcache\FP4.CAT
2014-08-08 12:03 - 2008-04-14 07:00 - 00032816 _____ (Microsoft Corporation) C:\WINDOWS\system\COMMDLG.DLL
2014-08-08 12:03 - 2008-04-14 07:00 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system\MCIWAVE.DRV
2014-08-08 12:03 - 2008-04-14 07:00 - 00026991 ____C () C:\WINDOWS\system32\dllcache\msn7.cat
2014-08-08 12:03 - 2008-04-14 07:00 - 00025264 _____ (Microsoft Corporation) C:\WINDOWS\system\MCISEQ.DRV
2014-08-08 12:03 - 2008-04-14 07:00 - 00024661 _____ (Perle Systems Ltd.) C:\WINDOWS\system32\spxcoins.dll
2014-08-08 12:03 - 2008-04-14 07:00 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system\OLESVR.DLL
2014-08-08 12:03 - 2008-04-14 07:00 - 00019200 _____ (Microsoft Corporation) C:\WINDOWS\system\TAPI.DLL
2014-08-08 12:03 - 2008-04-14 07:00 - 00016535 ____C () C:\WINDOWS\system32\dllcache\IMS.CAT
2014-08-08 12:03 - 2008-04-14 07:00 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\TASKMAN.EXE
2014-08-08 12:03 - 2008-04-14 07:00 - 00014433 ____C () C:\WINDOWS\system32\dllcache\msn9.cat
2014-08-08 12:03 - 2008-04-14 07:00 - 00013600 _____ (Microsoft Corporation) C:\WINDOWS\system\WFWNET.DRV
2014-08-08 12:03 - 2008-04-14 07:00 - 00013472 ____C () C:\WINDOWS\system32\dllcache\HPCRDP.CAT
2014-08-08 12:03 - 2008-04-14 07:00 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\irclass.dll
2014-08-08 12:03 - 2008-04-14 07:00 - 00012363 ____C () C:\WINDOWS\system32\dllcache\MSMSGS.CAT
2014-08-08 12:03 - 2008-04-14 07:00 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\irenum.sys
2014-08-08 12:03 - 2008-04-14 07:00 - 00010027 ____C () C:\WINDOWS\system32\dllcache\MSTSWEB.CAT
2014-08-08 12:03 - 2008-04-14 07:00 - 00009936 _____ (Microsoft Corporation) C:\WINDOWS\system\LZEXPAND.DLL
2014-08-08 12:03 - 2008-04-14 07:00 - 00009008 _____ (Microsoft Corporation) C:\WINDOWS\system\VER.DLL
2014-08-08 12:03 - 2008-04-14 07:00 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\batt.dll
2014-08-08 12:03 - 2008-04-14 07:00 - 00008574 ____C () C:\WINDOWS\system32\dllcache\IASNT4.CAT
2014-08-08 12:03 - 2008-04-14 07:00 - 00008192 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdhept.dll
2014-08-08 12:03 - 2008-04-14 07:00 - 00007382 ____C () C:\WINDOWS\system32\dllcache\OEMBIOS.CAT
2014-08-08 12:03 - 2008-04-14 07:00 - 00007334 ____C () C:\WINDOWS\system32\dllcache\wmerrenu.cat
2014-08-08 12:03 - 2008-04-14 07:00 - 00007168 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdcz.dll
2014-08-08 12:03 - 2008-04-14 07:00 - 00006656 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdycl.dll
2014-08-08 12:03 - 2008-04-14 07:00 - 00006656 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdsl1.dll
2014-08-08 12:03 - 2008-04-14 07:00 - 00006656 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdsl.dll
2014-08-08 12:03 - 2008-04-14 07:00 - 00006656 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdpl.dll
2014-08-08 12:03 - 2008-04-14 07:00 - 00006656 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdhu.dll
2014-08-08 12:03 - 2008-04-14 07:00 - 00006656 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdhela3.dll
2014-08-08 12:03 - 2008-04-14 07:00 - 00006656 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdcz2.dll
2014-08-08 12:03 - 2008-04-14 07:00 - 00006656 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdcz1.dll
2014-08-08 12:03 - 2008-04-14 07:00 - 00006656 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdcr.dll
2014-08-08 12:03 - 2008-04-14 07:00 - 00006656 ____R (Microsoft Corporation) C:\WINDOWS\system32\KBDAL.DLL
2014-08-08 12:03 - 2008-04-14 07:00 - 00006144 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdtuq.dll
2014-08-08 12:03 - 2008-04-14 07:00 - 00006144 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdtuf.dll
2014-08-08 12:03 - 2008-04-14 07:00 - 00006144 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdlv1.dll
2014-08-08 12:03 - 2008-04-14 07:00 - 00006144 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdlv.dll
2014-08-08 12:03 - 2008-04-14 07:00 - 00006144 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdhela2.dll
2014-08-08 12:03 - 2008-04-14 07:00 - 00006144 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdgkl.dll
2014-08-08 12:03 - 2008-04-14 07:00 - 00006144 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdest.dll
2014-08-08 12:03 - 2008-04-14 07:00 - 00005632 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdycc.dll
2014-08-08 12:03 - 2008-04-14 07:00 - 00005632 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbduzb.dll
2014-08-08 12:03 - 2008-04-14 07:00 - 00005632 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdur.dll
2014-08-08 12:03 - 2008-04-14 07:00 - 00005632 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdtat.dll
2014-08-08 12:03 - 2008-04-14 07:00 - 00005632 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdru1.dll
2014-08-08 12:03 - 2008-04-14 07:00 - 00005632 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdru.dll
2014-08-08 12:03 - 2008-04-14 07:00 - 00005632 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdro.dll
2014-08-08 12:03 - 2008-04-14 07:00 - 00005632 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdpl1.dll
2014-08-08 12:03 - 2008-04-14 07:00 - 00005632 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdmon.dll
2014-08-08 12:03 - 2008-04-14 07:00 - 00005632 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdlt1.dll
2014-08-08 12:03 - 2008-04-14 07:00 - 00005632 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdlt.dll
2014-08-08 12:03 - 2008-04-14 07:00 - 00005632 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdkyr.dll
2014-08-08 12:03 - 2008-04-14 07:00 - 00005632 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdkaz.dll
2014-08-08 12:03 - 2008-04-14 07:00 - 00005632 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdhu1.dll
2014-08-08 12:03 - 2008-04-14 07:00 - 00005632 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdhe319.dll
2014-08-08 12:03 - 2008-04-14 07:00 - 00005632 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdhe220.dll
2014-08-08 12:03 - 2008-04-14 07:00 - 00005632 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdhe.dll
2014-08-08 12:03 - 2008-04-14 07:00 - 00005632 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdbu.dll
2014-08-08 12:03 - 2008-04-14 07:00 - 00005632 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdblr.dll
2014-08-08 12:03 - 2008-04-14 07:00 - 00005632 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdazel.dll
2014-08-08 12:03 - 2008-04-14 07:00 - 00005632 ____R (Microsoft Corporation) C:\WINDOWS\system32\kbdaze.dll
2014-08-08 12:03 - 2008-04-14 07:00 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\system\SHELL.DLL
2014-08-08 12:03 - 2008-04-14 07:00 - 00004048 _____ (Microsoft Corporation) C:\WINDOWS\system\TIMER.DRV
2014-08-08 12:03 - 2008-04-14 07:00 - 00003360 _____ (Microsoft Corporation) C:\WINDOWS\system\SYSTEM.DRV
2014-08-08 12:03 - 2008-04-14 07:00 - 00002577 _____ () C:\WINDOWS\system32\CONFIG.TMP
2014-08-08 12:03 - 2008-04-14 07:00 - 00002176 _____ (Microsoft Corporation) C:\WINDOWS\system\VGA.DRV
2014-08-08 12:03 - 2008-04-14 07:00 - 00002032 _____ (Microsoft Corporation) C:\WINDOWS\system\MOUSE.DRV
2014-08-08 12:03 - 2008-04-14 07:00 - 00002000 _____ (Microsoft Corporation) C:\WINDOWS\system\KEYBOARD.DRV
2014-08-08 12:03 - 2008-04-14 07:00 - 00001744 _____ (Microsoft Corporation) C:\WINDOWS\system\SOUND.DRV
2014-08-08 12:03 - 2008-04-14 07:00 - 00001152 _____ (Microsoft Corporation) C:\WINDOWS\system\MMTASK.TSK
2014-08-08 12:03 - 2008-04-14 00:42 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\storprop.dll
2014-08-08 12:01 - 2014-08-08 18:06 - 00000327 __RSH () C:\boot.ini
2014-08-08 12:01 - 2014-08-08 12:01 - 01089536 _____ () C:\WINDOWS\system32\config\software.sav
2014-08-08 12:01 - 2014-08-08 12:01 - 00909312 _____ () C:\WINDOWS\system32\config\system.sav
2014-08-08 12:01 - 2014-08-08 12:01 - 00094208 _____ () C:\WINDOWS\system32\config\default.sav
2014-08-08 12:01 - 2014-08-08 12:01 - 00001024 _____ () C:\WINDOWS\system32\config\TempKey.LOG
2014-08-08 12:00 - 2014-08-08 12:01 - 00262144 _____ () C:\WINDOWS\system32\config\userdiff
2014-08-08 12:00 - 2014-08-08 12:01 - 00001024 _____ () C:\WINDOWS\system32\config\userdiff.LOG
2014-08-08 11:52 - 2014-08-15 03:51 - 00000000 ____D () C:\WINDOWS\Help
2014-08-08 11:52 - 2014-08-15 03:23 - 00000000 ____D () C:\WINDOWS\Media
2014-08-08 11:52 - 2014-08-10 20:14 - 00000000 ____D () C:\WINDOWS\system
2014-08-08 11:52 - 2014-08-08 17:21 - 00000000 ____D () C:\WINDOWS\security
2014-08-08 11:52 - 2014-08-08 17:21 - 00000000 ____D () C:\WINDOWS\ime
2014-08-08 11:52 - 2014-08-08 17:18 - 00000000 ___RD () C:\WINDOWS\Web
2014-08-08 11:52 - 2014-08-08 17:16 - 00000000 ____D () C:\WINDOWS\pchealth
2014-08-08 11:52 - 2014-08-08 17:14 - 00000000 ____D () C:\WINDOWS\Cursors
2014-08-08 11:52 - 2014-08-08 17:11 - 00000000 ____D () C:\WINDOWS\system32\spool
2014-08-08 11:52 - 2014-08-08 12:00 - 00000000 ____D () C:\WINDOWS\system32\usmt
2014-08-08 11:52 - 2014-08-08 12:00 - 00000000 ____D () C:\WINDOWS\system32\scripting
2014-08-08 11:52 - 2014-08-08 12:00 - 00000000 ____D () C:\WINDOWS\mui
2014-08-08 11:52 - 2014-08-08 12:00 - 00000000 ____D () C:\WINDOWS\L2Schemas
2014-08-08 11:52 - 2014-08-08 11:59 - 00000000 ____D () C:\WINDOWS\system32\npp
2014-08-08 11:52 - 2014-08-08 11:59 - 00000000 ____D () C:\WINDOWS\PeerNet
2014-08-08 11:52 - 2014-08-08 11:59 - 00000000 ____D () C:\WINDOWS\msagent
2014-08-08 11:52 - 2014-08-08 11:55 - 00000000 ____D () C:\WINDOWS\twain_32
2014-08-08 11:52 - 2014-08-08 11:54 - 00000000 ____D () C:\WINDOWS\system32\ras
2014-08-08 11:52 - 2014-08-08 11:54 - 00000000 ____D () C:\WINDOWS\system32\icsxml
2014-08-08 11:52 - 2014-08-08 11:53 - 00000000 ____D () C:\WINDOWS\system32\ias
2014-08-08 11:52 - 2014-08-08 11:53 - 00000000 ____D () C:\WINDOWS\system32\1033
2014-08-08 11:52 - 2014-08-08 11:52 - 00000000 ____D () C:\WINDOWS\system32\wins
2014-08-08 11:52 - 2014-08-08 11:52 - 00000000 ____D () C:\WINDOWS\system32\ShellExt
2014-08-08 11:52 - 2014-08-08 11:52 - 00000000 ____D () C:\WINDOWS\system32\mui
2014-08-08 11:52 - 2014-08-08 11:52 - 00000000 ____D () C:\WINDOWS\system32\inetsrv
2014-08-08 11:52 - 2014-08-08 11:52 - 00000000 ____D () C:\WINDOWS\system32\IME
2014-08-08 11:52 - 2014-08-08 11:52 - 00000000 ____D () C:\WINDOWS\system32\export
2014-08-08 11:52 - 2014-08-08 11:52 - 00000000 ____D () C:\WINDOWS\system32\Drivers\disdn
2014-08-08 11:52 - 2014-08-08 11:52 - 00000000 ____D () C:\WINDOWS\system32\dhcp
2014-08-08 11:52 - 2014-08-08 11:52 - 00000000 ____D () C:\WINDOWS\system32\3com_dmi
2014-08-08 11:52 - 2014-08-08 11:52 - 00000000 ____D () C:\WINDOWS\system32\3076
2014-08-08 11:52 - 2014-08-08 11:52 - 00000000 ____D () C:\WINDOWS\system32\2052
2014-08-08 11:52 - 2014-08-08 11:52 - 00000000 ____D () C:\WINDOWS\system32\1054
2014-08-08 11:52 - 2014-08-08 11:52 - 00000000 ____D () C:\WINDOWS\system32\1042
2014-08-08 11:52 - 2014-08-08 11:52 - 00000000 ____D () C:\WINDOWS\system32\1041
2014-08-08 11:52 - 2014-08-08 11:52 - 00000000 ____D () C:\WINDOWS\system32\1037
2014-08-08 11:52 - 2014-08-08 11:52 - 00000000 ____D () C:\WINDOWS\system32\1031
2014-08-08 11:52 - 2014-08-08 11:52 - 00000000 ____D () C:\WINDOWS\system32\1028
2014-08-08 11:52 - 2014-08-08 11:52 - 00000000 ____D () C:\WINDOWS\system32\1025
2014-08-08 11:52 - 2014-08-08 11:52 - 00000000 ____D () C:\WINDOWS\Resources
2014-08-08 11:52 - 2014-08-08 11:52 - 00000000 ____D () C:\WINDOWS\repair
2014-08-08 11:52 - 2014-08-08 11:52 - 00000000 ____D () C:\WINDOWS\Provisioning
2014-08-08 11:52 - 2014-08-08 11:52 - 00000000 ____D () C:\WINDOWS\java
2014-08-08 11:52 - 2014-08-08 11:52 - 00000000 ____D () C:\WINDOWS\Driver Cache
2014-08-08 11:52 - 2014-08-08 11:52 - 00000000 ____D () C:\WINDOWS\Connection Wizard
2014-08-08 11:52 - 2014-08-08 11:52 - 00000000 ____D () C:\WINDOWS\addins
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-18 13:14 - 2014-08-18 13:13 - 00000000 ____D () C:\FRST
2014-08-18 13:14 - 2014-08-18 13:13 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\New Folder
2014-08-18 13:14 - 2014-08-08 17:27 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2014-08-18 13:09 - 2014-08-11 14:25 - 01675688 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-18 13:06 - 2014-08-12 22:13 - 00000258 _____ () C:\WINDOWS\Tasks\Clean System Memory.job
2014-08-18 13:05 - 2014-08-17 00:33 - 00000438 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{AC78C0C4-4FEA-4699-AC03-C90B0B987359}.job
2014-08-18 12:49 - 2014-08-09 00:19 - 00357566 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-08-18 12:45 - 2014-08-18 12:45 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
2014-08-18 12:45 - 2014-08-17 00:26 - 00000238 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-08-18 12:45 - 2014-08-12 21:53 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-18 12:45 - 2014-08-08 17:26 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-08-18 12:45 - 2014-08-08 17:16 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-08-18 12:45 - 2008-04-14 07:00 - 00012984 _____ () C:\WINDOWS\system32\wpa.dbl
2014-08-18 12:41 - 2014-08-18 12:41 - 00000000 __SHD () C:\found.000
2014-08-18 09:50 - 2014-08-10 16:44 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\vlc
2014-08-18 06:25 - 2014-08-12 21:53 - 00032494 _____ () C:\WINDOWS\SchedLgU.Txt
2014-08-17 21:41 - 2014-08-10 16:08 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\uTorrent
2014-08-17 15:58 - 2014-08-17 15:58 - 00000499 _____ () C:\Documents and Settings\Administrator\My Documents\MBR.zip
2014-08-17 10:51 - 2014-08-17 00:22 - 00006076 _____ () C:\WINDOWS\setupapi.log
2014-08-17 10:01 - 2014-08-08 17:27 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-08-17 03:54 - 2014-08-17 03:54 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Macromedia
2014-08-17 03:54 - 2014-08-17 03:54 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Adobe
2014-08-17 03:53 - 2014-08-17 03:53 - 00699568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-08-17 03:53 - 2014-08-17 03:53 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-08-17 03:53 - 2014-08-17 03:53 - 00000000 ____D () C:\WINDOWS\system32\Macromed
2014-08-17 02:10 - 2014-08-17 02:10 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Sun
2014-08-17 02:06 - 2014-08-17 02:06 - 00030396 _____ () C:\Documents and Settings\Administrator\My Documents\bookmarks_8_17_14.html
2014-08-17 01:39 - 2014-08-17 00:26 - 00000232 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-08-17 01:38 - 2014-08-08 19:59 - 00000378 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-08-17 00:55 - 2014-08-17 00:54 - 00688992 ____R (Swearware) C:\Documents and Settings\Administrator\Desktop\dds.com
2014-08-17 00:33 - 2014-08-17 00:33 - 00000000 __SHD () C:\Documents and Settings\Administrator\IECompatCache
2014-08-17 00:32 - 2014-08-17 00:32 - 00000000 __SHD () C:\Documents and Settings\Administrator\PrivacIE
2014-08-17 00:27 - 2014-08-17 00:27 - 00000187 _____ () C:\WINDOWS\spupdsvc.log.1.log
2014-08-17 00:27 - 2014-08-15 03:24 - 00009075 _____ () C:\WINDOWS\spupdsvc.log
2014-08-17 00:24 - 2014-08-17 00:24 - 00006342 _____ () C:\WINDOWS\KB2964358-IE8.log
2014-08-17 00:24 - 2014-08-17 00:24 - 00005663 _____ () C:\WINDOWS\KB2934207.log
2014-08-17 00:24 - 2014-08-17 00:24 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-08-17 00:24 - 2014-08-15 03:25 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-08-17 00:24 - 2014-08-15 03:00 - 00243295 _____ () C:\WINDOWS\iis6.log
2014-08-17 00:24 - 2014-08-15 03:00 - 00228758 _____ () C:\WINDOWS\FaxSetup.log
2014-08-17 00:24 - 2014-08-15 03:00 - 00109372 _____ () C:\WINDOWS\ocgen.log
2014-08-17 00:24 - 2014-08-15 03:00 - 00104377 _____ () C:\WINDOWS\tsoc.log
2014-08-17 00:24 - 2014-08-15 03:00 - 00075309 _____ () C:\WINDOWS\comsetup.log
2014-08-17 00:24 - 2014-08-15 03:00 - 00068694 _____ () C:\WINDOWS\msmqinst.log
2014-08-17 00:24 - 2014-08-15 03:00 - 00045716 _____ () C:\WINDOWS\ntdtcsetup.log
2014-08-17 00:24 - 2014-08-15 03:00 - 00040071 _____ () C:\WINDOWS\netfxocm.log
2014-08-17 00:24 - 2014-08-15 03:00 - 00026629 _____ () C:\WINDOWS\updspapi.log
2014-08-17 00:24 - 2014-08-15 03:00 - 00015725 _____ () C:\WINDOWS\MedCtrOC.log
2014-08-17 00:24 - 2014-08-15 03:00 - 00012654 _____ () C:\WINDOWS\ocmsn.log
2014-08-17 00:24 - 2014-08-15 03:00 - 00011507 _____ () C:\WINDOWS\tabletoc.log
2014-08-17 00:24 - 2014-08-15 03:00 - 00011211 _____ () C:\WINDOWS\msgsocm.log
2014-08-17 00:24 - 2014-08-15 03:00 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-08-17 00:24 - 2014-08-15 03:00 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2014-08-17 00:23 - 2014-08-17 00:23 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2014-08-17 00:23 - 2014-08-17 00:22 - 00005844 _____ () C:\WINDOWS\WgaNotify.log
2014-08-17 00:00 - 2014-08-16 23:59 - 00004879 _____ () C:\WINDOWS\KB2909210-IE8.log
2014-08-16 23:59 - 2014-08-16 23:58 - 00007580 _____ () C:\WINDOWS\KB2510531-IE8.log
2014-08-16 23:59 - 2014-08-10 16:49 - 00000000 ____D () C:\WINDOWS\$hf_mig$
2014-08-15 12:27 - 2014-08-08 18:00 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-08-15 03:52 - 2014-08-15 03:52 - 00090296 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-08-15 03:52 - 2014-08-15 03:52 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-08-15 03:52 - 2014-08-08 17:27 - 00000803 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
2014-08-15 03:52 - 2014-08-08 17:27 - 00000000 ___RD () C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
2014-08-15 03:51 - 2014-08-08 11:52 - 00000000 ____D () C:\WINDOWS\Help
2014-08-15 03:50 - 2014-08-15 03:24 - 00065536 _____ () C:\WINDOWS\system32\config\Internet.evt
2014-08-15 03:34 - 2014-08-15 03:34 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-08-15 03:34 - 2014-08-15 03:34 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2868626$
2014-08-15 03:34 - 2014-08-15 03:33 - 00033975 _____ () C:\WINDOWS\KB951376-v2.log
2014-08-15 03:34 - 2014-08-15 00:43 - 00038823 _____ () C:\WINDOWS\KB2868626.log
2014-08-15 03:34 - 2014-08-15 00:43 - 00038303 _____ () C:\WINDOWS\KB2922229.log
2014-08-15 03:33 - 2014-08-15 03:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB959426$
2014-08-15 03:33 - 2014-08-15 03:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB951376-v2$
2014-08-15 03:33 - 2014-08-15 03:31 - 00038657 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-08-15 03:33 - 2014-08-15 03:09 - 00180372 _____ () C:\WINDOWS\ie8_main.log
2014-08-15 03:33 - 2014-08-15 00:43 - 00040572 _____ () C:\WINDOWS\KB959426.log
2014-08-15 03:31 - 2014-08-15 03:30 - 00039256 _____ () C:\WINDOWS\KB2909921-IE8.log
2014-08-15 03:30 - 2014-08-15 03:28 - 00042052 _____ () C:\WINDOWS\KB2862772-IE8.log
2014-08-15 03:27 - 2014-08-15 03:27 - 00036211 _____ () C:\WINDOWS\KB2598845-IE8.log
2014-08-15 03:27 - 2014-08-15 03:27 - 00035478 _____ () C:\WINDOWS\KB2467659.log
2014-08-15 03:27 - 2014-08-15 03:27 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2467659$
2014-08-15 03:27 - 2014-08-15 03:25 - 00046493 _____ () C:\WINDOWS\KB982381-IE8.log
2014-08-15 03:24 - 2014-08-15 03:20 - 00000000 __HDC () C:\WINDOWS\ie8
2014-08-15 03:24 - 2014-08-15 03:19 - 00046866 _____ () C:\WINDOWS\ie8.log
2014-08-15 03:23 - 2014-08-08 11:52 - 00000000 ____D () C:\WINDOWS\Media
2014-08-15 03:08 - 2014-08-15 03:07 - 00014743 _____ () C:\WINDOWS\KB2387149.log
2014-08-15 03:07 - 2014-08-15 03:07 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2712808$
2014-08-15 03:07 - 2014-08-15 03:07 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2387149$
2014-08-15 03:07 - 2014-08-15 00:41 - 00020836 _____ () C:\WINDOWS\KB2712808.log
2014-08-15 03:07 - 2014-08-15 00:41 - 00020562 _____ () C:\WINDOWS\KB960859.log
2014-08-15 03:06 - 2014-08-15 03:06 - 00011765 _____ () C:\WINDOWS\KB2659262.log
2014-08-15 03:06 - 2014-08-15 03:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB960859$
2014-08-15 03:06 - 2014-08-15 03:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2659262$
2014-08-15 03:06 - 2014-08-15 03:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2479943$
2014-08-15 03:06 - 2014-08-15 03:05 - 00011376 _____ () C:\WINDOWS\KB2564958.log
2014-08-15 03:06 - 2014-08-15 00:41 - 00020630 _____ () C:\WINDOWS\KB2479943.log
2014-08-15 03:05 - 2014-08-15 03:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-08-15 03:05 - 2014-08-15 03:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2564958$
2014-08-15 03:05 - 2014-08-15 03:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2544893-v2$
2014-08-15 03:05 - 2014-08-15 03:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2478971$
2014-08-15 03:05 - 2014-08-15 00:41 - 00017542 _____ () C:\WINDOWS\KB2916036.log
2014-08-15 03:05 - 2014-08-15 00:40 - 00019271 _____ () C:\WINDOWS\KB2478971.log
2014-08-15 03:05 - 2014-08-15 00:40 - 00018712 _____ () C:\WINDOWS\KB2544893-v2.log
2014-08-15 03:04 - 2014-08-15 03:04 - 00012450 _____ () C:\WINDOWS\KB2536276-v2.log
2014-08-15 03:04 - 2014-08-15 03:04 - 00009885 _____ () C:\WINDOWS\KB2834886.log
2014-08-15 03:04 - 2014-08-15 03:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2834886$
2014-08-15 03:04 - 2014-08-15 03:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2536276-v2$
2014-08-15 03:04 - 2014-08-15 03:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2345886$
2014-08-15 03:04 - 2014-08-15 00:38 - 00023232 _____ () C:\WINDOWS\KB2345886.log
2014-08-15 03:04 - 2014-08-15 00:38 - 00023109 _____ () C:\WINDOWS\KB2585542.log
2014-08-15 03:03 - 2014-08-15 03:03 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB970430$
2014-08-15 03:03 - 2014-08-15 03:03 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2631813$
2014-08-15 03:03 - 2014-08-15 03:03 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2585542$
2014-08-15 03:03 - 2014-08-15 00:34 - 00017169 _____ () C:\WINDOWS\KB2631813.log
2014-08-15 03:02 - 2014-08-15 03:02 - 00008452 _____ () C:\WINDOWS\KB2296011.log
2014-08-15 03:02 - 2014-08-15 03:02 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2691442$
2014-08-15 03:02 - 2014-08-15 03:02 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2296011$
2014-08-15 03:02 - 2014-08-15 00:32 - 00017076 _____ () C:\WINDOWS\KB2691442.log
2014-08-15 03:01 - 2014-08-15 03:01 - 00008832 _____ () C:\WINDOWS\KB975558.log
2014-08-15 03:01 - 2014-08-15 03:01 - 00007282 _____ () C:\WINDOWS\KB2900986.log
2014-08-15 03:01 - 2014-08-15 03:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB975558_WM8$
2014-08-15 03:01 - 2014-08-15 03:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2900986$
2014-08-15 03:01 - 2014-08-15 03:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2115168$
2014-08-15 03:01 - 2014-08-15 03:00 - 00010444 _____ () C:\WINDOWS\KB955759.log
2014-08-15 03:01 - 2014-08-15 00:32 - 00016178 _____ () C:\WINDOWS\KB2115168.log
2014-08-15 03:00 - 2014-08-15 03:00 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB955759$
2014-08-15 03:00 - 2014-08-15 03:00 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2847311$
2014-08-15 03:00 - 2014-08-15 03:00 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-08-15 03:00 - 2014-08-15 03:00 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-08-15 03:00 - 2014-08-15 00:31 - 00013777 _____ () C:\WINDOWS\KB2847311.log
2014-08-14 22:16 - 2014-08-11 08:29 - 00000000 ___SD () C:\Documents and Settings\Administrator\UserData
2014-08-14 22:13 - 2014-08-11 22:17 - 00000000 ____D () C:\Program Files\Tweaking.com
2014-08-14 22:13 - 2014-08-11 22:17 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
2014-08-14 22:11 - 2014-08-14 22:11 - 00000000 ____D () C:\Documents and Settings\Administrator\Start Menu\Programs\Google Chrome
2014-08-14 22:11 - 2014-08-14 22:10 - 00001845 _____ () C:\Documents and Settings\Administrator\Desktop\Chrome App Launcher.lnk
2014-08-14 11:12 - 2014-08-14 11:12 - 01303015 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\census.cache
2014-08-14 11:12 - 2014-08-14 11:12 - 00143334 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\ars.cache
2014-08-14 09:06 - 2014-08-14 09:06 - 00000036 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
2014-08-13 19:28 - 2014-08-13 19:28 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-08-13 19:27 - 2014-08-13 19:15 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HitmanPro
2014-08-13 17:35 - 2014-08-13 17:33 - 29592768 _____ (Microsoft Corporation) C:\Documents and Settings\Administrator\Desktop\Windows-KB890830-V5.15.exe
2014-08-12 22:17 - 2014-08-08 17:21 - 00001507 _____ () C:\Documents and Settings\All Users\Start Menu\Windows Update.lnk
2014-08-12 22:16 - 2011-01-10 19:23 - 00000187 _____ () C:\WINDOWS\system32\CleanMem.ini
2014-08-12 22:13 - 2014-08-12 22:13 - 00000000 ____D () C:\WINDOWS\CleanMem
2014-08-12 22:13 - 2014-08-12 22:13 - 00000000 ____D () C:\Program Files\CleanMem
2014-08-12 22:13 - 2014-08-12 22:13 - 00000000 ____D () C:\Documents and Settings\Administrator\Start Menu\Programs\CleanMem
2014-08-12 21:53 - 2014-08-11 09:05 - 00000260 _____ () C:\WINDOWS\Tasks\WGASetup.job
2014-08-12 21:53 - 2014-08-08 17:57 - 00000900 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-12 21:53 - 2014-08-08 17:57 - 00000896 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-12 21:47 - 2014-08-08 17:15 - 00000000 ____D () C:\WINDOWS\Registration
2014-08-12 21:44 - 2014-08-08 17:20 - 00023392 _____ () C:\WINDOWS\system32\nscompat.tlb
2014-08-12 21:44 - 2014-08-08 17:20 - 00016832 _____ () C:\WINDOWS\system32\amcompat.tlb
2014-08-12 21:43 - 2014-08-12 21:43 - 00000000 ___RD () C:\WINDOWS\Offline Web Pages
2014-08-12 21:43 - 2014-08-12 21:43 - 00000000 ____D () C:\Documents and Settings\LocalService\Start Menu\Programs\Accessories
2014-08-12 21:43 - 2014-08-08 17:27 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-08-12 21:38 - 2014-08-12 21:38 - 00000000 ___HD () C:\Program Files\WindowsUpdate
2014-08-12 21:25 - 2014-08-11 22:18 - 00001812 _____ () C:\Documents and Settings\Administrator\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-08-11 22:36 - 2014-08-11 22:36 - 00000784 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-11 22:36 - 2014-08-11 22:36 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-08-11 22:36 - 2014-08-11 22:36 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-08-11 22:36 - 2014-08-11 22:36 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-08-11 22:36 - 2014-08-11 22:36 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2014-08-11 13:05 - 2014-08-11 13:05 - 00000000 ____D () C:\WINDOWS\CSC
2014-08-11 12:06 - 2014-08-08 17:11 - 00000000 ___RD () C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
2014-08-11 12:05 - 2014-08-11 12:05 - 00000682 _____ () C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2014-08-11 12:05 - 2014-08-11 12:05 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2014-08-11 12:05 - 2014-08-11 12:04 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-11 11:31 - 2014-08-11 11:31 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-08-11 11:25 - 2014-08-11 11:24 - 00000000 ____D () C:\54f81f8de5149836e56cdf1b3c
2014-08-11 09:05 - 2014-08-11 09:05 - 00000000 ____D () C:\WINDOWS\system32\KB905474
2014-08-11 08:57 - 2014-08-11 08:56 - 00006622 _____ () C:\WINDOWS\system32\TZLog.log
2014-08-11 08:41 - 2014-08-08 17:16 - 00000000 ____D () C:\Program Files\Outlook Express
2014-08-11 08:39 - 2014-08-08 17:17 - 00000000 ____D () C:\Program Files\Movie Maker
2014-08-10 20:14 - 2014-08-10 20:14 - 00000044 _____ () C:\WINDOWS\system32\msssc.dll
2014-08-10 20:14 - 2014-08-10 20:14 - 00000000 ____D () C:\WINDOWS\VirtualEar
2014-08-10 20:14 - 2014-08-10 20:14 - 00000000 ____D () C:\Program Files\Analog Devices
2014-08-10 20:14 - 2014-08-10 20:14 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SoundMAX
2014-08-10 20:14 - 2014-08-08 17:30 - 00000000 ____D () C:\WINDOWS\system32\ReinstallBackups
2014-08-10 20:14 - 2014-08-08 17:30 - 00000000 ____D () C:\Program Files\InstallShield Installation Information
2014-08-10 20:14 - 2014-08-08 11:52 - 00000000 ____D () C:\WINDOWS\system
2014-08-10 16:49 - 2014-08-10 16:49 - 00000000 ____D () C:\WINDOWS\system32\PreInstall
2014-08-10 16:43 - 2014-08-10 16:43 - 00000719 _____ () C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
2014-08-10 16:43 - 2014-08-10 16:43 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
2014-08-10 16:41 - 2014-08-10 16:41 - 00000000 ____D () C:\Program Files\VideoLAN
2014-08-10 16:08 - 2014-08-10 16:08 - 00000630 _____ () C:\Documents and Settings\All Users\Start Menu\µTorrent.lnk
2014-08-10 16:08 - 2014-08-10 16:08 - 00000630 _____ () C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
2014-08-10 16:08 - 2014-08-10 16:08 - 00000000 ____D () C:\Program Files\uTorrent
2014-08-09 08:46 - 2014-08-09 08:46 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Emsisoft
2014-08-09 01:20 - 2014-08-09 01:20 - 00017288 _____ () C:\Documents and Settings\Administrator\My Documents\gmer.log
2014-08-09 00:35 - 2014-08-09 00:35 - 00000899 _____ () C:\Documents and Settings\Administrator\My Documents\jcfcbv.log
2014-08-09 00:17 - 2014-08-08 17:16 - 00000000 ____D () C:\Program Files\NetMeeting
2014-08-09 00:17 - 2014-08-08 17:13 - 00000000 ____D () C:\WINDOWS\system32\Com
2014-08-09 00:16 - 2014-08-08 17:17 - 00000000 ____D () C:\WINDOWS\srchasst
2014-08-09 00:15 - 2014-08-09 00:15 - 00000000 ____D () C:\WINDOWS\jumpshot.com
2014-08-09 00:15 - 2014-08-09 00:15 - 00000000 ____D () C:\Program Files\windows nt
2014-08-09 00:15 - 2014-08-09 00:15 - 00000000 ____D () C:\Program Files\Common Files\system
2014-08-08 23:35 - 2014-08-08 23:35 - 00006040 _____ () C:\Documents and Settings\Administrator\My Documents\Run Commands.txt
2014-08-08 20:11 - 2014-08-08 20:07 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Dropbox
2014-08-08 20:10 - 2014-08-08 20:10 - 00000000 ____D () C:\Program Files\Dropbox
2014-08-08 20:10 - 2014-08-08 20:10 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\DropboxMaster
2014-08-08 20:09 - 2014-08-08 20:09 - 00000000 ____D () C:\Documents and Settings\Administrator\Start Menu\Programs\Dropbox
2014-08-08 20:07 - 2014-08-08 20:07 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Temp
2014-08-08 20:00 - 2014-08-08 20:00 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\AVAST Software
2014-08-08 19:59 - 2014-08-08 19:59 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2014-08-08 19:59 - 2014-08-08 19:59 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avast
2014-08-08 19:59 - 2014-08-08 19:57 - 00414520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-08-08 19:57 - 2014-08-08 19:57 - 00779536 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-08-08 19:57 - 2014-08-08 19:57 - 00276432 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-08-08 19:57 - 2014-08-08 19:57 - 00192352 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-08-08 19:57 - 2014-08-08 19:57 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-08-08 19:57 - 2014-08-08 19:57 - 00057800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-08-08 19:57 - 2014-08-08 19:57 - 00055112 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2014-08-08 19:57 - 2014-08-08 19:57 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-08-08 19:57 - 2014-08-08 19:57 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-08-08 19:57 - 2014-08-08 19:57 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-08-08 19:50 - 2014-08-08 19:50 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-08 19:50 - 2014-08-08 19:49 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-08-08 19:40 - 2014-08-08 17:30 - 00000000 ____D () C:\compaq
2014-08-08 19:34 - 2014-08-08 19:34 - 00007113 _____ () C:\Documents and Settings\Administrator\My Documents\Default.reg
2014-08-08 18:06 - 2014-08-08 18:05 - 00000000 _RSHD () C:\cmdcons
2014-08-08 18:06 - 2014-08-08 12:01 - 00000327 __RSH () C:\boot.ini
2014-08-08 18:04 - 2014-08-08 18:04 - 00000000 ____D () C:\WINDOWS\erdnt
2014-08-08 18:00 - 2014-08-08 18:00 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
2014-08-08 18:00 - 2014-08-08 17:57 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2014-08-08 17:59 - 2014-08-08 17:57 - 00000000 ____D () C:\Program Files\Google
2014-08-08 17:55 - 2014-08-08 17:55 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Help
2014-08-08 17:55 - 2014-08-08 17:55 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Help
2014-08-08 17:33 - 2014-08-08 17:33 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-08-08 17:30 - 2014-08-08 17:30 - 00000000 ____D () C:\Program Files\Intel
2014-08-08 17:30 - 2014-08-08 17:30 - 00000000 ____D () C:\Program Files\Common Files\InstallShield
2014-08-08 17:28 - 2014-08-08 12:03 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-08-08 17:27 - 2014-08-08 17:27 - 00000020 ___SH () C:\Documents and Settings\LocalService\ntuser.ini
2014-08-08 17:27 - 2014-08-08 17:27 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Temp
2014-08-08 17:26 - 2014-08-08 17:26 - 00000020 ___SH () C:\Documents and Settings\NetworkService\ntuser.ini
2014-08-08 17:21 - 2014-08-08 17:27 - 00001599 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2014-08-08 17:21 - 2014-08-08 17:21 - 00002577 _____ () C:\WINDOWS\system32\CONFIG.NT
2014-08-08 17:21 - 2014-08-08 17:21 - 00001607 _____ () C:\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk
2014-08-08 17:21 - 2014-08-08 17:21 - 00001599 _____ () C:\Documents and Settings\Default User\Start Menu\Programs\Remote Assistance.lnk
2014-08-08 17:21 - 2014-08-08 17:21 - 00000398 _____ () C:\Documents and Settings\All Users\Start Menu\Windows Catalog.lnk
2014-08-08 17:21 - 2014-08-08 17:21 - 00000000 __RSH () C:\MSDOS.SYS
2014-08-08 17:21 - 2014-08-08 17:21 - 00000000 __RSH () C:\IO.SYS
2014-08-08 17:21 - 2014-08-08 17:21 - 00000000 ____D () C:\WINDOWS\system32\xircom
2014-08-08 17:21 - 2014-08-08 17:21 - 00000000 ____D () C:\Program Files\xerox
2014-08-08 17:21 - 2014-08-08 17:21 - 00000000 ____D () C:\Program Files\microsoft frontpage
2014-08-08 17:21 - 2014-08-08 17:21 - 00000000 _____ () C:\WINDOWS\control.ini
2014-08-08 17:21 - 2014-08-08 17:21 - 00000000 _____ () C:\CONFIG.SYS
2014-08-08 17:21 - 2014-08-08 17:21 - 00000000 _____ () C:\AUTOEXEC.BAT
2014-08-08 17:21 - 2014-08-08 17:18 - 00000000 ___RD () C:\Documents and Settings\Default User\Start Menu\Programs\Accessories
2014-08-08 17:21 - 2014-08-08 11:52 - 00000000 ____D () C:\WINDOWS\security
2014-08-08 17:21 - 2014-08-08 11:52 - 00000000 ____D () C:\WINDOWS\ime
2014-08-08 17:21 - 2008-04-14 07:00 - 00000477 _____ () C:\WINDOWS\win.ini
2014-08-08 17:20 - 2014-08-08 17:20 - 00316640 _____ () C:\WINDOWS\WMSysPr9.prx
2014-08-08 17:20 - 2014-08-08 12:03 - 00004161 _____ () C:\WINDOWS\ODBCINST.INI
2014-08-08 17:19 - 2014-08-08 17:19 - 00000000 __SHD () C:\Documents and Settings\All Users\DRM
2014-08-08 17:18 - 2014-08-08 17:18 - 00000786 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
2014-08-08 17:18 - 2014-08-08 11:52 - 00000000 ___RD () C:\WINDOWS\Web
2014-08-08 17:17 - 2014-08-08 17:17 - 00000000 ____D () C:\Program Files\Common Files\MSSoap
2014-08-08 17:16 - 2014-08-08 11:52 - 00000000 ____D () C:\WINDOWS\pchealth
2014-08-08 17:14 - 2014-08-08 17:14 - 00000000 ____D () C:\Program Files\MSN Gaming Zone
2014-08-08 17:14 - 2014-08-08 11:52 - 00000000 ____D () C:\WINDOWS\Cursors
2014-08-08 17:11 - 2014-08-08 11:52 - 00000000 ____D () C:\WINDOWS\system32\spool
2014-08-08 12:03 - 2014-08-08 12:03 - 00000000 ____D () C:\Program Files\Common Files\SpeechEngines
2014-08-08 12:03 - 2014-08-08 12:03 - 00000000 ____D () C:\Program Files\Common Files\ODBC
2014-08-08 12:03 - 2014-08-08 12:03 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\Temp
2014-08-08 12:03 - 2008-04-14 07:00 - 00000231 _____ () C:\WINDOWS\system.ini
2014-08-08 12:01 - 2014-08-08 12:01 - 01089536 _____ () C:\WINDOWS\system32\config\software.sav
2014-08-08 12:01 - 2014-08-08 12:01 - 00909312 _____ () C:\WINDOWS\system32\config\system.sav
2014-08-08 12:01 - 2014-08-08 12:01 - 00094208 _____ () C:\WINDOWS\system32\config\default.sav
2014-08-08 12:01 - 2014-08-08 12:01 - 00001024 _____ () C:\WINDOWS\system32\config\TempKey.LOG
2014-08-08 12:01 - 2014-08-08 12:00 - 00262144 _____ () C:\WINDOWS\system32\config\userdiff
2014-08-08 12:01 - 2014-08-08 12:00 - 00001024 _____ () C:\WINDOWS\system32\config\userdiff.LOG
2014-08-08 12:00 - 2014-08-08 11:52 - 00000000 ____D () C:\WINDOWS\system32\usmt
2014-08-08 12:00 - 2014-08-08 11:52 - 00000000 ____D () C:\WINDOWS\system32\scripting
2014-08-08 12:00 - 2014-08-08 11:52 - 00000000 ____D () C:\WINDOWS\mui
2014-08-08 12:00 - 2014-08-08 11:52 - 00000000 ____D () C:\WINDOWS\L2Schemas
2014-08-08 11:59 - 2014-08-08 11:52 - 00000000 ____D () C:\WINDOWS\system32\npp
2014-08-08 11:59 - 2014-08-08 11:52 - 00000000 ____D () C:\WINDOWS\PeerNet
2014-08-08 11:59 - 2014-08-08 11:52 - 00000000 ____D () C:\WINDOWS\msagent
2014-08-08 11:55 - 2014-08-08 11:52 - 00000000 ____D () C:\WINDOWS\twain_32
2014-08-08 11:54 - 2014-08-08 11:52 - 00000000 ____D () C:\WINDOWS\system32\ras
2014-08-08 11:54 - 2014-08-08 11:52 - 00000000 ____D () C:\WINDOWS\system32\icsxml
2014-08-08 11:53 - 2014-08-08 11:52 - 00000000 ____D () C:\WINDOWS\system32\ias
2014-08-08 11:53 - 2014-08-08 11:52 - 00000000 ____D () C:\WINDOWS\system32\1033
2014-08-08 11:52 - 2014-08-08 11:52 - 00000000 ____D () C:\WINDOWS\system32\wins
2014-08-08 11:52 - 2014-08-08 11:52 - 00000000 ____D () C:\WINDOWS\system32\ShellExt
2014-08-08 11:52 - 2014-08-08 11:52 - 00000000 ____D () C:\WINDOWS\system32\mui
2014-08-08 11:52 - 2014-08-08 11:52 - 00000000 ____D () C:\WINDOWS\system32\inetsrv
2014-08-08 11:52 - 2014-08-08 11:52 - 00000000 ____D () C:\WINDOWS\system32\IME
2014-08-08 11:52 - 2014-08-08 11:52 - 00000000 ____D () C:\WINDOWS\system32\export
2014-08-08 11:52 - 2014-08-08 11:52 - 00000000 ____D () C:\WINDOWS\system32\Drivers\disdn
2014-08-08 11:52 - 2014-08-08 11:52 - 00000000 ____D () C:\WINDOWS\system32\dhcp
2014-08-08 11:52 - 2014-08-08 11:52 - 00000000 ____D () C:\WINDOWS\system32\3com_dmi
2014-08-08 11:52 - 2014-08-08 11:52 - 00000000 ____D () C:\WINDOWS\system32\3076
2014-08-08 11:52 - 2014-08-08 11:52 - 00000000 ____D () C:\WINDOWS\system32\2052
2014-08-08 11:52 - 2014-08-08 11:52 - 00000000 ____D () C:\WINDOWS\system32\1054
2014-08-08 11:52 - 2014-08-08 11:52 - 00000000 ____D () C:\WINDOWS\system32\1042
2014-08-08 11:52 - 2014-08-08 11:52 - 00000000 ____D () C:\WINDOWS\system32\1041
2014-08-08 11:52 - 2014-08-08 11:52 - 00000000 ____D () C:\WINDOWS\system32\1037
2014-08-08 11:52 - 2014-08-08 11:52 - 00000000 ____D () C:\WINDOWS\system32\1031
2014-08-08 11:52 - 2014-08-08 11:52 - 00000000 ____D () C:\WINDOWS\system32\1028
2014-08-08 11:52 - 2014-08-08 11:52 - 00000000 ____D () C:\WINDOWS\system32\1025
2014-08-08 11:52 - 2014-08-08 11:52 - 00000000 ____D () C:\WINDOWS\Resources
2014-08-08 11:52 - 2014-08-08 11:52 - 00000000 ____D () C:\WINDOWS\repair
2014-08-08 11:52 - 2014-08-08 11:52 - 00000000 ____D () C:\WINDOWS\Provisioning
2014-08-08 11:52 - 2014-08-08 11:52 - 00000000 ____D () C:\WINDOWS\java
2014-08-08 11:52 - 2014-08-08 11:52 - 00000000 ____D () C:\WINDOWS\Driver Cache
2014-08-08 11:52 - 2014-08-08 11:52 - 00000000 ____D () C:\WINDOWS\Connection Wizard
2014-08-08 11:52 - 2014-08-08 11:52 - 00000000 ____D () C:\WINDOWS\addins
2014-07-31 23:42 - 2014-08-11 11:25 - 96303304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\systemAttached File  Addition.txt   15.17KB   1 downloads32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================


#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:41 AM

Posted 19 August 2014 - 07:10 AM

 
 
Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} -  No File
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} -  No File
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} -  No File
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} -  No File
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} -  No File
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} -  No File
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} -  No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
S2 PEVSystemStart; "C:\gjhgggt5d\pev.3XE" EXEC /i "C:\gjhgggt5d\HIDEC.3XE" "C:\gjhgggt5d\SWREG.3XE" ACL "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_Beep" /RESET /Q
S1 A2DDA; \??\C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [X]
S3 cleanhlp; \??\C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [X]
 
End
 
Save the files as fixlist.txt into the same folder as FRST
 
Run FRST and click Fix only once and wait.
 
Restart the computer normally to reset the registry.
 
The tool will create a log (Fixlog.txt) please post it to your reply.
===
 
Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  • p.s.
    If the SecurityCheck program fails to run for any reason, run it as an Administrator.
     
    If the site is busy or not available use this mirror site:
    ===
     
    You can enable the CD emulators.
     
    How is the computer running now?
     
     
     


    #11 kcp

    kcp
    • Topic Starter

    • Members
    • 45 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:03:41 AM

    Posted 21 August 2014 - 06:01 PM

    OK I copied the code into notebook and named it fixlist and saved to same directory as FRST.  Clicked fix, got a message that FRST has encountered an error and needs to close.  I then tried in safe mode and got the same error message.

     

    I believe we found the problem...  now how to solve it....Thank you for all help so far.

     

    what is next step..



    #12 kcp

    kcp
    • Topic Starter

    • Members
    • 45 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:03:41 AM

    Posted 21 August 2014 - 06:03 PM

    sorry here is the fix log...i have pasted it and attached....hope it helps...

     

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:17-08-2014 01
    Ran by Administrator at 2014-08-19 21:05:11 Run:3
    Running from C:\Documents and Settings\Administrator\Desktop\New Folder
    Boot Mode: Safe Mode (minimal)
     
    ==============================================
     
    Content of fixlist:
    *****************
    start
    Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} -  No File
    Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} -  No File
    Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} -  No File
    Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} -  No File
    Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} -  No File
    Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} -  No File
    Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} -  No File
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
    S2 PEVSystemStart; "C:\gjhgggt5d\pev.3XE" EXEC /i "C:\gjhgggt5d\HIDEC.3XE" "C:\gjhgggt5d\SWREG.3XE" ACL "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_Beep" /RESET /Q
    S1 A2DDA; \??\C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [X]
    S3 cleanhlp; \??\C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [X]
     
    End
    *****************
     
    "HKCR\PROTOCOLS\Handler\http\0x00000001" => Key not found.
    "HKCR\CLSID\{E1D2BF42-A96B-11d1-9C6B-0000F875AC61}" => Key not found.
     

    Attached Files



    #13 kcp

    kcp
    • Topic Starter

    • Members
    • 45 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:03:41 AM

    Posted 21 August 2014 - 06:15 PM

    I open ccleaner and scanned the registry, here is partial list of what it foun....I have not deleted anything...just scanned.

     
     
    Application Paths Issue bckgzm.exe - C:\FRST\QUARAN~1\C\PROGRA~1\MSNGAM~1\Windows\bckgzm.exe HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\bckgzm.exe
    Application Paths Issue chkrzm.exe - C:\FRST\QUARAN~1\C\PROGRA~1\MSNGAM~1\Windows\chkrzm.exe HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\chkrzm.exe
    Application Paths Issue CONF.EXE - C:\FRST\QUARAN~1\C\PROGRA~1\NETMEE~1\conf.exe HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\CONF.EXE
    Application Paths Issue dialer.exe - C:\FRST\QUARAN~1\C\PROGRA~1\WINDOW~2\dialer.exe HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\dialer.exe
    Application Paths Issue hrtzzm.exe - C:\FRST\QUARAN~1\C\PROGRA~1\MSNGAM~1\Windows\hrtzzm.exe HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\hrtzzm.exe
    Application Paths Issue hypertrm.exe - C:\FRST\QUARAN~1\C\PROGRA~1\WINDOW~2\hypertrm.exe HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\hypertrm.exe
    Application Paths Issue moviemk.exe - C:\FRST\QUARAN~1\C\PROGRA~1\MOVIEM~1\moviemk.exe HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\moviemk.exe
    Application Paths Issue msimn.exe - C:\FRST\QUARAN~1\C\PROGRA~1\OUTLOO~1\msimn.exe HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\msimn.exe
    Application Paths Issue MSMSGS.EXE - C:\FRST\QUARAN~1\C\PROGRA~1\MESSEN~1\msmsgs.exe HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\MSMSGS.EXE
    Application Paths Issue pinball.exe - C:\FRST\QUARAN~1\C\PROGRA~1\WINDOW~2\Pinball\PINBALL.EXE HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\pinball.exe
    Application Paths Issue rvsezm.exe - C:\FRST\QUARAN~1\C\PROGRA~1\MSNGAM~1\Windows\Rvsezm.exe HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\rvsezm.exe
    Application Paths Issue shvlzm.exe - C:\FRST\QUARAN~1\C\PROGRA~1\MSNGAM~1\Windows\shvlzm.exe HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\shvlzm.exe
    Application Paths Issue wab.exe - C:\FRST\QUARAN~1\C\PROGRA~1\OUTLOO~1\wab.exe HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\wab.exe
    Application Paths Issue wabmig.exe - C:\FRST\QUARAN~1\C\PROGRA~1\OUTLOO~1\wabmig.exe HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\wabmig.exe
    Uninstaller Reference Issue "C:\WINDOWS\$NtUninstallKB2115168$\spuninst\spuninst.exe" HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\KB2115168
    Uninstaller Reference Issue "C:\WINDOWS\$NtUninstallKB2296011$\spuninst\spuninst.exe" HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\KB2296011
    Uninstaller Reference Issue "C:\WINDOWS\$NtUninstallKB2345886$\spuninst\spuninst.exe" HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\KB2345886
    Uninstaller Reference Issue "C:\WINDOWS\$NtUninstallKB2387149$\spuninst\spuninst.exe" HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\KB2387149
    Uninstaller Reference Issue "C:\WINDOWS\$NtUninstallKB2467659$\spuninst\spuninst.exe" HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\KB2467659
    Uninstaller Reference Issue "C:\WINDOWS\$NtUninstallKB2478971$\spuninst\spuninst.exe" HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\KB2478971
    Uninstaller Reference Issue "C:\WINDOWS\$NtUninstallKB2479943$\spuninst\spuninst.exe" HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\KB2479943
    Uninstaller Reference Issue "C:\WINDOWS\$NtUninstallKB2536276-v2$\spuninst\spuninst.exe" HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\KB2536276-v2
    Uninstaller Reference Issue "C:\WINDOWS\$NtUninstallKB2544893-v2$\spuninst\spuninst.exe" HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\KB2544893-v2
    Uninstaller Reference Issue "C:\WINDOWS\$NtUninstallKB2564958$\spuninst\spuninst.exe" HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\KB2564958
    Uninstaller Reference Issue "C:\WINDOWS\$NtUninstallKB2585542$\spuninst\spuninst.exe" HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\KB2585542
    Uninstaller Reference Issue "C:\WINDOWS\$NtUninstallKB2631813$\spuninst\spuninst.exe" HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\KB2631813
    Uninstaller Reference Issue "C:\WINDOWS\$NtUninstallKB2659262$\spuninst\spuninst.exe" HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\KB2659262
    Uninstaller Reference Issue "C:\WINDOWS\$NtUninstallKB2691442$\spuninst\spuninst.exe" HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\KB2691442
    Uninstaller Reference Issue "C:\WINDOWS\$NtUninstallKB2712808$\spuninst\spuninst.exe" HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\KB2712808
    Uninstaller Reference Issue "C:\WINDOWS\$NtUninstallKB2834886$\spuninst\spuninst.exe" HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\KB2834886
    Uninstaller Reference Issue "C:\WINDOWS\$NtUninstallKB2847311$\spuninst\spuninst.exe" HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\KB2847311
    Uninstaller Reference Issue "C:\WINDOWS\$NtUninstallKB2868626$\spuninst\spuninst.exe" HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\KB2868626
    Uninstaller Reference Issue "C:\WINDOWS\$NtUninstallKB2900986$\spuninst\spuninst.exe" HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\KB2900986
    Uninstaller Reference Issue "C:\WINDOWS\$NtUninstallKB2916036$\spuninst\spuninst.exe" HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\KB2916036
    Uninstaller Reference Issue "C:\WINDOWS\$NtUninstallKB2922229$\spuninst\spuninst.exe" HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\KB2922229
    Uninstaller Reference Issue "C:\WINDOWS\$NtUninstallKB2934207$\spuninst\spuninst.exe" HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\KB2934207
    Uninstaller Reference Issue "C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\KB951376-v2
    Uninstaller Reference Issue "C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe" HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\KB955759
    Uninstaller Reference Issue "C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\KB959426
    Uninstaller Reference Issue "C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe" HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\KB960859
    Uninstaller Reference Issue "C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe" HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\KB970430
    Uninstaller Reference Issue "C:\WINDOWS\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe" HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\KB975558_WM8
    Old Start Menu key Chrome Apps HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Chrome Apps
    Missing MUI Reference C:\WINDOWS\SoftwareDistribution\Download\Install\WindowsXP-KB905474-ENU-x86.exe HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache
    Missing MUI Reference c:\a99e2c8758f38637fea7\wgasetup.exe HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache
    Missing MUI Reference C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\CTLS100E\JavaSetup7u67[1].exe HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache
    Missing MUI Reference C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\PJ4EAJ1W\JavaSetup7u67[1].exe HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache
    Missing MUI Reference C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache
     

    Maybe it will help you...

     

    I do have one question...why no mention of what my original GMER log found and find solution from there..just curious.



    #14 nasdaq

    nasdaq

    • Malware Response Team
    • 39,497 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:04:41 AM

    Posted 22 August 2014 - 06:56 AM

    The GMER tool is too hard to decipher.

     
    We now use the aswMBR.exe tool which is user friendly.
    All was good.
    ===
     
    cccleaner did it't job. 
     
    What is the remaining issue?


    #15 kcp

    kcp
    • Topic Starter

    • Members
    • 45 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:03:41 AM

    Posted 22 August 2014 - 07:53 AM

    i did not run ccleaner, and should i let it delete all those registry entries? then run aswmbr.exe again?   

     

    I totally understand about GMER...but it shows the rootkit

     

    no my time is never correct....it was 11pm when i got home(it was reall 630)...now it says it is 158 am when it really is 751...i dont understand






    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users