Win 7 Trojan:DOS/Alureon.A

Solved
By No1Herd
Nov 4, 2012
  1. Broni

    Broni Malware Annihilator Posts: 46,329   +252

    Download the FixTDSS.exe

    Save the file to your Windows desktop.
    Close all running programs.
    If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
    Double-click the FixTDSS.exe file to start the removal tool.
    Click Start to begin the process, and then allow the tool to run.
    OK any security prompts.
    Restart the computer when prompted by the tool.
    After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
    If you are running Windows XP, re-enable System Restore.
  2. No1Herd

    No1Herd Newcomer, in training Topic Starter Posts: 45

    Still will not run. I had the task manager open and noticed it did show in the processes but then disappeared. It still will not fully open the program.
  3. Broni

    Broni Malware Annihilator Posts: 46,329   +252

    Please post fresh FRST log.
  4. No1Herd

    No1Herd Newcomer, in training Topic Starter Posts: 45

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-10-2012 (ATTENTION: FRST version is 7 days old)
    Ran by SYSTEM at 06-11-2012 19:06:55
    Running from F:\stuff
    Windows 7 Enterprise Service Pack 1 (X64) OS Language: English(US)
    The current controlset is ControlSet001
    ==================== Registry (Whitelisted) ===================
    HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1289704 2012-09-12] (Microsoft Corporation)
    HKU\Administrator\...\Run: [AdobeBridge] [x]
    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1
    ==================== Services (Whitelisted) ===================
    4 Autodesk Licensing Service; "C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe" [79360 2011-06-08] (Autodesk)
    4 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" [5167736 2012-08-12] (AVG Technologies CZ, s.r.o.)
    4 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
    4 InstallFilterService; C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [60928 2010-01-10] ()
    4 Lavasoft Ad-Aware Service; "C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe" [2152720 2012-05-29] (Lavasoft Limited)
    4 McAfeeEngineService; "C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe" [20792 2010-03-25] (McAfee, Inc.)
    4 McAfeeFramework; "C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe" /ServiceStart [103744 2009-08-25] (McAfee, Inc.)
    4 McShield; "C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe" [180968 2010-03-25] (McAfee, Inc.)
    4 McTaskManager; "C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe" [66880 2010-03-25] (McAfee, Inc.)
    2 mfevtp; C:\Windows\system32\mfevtps.exe [79504 2010-03-25] (McAfee, Inc.)
    4 mi-raysat_3dsMax2009_64; "C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe" [65536 2008-03-09] ()
    2 MsDtsServer100; "C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe" [210784 2011-04-23] (Microsoft Corporation)
    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22072 2012-09-12] (Microsoft Corporation)
    2 MSSQLSERVER; "C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER [61916000 2011-04-23] (Microsoft Corporation)
    3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [368896 2012-09-12] (Microsoft Corporation)
    4 NovacomD; C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe [72192 2011-06-24] (Palm)
    2 SQLSERVERAGENT; "C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE" -I MSSQLSERVER [428384 2011-04-23] (Microsoft Corporation)
    2 vpnagent; "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe" [475088 2011-09-09] (Cisco Systems, Inc.)
    ==================== Drivers (Whitelisted) =====================
    3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
    3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
    0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
    1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [291680 2012-07-25] (AVG Technologies CZ, s.r.o.)
    1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
    0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
    1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [384352 2012-08-24] (AVG Technologies CZ, s.r.o.)
    3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [17152 2012-03-24] ()
    0 Lbd; C:\Windows\System32\Drivers\Lbd.sys [69376 2011-11-03] (Lavasoft AB)
    3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [97576 2010-03-25] (McAfee, Inc.)
    3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [120096 2010-03-25] (McAfee, Inc.)
    0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [469400 2010-03-25] (McAfee, Inc.)
    3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [78896 2010-03-25] (McAfee, Inc.)
    1 mfetdik; C:\Windows\System32\Drivers\mfetdik.sys [84424 2010-03-25] (McAfee, Inc.)
    0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)
    1 MpKsl1d91fe20; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{77852585-2F4E-4A8E-AC28-1C735A12EAA5}\MpKsl1d91fe20.sys [35664 2012-11-05] (Microsoft Corporation)
    2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)
    3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
    3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
    3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]
    ==================== NetSvcs (Whitelisted) ====================

    ==================== One Month Created Files and Folders ========
    2012-11-05 19:07 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
    2012-11-05 17:59 - 2012-11-05 21:25 - 00000000 ____D C:\Stuff
    2012-11-04 20:59 - 2012-11-04 21:00 - 00003615 ____A C:\Users\Administrator\Desktop\FRST.txt
    2012-11-04 13:54 - 2012-11-04 06:24 - 01459963 ____A (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
    2012-11-04 13:35 - 2012-11-04 13:35 - 00687724 ____A (Swearware) C:\Users\Administrator\Desktop\dds.com
    2012-11-04 13:35 - 2012-11-04 13:34 - 00302592 ____A C:\Users\Administrator\Desktop\r6yt3c6g.exe
    2012-11-04 13:10 - 2012-11-04 13:09 - 00430592 ____A C:\Users\Administrator\Desktop\RogueKiller.exe
    2012-11-04 13:03 - 2012-11-04 13:01 - 04996943 ____A (Swearware) C:\Users\Administrator\Desktop\Commy.exe
    2012-11-04 12:29 - 2012-11-04 12:56 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Administrator\Desktop\tdsskiller.exe
    2012-11-04 12:02 - 2012-11-04 12:02 - 00000000 ____D C:\FRST
    2012-11-03 13:48 - 2012-11-03 13:48 - 00000000 ____D C:\Windows\pss
    2012-11-03 13:40 - 2012-11-04 13:44 - 00002198 ____A C:\Windows\epplauncher.mif
    2012-11-03 13:40 - 2012-11-03 13:40 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-11-03 13:40 - 2012-11-03 13:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2012-11-03 13:39 - 2012-11-03 13:40 - 00000000 ____D C:\d2f0698d88b3cc6c3cb9a2
    2012-11-03 12:37 - 2012-11-03 12:37 - 543703852 ____A C:\Windows\MEMORY.DMP
    2012-11-03 12:37 - 2012-11-03 12:37 - 00280640 ____A C:\Windows\Minidump\110312-27502-01.dmp
    2012-11-02 17:55 - 2012-11-02 17:55 - 00280640 ____A C:\Windows\Minidump\110212-39671-01.dmp
    2012-11-01 15:22 - 2012-11-01 15:22 - 00280640 ____A C:\Windows\Minidump\110112-33087-01.dmp
    2012-10-18 18:11 - 2012-10-18 18:15 - 00000000 ____D C:\Program Files (x86)\e-Sword
    2012-10-18 18:11 - 2012-10-18 18:12 - 00000000 ____D C:\Users\Administrator\Documents\e-Sword
    2012-10-18 18:11 - 2012-10-18 18:11 - 00001945 ____A C:\Users\Public\Desktop\e-Sword.lnk
    2012-10-18 17:58 - 2012-10-18 18:09 - 53158717 ____A (Rick Meyers) C:\Users\Administrator\Downloads\setup1010.exe
    2012-10-09 16:31 - 2012-08-20 10:48 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
    2012-10-09 16:31 - 2012-08-20 10:48 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
    2012-10-09 16:31 - 2012-08-20 10:48 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
    2012-10-09 16:31 - 2012-08-20 10:48 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
    2012-10-09 16:31 - 2012-08-20 10:48 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
    2012-10-09 16:31 - 2012-08-20 10:48 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
    2012-10-09 16:31 - 2012-08-20 10:48 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
    2012-10-09 16:31 - 2012-08-20 10:46 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
    2012-10-09 16:31 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-10-09 16:31 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
    2012-10-09 16:31 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
    2012-10-09 16:31 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-10-09 16:31 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
    2012-10-09 16:31 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
    2012-10-09 16:31 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
    2012-10-09 16:31 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
    2012-10-09 16:31 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
    2012-10-09 16:31 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
    2012-10-09 16:31 - 2012-08-20 09:40 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2012-10-09 16:31 - 2012-08-20 09:38 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2012-10-09 16:31 - 2012-08-20 09:37 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2012-10-09 16:31 - 2012-08-20 09:37 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2012-10-09 16:31 - 2012-08-20 09:37 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2012-10-09 16:31 - 2012-08-20 09:32 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2012-10-09 16:31 - 2012-08-20 09:32 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2012-10-09 16:31 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-10-09 16:31 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2012-10-09 16:31 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2012-10-09 16:31 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2012-10-09 16:31 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-10-09 16:31 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-10-09 16:31 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2012-10-09 16:31 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-10-09 16:31 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2012-10-09 16:31 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2012-10-09 16:31 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2012-10-09 16:31 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-10-09 16:31 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2012-10-09 16:31 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2012-10-09 16:31 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2012-10-09 16:31 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2012-10-09 16:31 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-10-09 16:31 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2012-10-09 16:31 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2012-10-09 16:31 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2012-10-09 16:31 - 2012-08-20 07:38 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2012-10-09 16:30 - 2012-09-14 11:19 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2012-10-09 16:30 - 2012-09-14 10:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2012-10-09 16:30 - 2012-08-31 10:19 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
    2012-10-09 16:30 - 2012-08-30 10:03 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-10-09 16:30 - 2012-08-30 09:12 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-10-09 16:30 - 2012-08-30 09:12 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-10-09 16:30 - 2012-08-24 10:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
    2012-10-09 16:30 - 2012-08-24 08:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2012-10-09 16:30 - 2012-08-20 10:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
    2012-10-09 16:30 - 2012-08-20 10:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
    2012-10-09 16:30 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-10-09 16:30 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
    2012-10-09 16:30 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
    2012-10-09 16:30 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-10-09 16:30 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-10-09 16:30 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
    2012-10-09 16:30 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-10-09 16:30 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
    2012-10-09 16:30 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
    2012-10-09 16:30 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
    2012-10-09 16:30 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
    2012-10-09 16:30 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
    2012-10-09 16:30 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
    2012-10-09 16:30 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
    2012-10-09 16:30 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-10-09 16:30 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
    2012-10-09 16:30 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2012-10-09 16:30 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2012-10-09 16:30 - 2012-08-20 07:38 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2012-10-09 16:30 - 2012-08-20 07:33 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2012-10-09 16:30 - 2012-08-20 07:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-10-09 16:30 - 2012-08-20 07:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2012-10-09 16:30 - 2012-08-20 07:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2012-10-09 16:30 - 2012-08-10 16:56 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
    2012-10-09 16:30 - 2012-08-10 15:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2012-10-09 16:29 - 2012-06-01 21:41 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-10-09 16:29 - 2012-06-01 21:41 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-10-09 16:29 - 2012-06-01 21:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-10-09 16:29 - 2012-06-01 20:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-10-09 16:29 - 2012-06-01 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-10-09 16:29 - 2012-06-01 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-10-09 08:48 - 2012-10-09 08:48 - 00000000 ____D C:\Users\Administrator\Downloads\ak2ifw_update_3ds43_dsi144 (1)
    2012-10-09 08:42 - 2012-10-09 08:42 - 02812153 ____A C:\Users\Administrator\Downloads\ak2ifw_update_3ds43_dsi144 (1).zip
    2012-10-08 19:10 - 2012-10-08 19:10 - 00136510 ____A C:\Users\Administrator\Downloads\ak2loader (5).zip
    2012-10-08 19:10 - 2012-10-08 19:10 - 00000000 ____D C:\Users\Administrator\Downloads\ak2loader (5)
    2012-10-08 18:54 - 2012-10-08 18:55 - 00000000 ____D C:\Users\Administrator\Downloads\ak2ifw_update_3ds43_dsi144
    2012-10-08 17:38 - 2012-10-08 17:38 - 05303059 ____A C:\Users\Administrator\Downloads\AKAIO.1.9.0.zip
    2012-10-08 17:33 - 2012-10-08 17:33 - 02812153 ____A C:\Users\Administrator\Downloads\ak2ifw_update_3ds43_dsi144.zip

    ==================== 3 Months Modified Files ==================
    2012-11-06 04:00 - 2011-02-08 08:38 - 01856161 ____A C:\Windows\WindowsUpdate.log
    2012-11-05 21:50 - 2009-07-13 20:45 - 00015152 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-11-05 21:50 - 2009-07-13 20:45 - 00015152 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-11-05 21:46 - 2009-07-13 21:13 - 00877772 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-11-05 21:41 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-11-05 21:41 - 2009-07-13 20:51 - 00055964 ____A C:\Windows\setupact.log
    2012-11-05 21:40 - 2012-03-24 16:44 - 00021249 ____A C:\aaw7boot.log
    2012-11-04 21:00 - 2012-11-04 20:59 - 00003615 ____A C:\Users\Administrator\Desktop\FRST.txt
    2012-11-04 13:44 - 2012-11-03 13:40 - 00002198 ____A C:\Windows\epplauncher.mif
    2012-11-04 13:35 - 2012-11-04 13:35 - 00687724 ____A (Swearware) C:\Users\Administrator\Desktop\dds.com
    2012-11-04 13:34 - 2012-11-04 13:35 - 00302592 ____A C:\Users\Administrator\Desktop\r6yt3c6g.exe
    2012-11-04 13:09 - 2012-11-04 13:10 - 00430592 ____A C:\Users\Administrator\Desktop\RogueKiller.exe
    2012-11-04 13:01 - 2012-11-04 13:03 - 04996943 ____A (Swearware) C:\Users\Administrator\Desktop\Commy.exe
    2012-11-04 12:56 - 2012-11-04 12:29 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Administrator\Desktop\tdsskiller.exe
    2012-11-04 06:24 - 2012-11-04 13:54 - 01459963 ____A (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
    2012-11-03 13:42 - 2011-02-08 11:01 - 00209208 ____A C:\Windows\PFRO.log
    2012-11-03 12:37 - 2012-11-03 12:37 - 543703852 ____A C:\Windows\MEMORY.DMP
    2012-11-03 12:37 - 2012-11-03 12:37 - 00280640 ____A C:\Windows\Minidump\110312-27502-01.dmp
    2012-11-02 17:55 - 2012-11-02 17:55 - 00280640 ____A C:\Windows\Minidump\110212-39671-01.dmp
    2012-11-01 15:22 - 2012-11-01 15:22 - 00280640 ____A C:\Windows\Minidump\110112-33087-01.dmp
    2012-10-31 18:31 - 2011-02-08 10:25 - 00093064 ____A C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-10-31 17:29 - 2009-07-13 20:45 - 04931480 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-10-20 06:52 - 2012-03-27 06:51 - 00000064 ____A C:\Windows\SysWOW64\rp_stats.dat
    2012-10-20 06:52 - 2012-03-27 06:51 - 00000044 ____A C:\Windows\SysWOW64\rp_rules.dat
    2012-10-18 18:11 - 2012-10-18 18:11 - 00001945 ____A C:\Users\Public\Desktop\e-Sword.lnk
    2012-10-18 18:09 - 2012-10-18 17:58 - 53158717 ____A (Rick Meyers) C:\Users\Administrator\Downloads\setup1010.exe
    2012-10-10 23:04 - 2011-02-08 12:59 - 65309168 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-10-09 08:42 - 2012-10-09 08:42 - 02812153 ____A C:\Users\Administrator\Downloads\ak2ifw_update_3ds43_dsi144 (1).zip
    2012-10-08 19:10 - 2012-10-08 19:10 - 00136510 ____A C:\Users\Administrator\Downloads\ak2loader (5).zip
    2012-10-08 17:38 - 2012-10-08 17:38 - 05303059 ____A C:\Users\Administrator\Downloads\AKAIO.1.9.0.zip
    2012-10-08 17:33 - 2012-10-08 17:33 - 02812153 ____A C:\Users\Administrator\Downloads\ak2ifw_update_3ds43_dsi144.zip
    2012-09-14 13:41 - 2012-03-24 07:00 - 00000965 ____A C:\Users\Public\Desktop\AVG 2012.lnk
    2012-09-14 11:19 - 2012-10-09 16:30 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2012-09-14 10:28 - 2012-10-09 16:30 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2012-09-04 20:07 - 2012-09-04 20:07 - 00000755 ____A C:\Users\Administrator\Documents\appleuids.txt
    2012-09-04 20:07 - 2012-09-04 20:05 - 93221790 ____A C:\Users\Administrator\Downloads\Rxdzz.txt
    2012-09-04 19:30 - 2012-09-04 19:30 - 00010828 ____A C:\Users\Administrator\Documents\NFL.xlsx
    2012-08-31 10:19 - 2012-10-09 16:30 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
    2012-08-30 18:03 - 2012-08-30 18:03 - 00228768 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
    2012-08-30 18:03 - 2012-08-30 18:03 - 00128456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
    2012-08-30 10:03 - 2012-10-09 16:30 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-08-30 09:12 - 2012-10-09 16:30 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-08-30 09:12 - 2012-10-09 16:30 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-08-24 11:43 - 2012-08-24 11:43 - 00384352 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgtdia.sys
    2012-08-24 10:05 - 2012-10-09 16:30 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
    2012-08-24 08:57 - 2012-10-09 16:30 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2012-08-24 03:15 - 2012-10-02 04:56 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-08-24 02:39 - 2012-10-02 04:56 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-08-24 02:31 - 2012-10-02 04:57 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-08-24 02:22 - 2012-10-02 04:57 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-08-24 02:21 - 2012-10-02 04:57 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-08-24 02:20 - 2012-10-02 04:57 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-08-24 02:18 - 2012-10-02 04:57 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-08-24 02:17 - 2012-10-02 04:57 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-08-24 02:14 - 2012-10-02 04:57 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-08-24 02:14 - 2012-10-02 04:57 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-08-24 02:13 - 2012-10-02 04:57 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-08-24 02:12 - 2012-10-02 04:57 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-08-24 02:11 - 2012-10-02 04:57 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-08-24 02:10 - 2012-10-02 04:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-08-24 02:09 - 2012-10-02 04:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-08-24 02:04 - 2012-10-02 04:57 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-08-23 23:27 - 2012-10-02 04:56 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-08-23 23:03 - 2012-10-02 04:56 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-08-23 22:59 - 2012-10-02 04:57 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-08-23 22:51 - 2012-10-02 04:57 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-08-23 22:51 - 2012-10-02 04:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-08-23 22:51 - 2012-10-02 04:57 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-08-23 22:49 - 2012-10-02 04:57 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-08-23 22:48 - 2012-10-02 04:57 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-08-23 22:47 - 2012-10-02 04:57 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-08-23 22:47 - 2012-10-02 04:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2012-08-23 22:47 - 2012-10-02 04:57 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-08-23 22:45 - 2012-10-02 04:57 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-08-23 22:44 - 2012-10-02 04:57 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-08-23 22:44 - 2012-10-02 04:57 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-08-23 22:43 - 2012-10-02 04:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-08-23 22:40 - 2012-10-02 04:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-08-22 10:12 - 2012-09-12 04:13 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
    2012-08-22 10:12 - 2012-09-12 04:12 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2012-08-22 10:12 - 2012-09-12 04:12 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
    2012-08-22 10:12 - 2012-09-12 04:12 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
    2012-08-21 13:01 - 2012-09-27 12:38 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
    2012-08-20 10:48 - 2012-10-09 16:31 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
    2012-08-20 10:48 - 2012-10-09 16:31 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
    2012-08-20 10:48 - 2012-10-09 16:31 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
    2012-08-20 10:48 - 2012-10-09 16:31 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
    2012-08-20 10:48 - 2012-10-09 16:31 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
    2012-08-20 10:48 - 2012-10-09 16:31 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
    2012-08-20 10:48 - 2012-10-09 16:31 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
    2012-08-20 10:46 - 2012-10-09 16:31 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
    2012-08-20 10:38 - 2012-10-09 16:31 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:31 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:31 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:31 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:31 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:30 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:30 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:30 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:30 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:30 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:30 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:30 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:30 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:30 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:30 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:30 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:30 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:30 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:30 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:30 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:30 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:30 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:30 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
    2012-08-20 09:40 - 2012-10-09 16:31 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2012-08-20 09:38 - 2012-10-09 16:31 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2012-08-20 09:37 - 2012-10-09 16:31 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2012-08-20 09:37 - 2012-10-09 16:31 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2012-08-20 09:37 - 2012-10-09 16:31 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2012-08-20 09:32 - 2012-10-09 16:31 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 16:31 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 16:31 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 16:31 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 16:31 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 16:31 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 16:31 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 16:31 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 16:31 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 16:31 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 16:31 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 16:31 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 16:30 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 16:30 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2012-08-20 07:38 - 2012-10-09 16:31 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2012-08-20 07:38 - 2012-10-09 16:30 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2012-08-20 07:33 - 2012-10-09 16:30 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2012-08-20 07:33 - 2012-10-09 16:30 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-08-20 07:33 - 2012-10-09 16:30 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2012-08-20 07:33 - 2012-10-09 16:30 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2012-08-10 16:56 - 2012-10-09 16:30 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
    2012-08-10 15:56 - 2012-10-09 16:30 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

    ATTENTION: ========> Check for possible partition/boot infection:
    C:\Windows\svchost.exe
    ==================== Known DLLs (Whitelisted) =================

    ==================== Bamital & volsnap Check =================
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    TDL4: custom:26000022 <===== ATTENTION!
    ==================== EXE ASSOCIATION =====================
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
    ==================== Restore Points =========================
    Restore point made on: 2012-10-31 20:11:10
    Restore point made on: 2012-11-02 18:14:46
    Restore point made on: 2012-11-03 12:27:20
    Restore point made on: 2012-11-03 13:56:29
    Restore point made on: 2012-11-04 14:38:10
    Restore point made on: 2012-11-04 14:39:31
    Restore point made on: 2012-11-04 14:40:00
    Restore point made on: 2012-11-04 14:40:36
    ==================== Memory info ===========================
    Percentage of memory in use: 10%
    Total physical RAM: 8117.84 MB
    Available physical RAM: 7249.5 MB
    Total Pagefile: 8116.04 MB
    Available Pagefile: 7245.9 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.91 MB
    ==================== Partitions =============================
    1 Drive c: () (Fixed) (Total:218.2 GB) (Free:28.81 GB) NTFS
    2 Drive e: (WIN7SP1ULTX64) (CDROM) (Total:3.49 GB) (Free:0 GB) UDF
    3 Drive f: (4 GB) (Removable) (Total:3.72 GB) (Free:1.78 GB) FAT32
    4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    5 Drive y: (System Reserved) (Fixed) (Total:14.65 GB) (Free:14.55 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    ATTENTION: Malware custom entry on BCD on drive y: detected. Check for MBR/Partition infection.
    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 232 GB 0 B
    Disk 1 Online 3820 MB 0 B
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 OEM 39 MB 31 KB
    Partition 2 Primary 14 GB 40 MB
    Partition 3 Primary 218 GB 14 GB
    ==================================================================================
    Disk: 0
    Partition 1
    Type : DE
    Hidden: Yes
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 FAT Partition 39 MB Healthy Hidden
    =========================================================
    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y System Rese NTFS Partition 14 GB Healthy
    =========================================================
    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 218 GB Healthy
    =========================================================
    Partitions of Disk 1:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 3816 MB 4032 KB
    ==================================================================================
    Disk: 1
    Partition 1
    Type : 0B
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 F 4 GB FAT32 Removable 3816 MB Healthy
    =========================================================
    Last Boot: 2012-11-05 20:00
    ==================== End Of Log =============================
  5. Broni

    Broni Malware Annihilator Posts: 46,329   +252

    Perform this from safe mode.

    Run rKill first (instructions toward the end).

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
  6. No1Herd

    No1Herd Newcomer, in training Topic Starter Posts: 45

    Again rkill is a no go. It brings up a black dos box but no text just a blinking cursor for around 12-13 seconds. then it closes and looking at processes it seems to not be running. I tried both rkill and iexplore but same result with each.
  7. Broni

    Broni Malware Annihilator Posts: 46,329   +252

    See if Combofix will run.
  8. No1Herd

    No1Herd Newcomer, in training Topic Starter Posts: 45

    Still not working any way I try
  9. Broni

    Broni Malware Annihilator Posts: 46,329   +252

    Please click HERE to download Kaspersky Virus Removal Tool.

    • Double click on the file you just downloaded and let it install.
    • It will install to your desktop (be patient; it may take a while).
    • Accept license agreement and click "Start" button.
    • Click on Settings button [​IMG]
      • In Scan scope leave pre-checked items as they're and also checkmark My Computer
      • In Actions checkmark Select action: (disinfect; delete if disinfection fails) instead of preselected Prompt on detection
    • Click on Automatic Scan tab and then click on Start scanning button.
    • Before it is done it may prompt for action regardless of the setting so choose delete if prompted.
    • When the scan is done NO log will be produced.
    • Click on Report button [​IMG] then on Automatic Scan report tab.
    • Right click anywhere within right pane, click Select All then right click again and click Copy.
    • This will copy the items that it found to the clipboard you can then open notepad (go to start then run then type in notepad) and choose paste to paste the contents into Notepad.
    • You can save this on the desktop.
    • Post the contents of the document in your next reply.
  10. No1Herd

    No1Herd Newcomer, in training Topic Starter Posts: 45

    Grrg still not working will not install. It shows in the processes for a few seconds then goes away. Without installing.
  11. Broni

    Broni Malware Annihilator Posts: 46,329   +252

    Download Kaspersky Rescue Disk 10
    Burn downloaded .iso file to CD. How to: http://www.petri.co.il/how_to_write_iso_files_to_cd.htm

    Boot from Kaspersky Rescue Disk 10. How to boot from CD: http://www.hiren.info/pages/bios-boot-cdrom

    A loading wizard will start (you will see the menu to select the required language). See screenshots here: http://support.kaspersky.com/viruses/rescuedisk/main?qid=208286086
    If you do not press any key in 10 seconds, the computer boots from hard drive automatically.
    Select the required interface language using the arrow-keys on your keyboard.
    Press the Enter key on the keyboard.
    In the start up wizard window that opens, select the Kaspersky Rescue Disk. Graphic Mode
    Click Enter.
    Click 'A' to accept the agreement.
    Select operating system from dropdown menu.
    In Objects Scan tab checkmark:
    • Disk boot sectors
    • Hidden startup objects
    • C:
    Click My Update Center tab and update if any available
    Go back to other tab and click Start Object Scan.
    NOTE. Be patient. It will take a while.

    When scan has completed save a report:
    • On the upper part of the Kaspersky Rescue Disk window, click on the Report link.
    • On the bottom right hand corner of the Protection status - Kaspersky Rescue Disk window, click on the Detailed Report button.
    • On the upper right hand corner of the Detailed report window, click on the Save button.
    • After clicking Detailed Report and 'SAVE', a browse window opens.
    • Double-click on the \
    • Click 'Disks'.
    • All your drives will be shown and you can easily double-click C and save the report to C:\KasperskyRescueDisk10.txt.
    • Click on the Save button.
    • The report has been saved to the file.
    Remove the disk from the drive (or disconnect USB) and reboot normally.

    Post the content of the file for my review.
     
  12. No1Herd

    No1Herd Newcomer, in training Topic Starter Posts: 45

    OK I ran the KasperskyRescue disk and it found pihar.c and attempted to repair it. Now the computer errors when trying to reboot. Following is the Kaspersky report and the next post is the FARBAR scan in hoping that helps you.

    Objects Scan: completed 1 minute ago (events: 940, objects: 2054147, time: 08:53:20)
    11/7/12 8:44 AM Task completed
    11/6/12 11:50 PM Task started
    11/7/12 2:32 AM Detected: Rootkit.Boot.Pihar.c /dev/sda
    11/6/12 11:51 PM Untreated: Rootkit.Boot.Pihar.c /dev/sda Postponed
    11/7/12 8:44 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
    11/7/12 8:44 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda
    11/6/12 11:51 PM Detected: Rootkit.Boot.Pihar.c /dev/sda
    11/7/12 2:22 AM Processing error /mnt/MountedDevices/PD-3C367962-00000003AC000000/Users/Administrator/Documents/101/Sure Target 2/.DS_Store Read error
    11/7/12 12:22 AM Processing error /mnt/MountedDevices/PD-3C367962-00000003AC000000/Users/Administrator/Documents/101/Sure Target 2/.DS_Store Read error
    11/7/12 12:10 AM Processing error /mnt/MountedDevices/PD-3C367962-00000003AC000000/Users/Administrator/Documents/101/Sure Target 2/.DS_Store Read error
    11/7/12 2:22 AM Processing error /mnt/MountedDevices/PD-3C367962-00000003AC000000/Users/Administrator/Documents/101/Sure Target 2/Graphics/Black BG.pdf Read error
    11/7/12 12:22 AM Processing error /mnt/MountedDevices/PD-3C367962-00000003AC000000/Users/Administrator/Documents/101/Sure Target 2/Graphics/Black BG.pdf Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
    11/7/12 12:45 AM Processing error C:/ProgramData/Microsoft: Read error
  13. No1Herd

    No1Herd Newcomer, in training Topic Starter Posts: 45

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-10-2012 (ATTENTION: FRST version is 8 days old)
    Ran by SYSTEM at 07-11-2012 18:20:48
    Running from F:\stuff
    Windows 7 Enterprise Service Pack 1 (X64) OS Language: English(US)
    The current controlset is ControlSet001
    ==================== Registry (Whitelisted) ===================
    HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1289704 2012-09-12] (Microsoft Corporation)
    HKU\Administrator\...\Run: [AdobeBridge] [x]
    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1
    ==================== Services (Whitelisted) ===================
    4 Autodesk Licensing Service; "C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe" [79360 2011-06-08] (Autodesk)
    4 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" [5167736 2012-08-12] (AVG Technologies CZ, s.r.o.)
    4 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
    4 InstallFilterService; C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [60928 2010-01-10] ()
    4 Lavasoft Ad-Aware Service; "C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe" [2152720 2012-05-29] (Lavasoft Limited)
    4 McAfeeEngineService; "C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe" [20792 2010-03-25] (McAfee, Inc.)
    4 McAfeeFramework; "C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe" /ServiceStart [103744 2009-08-25] (McAfee, Inc.)
    4 McShield; "C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe" [180968 2010-03-25] (McAfee, Inc.)
    4 McTaskManager; "C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe" [66880 2010-03-25] (McAfee, Inc.)
    2 mfevtp; C:\Windows\system32\mfevtps.exe [79504 2010-03-25] (McAfee, Inc.)
    4 mi-raysat_3dsMax2009_64; "C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe" [65536 2008-03-09] ()
    2 MsDtsServer100; "C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe" [210784 2011-04-23] (Microsoft Corporation)
    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22072 2012-09-12] (Microsoft Corporation)
    2 MSSQLSERVER; "C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER [61916000 2011-04-23] (Microsoft Corporation)
    3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [368896 2012-09-12] (Microsoft Corporation)
    4 NovacomD; C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe [72192 2011-06-24] (Palm)
    2 SQLSERVERAGENT; "C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE" -I MSSQLSERVER [428384 2011-04-23] (Microsoft Corporation)
    2 vpnagent; "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe" [475088 2011-09-09] (Cisco Systems, Inc.)
    ==================== Drivers (Whitelisted) =====================
    3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
    3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
    0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
    1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [291680 2012-07-25] (AVG Technologies CZ, s.r.o.)
    1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
    0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
    1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [384352 2012-08-24] (AVG Technologies CZ, s.r.o.)
    3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [17152 2012-03-24] ()
    0 Lbd; C:\Windows\System32\Drivers\Lbd.sys [69376 2011-11-03] (Lavasoft AB)
    3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [97576 2010-03-25] (McAfee, Inc.)
    3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [120096 2010-03-25] (McAfee, Inc.)
    0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [469400 2010-03-25] (McAfee, Inc.)
    3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [78896 2010-03-25] (McAfee, Inc.)
    1 mfetdik; C:\Windows\System32\Drivers\mfetdik.sys [84424 2010-03-25] (McAfee, Inc.)
    0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)
    3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)
    3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
    3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
    3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]
    ==================== NetSvcs (Whitelisted) ====================

    ==================== One Month Created Files and Folders ========
    2012-11-07 00:43 - 2012-11-07 00:43 - 00153091 ____A C:\KasperskyRescueDisk10
    2012-11-05 19:07 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
    2012-11-05 17:59 - 2012-11-06 19:40 - 00000000 ____D C:\Stuff
    2012-11-04 20:59 - 2012-11-04 21:00 - 00003615 ____A C:\Users\Administrator\Desktop\FRST.txt
    2012-11-04 13:54 - 2012-11-04 06:24 - 01459963 ____A (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
    2012-11-04 13:35 - 2012-11-04 13:35 - 00687724 ____A (Swearware) C:\Users\Administrator\Desktop\dds.com
    2012-11-04 13:35 - 2012-11-04 13:34 - 00302592 ____A C:\Users\Administrator\Desktop\r6yt3c6g.exe
    2012-11-04 13:10 - 2012-11-04 13:09 - 00430592 ____A C:\Users\Administrator\Desktop\RogueKiller.exe
    2012-11-04 13:03 - 2012-11-04 13:01 - 04996943 ____A (Swearware) C:\Users\Administrator\Desktop\Commy.exe
    2012-11-04 12:29 - 2012-11-04 12:56 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Administrator\Desktop\tdsskiller.exe
    2012-11-04 12:02 - 2012-11-04 12:02 - 00000000 ____D C:\FRST
    2012-11-03 13:48 - 2012-11-03 13:48 - 00000000 ____D C:\Windows\pss
    2012-11-03 13:40 - 2012-11-04 13:44 - 00002198 ____A C:\Windows\epplauncher.mif
    2012-11-03 13:40 - 2012-11-03 13:40 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-11-03 13:40 - 2012-11-03 13:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2012-11-03 13:39 - 2012-11-03 13:40 - 00000000 ____D C:\d2f0698d88b3cc6c3cb9a2
    2012-11-03 12:37 - 2012-11-03 12:37 - 543703852 ____A C:\Windows\MEMORY.DMP
    2012-11-03 12:37 - 2012-11-03 12:37 - 00280640 ____A C:\Windows\Minidump\110312-27502-01.dmp
    2012-11-02 17:55 - 2012-11-02 17:55 - 00280640 ____A C:\Windows\Minidump\110212-39671-01.dmp
    2012-11-01 15:22 - 2012-11-01 15:22 - 00280640 ____A C:\Windows\Minidump\110112-33087-01.dmp
    2012-10-18 18:11 - 2012-10-18 18:15 - 00000000 ____D C:\Program Files (x86)\e-Sword
    2012-10-18 18:11 - 2012-10-18 18:12 - 00000000 ____D C:\Users\Administrator\Documents\e-Sword
    2012-10-18 18:11 - 2012-10-18 18:11 - 00001945 ____A C:\Users\Public\Desktop\e-Sword.lnk
    2012-10-18 17:58 - 2012-10-18 18:09 - 53158717 ____A (Rick Meyers) C:\Users\Administrator\Downloads\setup1010.exe
    2012-10-09 16:31 - 2012-08-20 10:48 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
    2012-10-09 16:31 - 2012-08-20 10:48 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
    2012-10-09 16:31 - 2012-08-20 10:48 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
    2012-10-09 16:31 - 2012-08-20 10:48 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
    2012-10-09 16:31 - 2012-08-20 10:48 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
    2012-10-09 16:31 - 2012-08-20 10:48 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
    2012-10-09 16:31 - 2012-08-20 10:48 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
    2012-10-09 16:31 - 2012-08-20 10:46 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
    2012-10-09 16:31 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-10-09 16:31 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
    2012-10-09 16:31 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
    2012-10-09 16:31 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-10-09 16:31 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
    2012-10-09 16:31 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
    2012-10-09 16:31 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
    2012-10-09 16:31 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
    2012-10-09 16:31 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
    2012-10-09 16:31 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
    2012-10-09 16:31 - 2012-08-20 09:40 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2012-10-09 16:31 - 2012-08-20 09:38 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2012-10-09 16:31 - 2012-08-20 09:37 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2012-10-09 16:31 - 2012-08-20 09:37 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2012-10-09 16:31 - 2012-08-20 09:37 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2012-10-09 16:31 - 2012-08-20 09:32 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2012-10-09 16:31 - 2012-08-20 09:32 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2012-10-09 16:31 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-10-09 16:31 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2012-10-09 16:31 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2012-10-09 16:31 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2012-10-09 16:31 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-10-09 16:31 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-10-09 16:31 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2012-10-09 16:31 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-10-09 16:31 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2012-10-09 16:31 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2012-10-09 16:31 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2012-10-09 16:31 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-10-09 16:31 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2012-10-09 16:31 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2012-10-09 16:31 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2012-10-09 16:31 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2012-10-09 16:31 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-10-09 16:31 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2012-10-09 16:31 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2012-10-09 16:31 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2012-10-09 16:31 - 2012-08-20 07:38 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2012-10-09 16:30 - 2012-09-14 11:19 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2012-10-09 16:30 - 2012-09-14 10:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2012-10-09 16:30 - 2012-08-31 10:19 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
    2012-10-09 16:30 - 2012-08-30 10:03 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-10-09 16:30 - 2012-08-30 09:12 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-10-09 16:30 - 2012-08-30 09:12 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-10-09 16:30 - 2012-08-24 10:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
    2012-10-09 16:30 - 2012-08-24 08:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2012-10-09 16:30 - 2012-08-20 10:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
    2012-10-09 16:30 - 2012-08-20 10:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
    2012-10-09 16:30 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-10-09 16:30 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
    2012-10-09 16:30 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
    2012-10-09 16:30 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-10-09 16:30 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-10-09 16:30 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
    2012-10-09 16:30 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-10-09 16:30 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
    2012-10-09 16:30 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
    2012-10-09 16:30 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
    2012-10-09 16:30 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
    2012-10-09 16:30 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
    2012-10-09 16:30 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
    2012-10-09 16:30 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
    2012-10-09 16:30 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-10-09 16:30 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
    2012-10-09 16:30 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2012-10-09 16:30 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2012-10-09 16:30 - 2012-08-20 07:38 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2012-10-09 16:30 - 2012-08-20 07:33 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2012-10-09 16:30 - 2012-08-20 07:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-10-09 16:30 - 2012-08-20 07:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2012-10-09 16:30 - 2012-08-20 07:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2012-10-09 16:30 - 2012-08-10 16:56 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
    2012-10-09 16:30 - 2012-08-10 15:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2012-10-09 16:29 - 2012-06-01 21:41 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-10-09 16:29 - 2012-06-01 21:41 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-10-09 16:29 - 2012-06-01 21:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-10-09 16:29 - 2012-06-01 20:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-10-09 16:29 - 2012-06-01 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-10-09 16:29 - 2012-06-01 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-10-09 08:48 - 2012-10-09 08:48 - 00000000 ____D C:\Users\Administrator\Downloads\ak2ifw_update_3ds43_dsi144 (1)
    2012-10-09 08:42 - 2012-10-09 08:42 - 02812153 ____A C:\Users\Administrator\Downloads\ak2ifw_update_3ds43_dsi144 (1).zip
    2012-10-08 19:10 - 2012-10-08 19:10 - 00136510 ____A C:\Users\Administrator\Downloads\ak2loader (5).zip
    2012-10-08 19:10 - 2012-10-08 19:10 - 00000000 ____D C:\Users\Administrator\Downloads\ak2loader (5)
    2012-10-08 18:54 - 2012-10-08 18:55 - 00000000 ____D C:\Users\Administrator\Downloads\ak2ifw_update_3ds43_dsi144
    2012-10-08 17:38 - 2012-10-08 17:38 - 05303059 ____A C:\Users\Administrator\Downloads\AKAIO.1.9.0.zip
    2012-10-08 17:33 - 2012-10-08 17:33 - 02812153 ____A C:\Users\Administrator\Downloads\ak2ifw_update_3ds43_dsi144.zip

    ==================== 3 Months Modified Files ==================
    2012-11-07 00:45 - 2012-11-07 00:45 - 00153266 ____A C:\KasperskyRescueDisk10.txt
    2012-11-07 00:43 - 2012-11-07 00:43 - 00153091 ____A C:\KasperskyRescueDisk10
    2012-11-06 20:41 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-11-06 20:41 - 2009-07-13 20:51 - 00056132 ____A C:\Windows\setupact.log
    2012-11-06 20:40 - 2012-03-24 16:44 - 00022369 ____A C:\aaw7boot.log
    2012-11-06 20:03 - 2011-02-08 08:38 - 02012347 ____A C:\Windows\WindowsUpdate.log
    2012-11-06 19:48 - 2009-07-13 20:45 - 00015152 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-11-06 19:48 - 2009-07-13 20:45 - 00015152 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-11-06 19:43 - 2009-07-13 21:13 - 00877772 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-11-04 21:00 - 2012-11-04 20:59 - 00003615 ____A C:\Users\Administrator\Desktop\FRST.txt
    2012-11-04 13:44 - 2012-11-03 13:40 - 00002198 ____A C:\Windows\epplauncher.mif
    2012-11-04 13:35 - 2012-11-04 13:35 - 00687724 ____A (Swearware) C:\Users\Administrator\Desktop\dds.com
    2012-11-04 13:34 - 2012-11-04 13:35 - 00302592 ____A C:\Users\Administrator\Desktop\r6yt3c6g.exe
    2012-11-04 13:09 - 2012-11-04 13:10 - 00430592 ____A C:\Users\Administrator\Desktop\RogueKiller.exe
    2012-11-04 13:01 - 2012-11-04 13:03 - 04996943 ____A (Swearware) C:\Users\Administrator\Desktop\Commy.exe
    2012-11-04 12:56 - 2012-11-04 12:29 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Administrator\Desktop\tdsskiller.exe
    2012-11-04 06:24 - 2012-11-04 13:54 - 01459963 ____A (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
    2012-11-03 13:42 - 2011-02-08 11:01 - 00209208 ____A C:\Windows\PFRO.log
    2012-11-03 12:37 - 2012-11-03 12:37 - 543703852 ____A C:\Windows\MEMORY.DMP
    2012-11-03 12:37 - 2012-11-03 12:37 - 00280640 ____A C:\Windows\Minidump\110312-27502-01.dmp
    2012-11-02 17:55 - 2012-11-02 17:55 - 00280640 ____A C:\Windows\Minidump\110212-39671-01.dmp
    2012-11-01 15:22 - 2012-11-01 15:22 - 00280640 ____A C:\Windows\Minidump\110112-33087-01.dmp
    2012-10-31 18:31 - 2011-02-08 10:25 - 00093064 ____A C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-10-31 17:29 - 2009-07-13 20:45 - 04931480 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-10-20 06:52 - 2012-03-27 06:51 - 00000064 ____A C:\Windows\SysWOW64\rp_stats.dat
    2012-10-20 06:52 - 2012-03-27 06:51 - 00000044 ____A C:\Windows\SysWOW64\rp_rules.dat
    2012-10-18 18:11 - 2012-10-18 18:11 - 00001945 ____A C:\Users\Public\Desktop\e-Sword.lnk
    2012-10-18 18:09 - 2012-10-18 17:58 - 53158717 ____A (Rick Meyers) C:\Users\Administrator\Downloads\setup1010.exe
    2012-10-10 23:04 - 2011-02-08 12:59 - 65309168 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-10-09 08:42 - 2012-10-09 08:42 - 02812153 ____A C:\Users\Administrator\Downloads\ak2ifw_update_3ds43_dsi144 (1).zip
    2012-10-08 19:10 - 2012-10-08 19:10 - 00136510 ____A C:\Users\Administrator\Downloads\ak2loader (5).zip
    2012-10-08 17:38 - 2012-10-08 17:38 - 05303059 ____A C:\Users\Administrator\Downloads\AKAIO.1.9.0.zip
    2012-10-08 17:33 - 2012-10-08 17:33 - 02812153 ____A C:\Users\Administrator\Downloads\ak2ifw_update_3ds43_dsi144.zip
    2012-09-14 13:41 - 2012-03-24 07:00 - 00000965 ____A C:\Users\Public\Desktop\AVG 2012.lnk
    2012-09-14 11:19 - 2012-10-09 16:30 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2012-09-14 10:28 - 2012-10-09 16:30 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2012-09-04 20:07 - 2012-09-04 20:07 - 00000755 ____A C:\Users\Administrator\Documents\appleuids.txt
    2012-09-04 20:07 - 2012-09-04 20:05 - 93221790 ____A C:\Users\Administrator\Downloads\Rxdzz.txt
    2012-09-04 19:30 - 2012-09-04 19:30 - 00010828 ____A C:\Users\Administrator\Documents\NFL.xlsx
    2012-08-31 10:19 - 2012-10-09 16:30 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
    2012-08-30 18:03 - 2012-08-30 18:03 - 00228768 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
    2012-08-30 18:03 - 2012-08-30 18:03 - 00128456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
    2012-08-30 10:03 - 2012-10-09 16:30 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-08-30 09:12 - 2012-10-09 16:30 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-08-30 09:12 - 2012-10-09 16:30 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-08-24 11:43 - 2012-08-24 11:43 - 00384352 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgtdia.sys
    2012-08-24 10:05 - 2012-10-09 16:30 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
    2012-08-24 08:57 - 2012-10-09 16:30 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2012-08-24 03:15 - 2012-10-02 04:56 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-08-24 02:39 - 2012-10-02 04:56 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-08-24 02:31 - 2012-10-02 04:57 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-08-24 02:22 - 2012-10-02 04:57 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-08-24 02:21 - 2012-10-02 04:57 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-08-24 02:20 - 2012-10-02 04:57 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-08-24 02:18 - 2012-10-02 04:57 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-08-24 02:17 - 2012-10-02 04:57 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-08-24 02:14 - 2012-10-02 04:57 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-08-24 02:14 - 2012-10-02 04:57 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-08-24 02:13 - 2012-10-02 04:57 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-08-24 02:12 - 2012-10-02 04:57 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-08-24 02:11 - 2012-10-02 04:57 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-08-24 02:10 - 2012-10-02 04:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-08-24 02:09 - 2012-10-02 04:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-08-24 02:04 - 2012-10-02 04:57 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-08-23 23:27 - 2012-10-02 04:56 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-08-23 23:03 - 2012-10-02 04:56 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-08-23 22:59 - 2012-10-02 04:57 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-08-23 22:51 - 2012-10-02 04:57 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-08-23 22:51 - 2012-10-02 04:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-08-23 22:51 - 2012-10-02 04:57 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-08-23 22:49 - 2012-10-02 04:57 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-08-23 22:48 - 2012-10-02 04:57 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-08-23 22:47 - 2012-10-02 04:57 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-08-23 22:47 - 2012-10-02 04:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2012-08-23 22:47 - 2012-10-02 04:57 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-08-23 22:45 - 2012-10-02 04:57 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-08-23 22:44 - 2012-10-02 04:57 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-08-23 22:44 - 2012-10-02 04:57 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-08-23 22:43 - 2012-10-02 04:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-08-23 22:40 - 2012-10-02 04:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-08-22 10:12 - 2012-09-12 04:13 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
    2012-08-22 10:12 - 2012-09-12 04:12 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2012-08-22 10:12 - 2012-09-12 04:12 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
    2012-08-22 10:12 - 2012-09-12 04:12 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
    2012-08-21 13:01 - 2012-09-27 12:38 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
    2012-08-20 10:48 - 2012-10-09 16:31 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
    2012-08-20 10:48 - 2012-10-09 16:31 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
    2012-08-20 10:48 - 2012-10-09 16:31 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
    2012-08-20 10:48 - 2012-10-09 16:31 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
    2012-08-20 10:48 - 2012-10-09 16:31 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
    2012-08-20 10:48 - 2012-10-09 16:31 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
    2012-08-20 10:48 - 2012-10-09 16:31 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
    2012-08-20 10:46 - 2012-10-09 16:31 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
    2012-08-20 10:38 - 2012-10-09 16:31 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:31 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:31 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:31 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:31 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:30 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:30 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:30 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:30 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:30 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:30 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:30 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:30 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:30 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:30 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:30 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:30 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:30 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:30 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:30 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:30 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:30 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:30 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
    2012-08-20 09:40 - 2012-10-09 16:31 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2012-08-20 09:38 - 2012-10-09 16:31 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2012-08-20 09:37 - 2012-10-09 16:31 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2012-08-20 09:37 - 2012-10-09 16:31 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2012-08-20 09:37 - 2012-10-09 16:31 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2012-08-20 09:32 - 2012-10-09 16:31 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 16:31 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 16:31 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 16:31 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 16:31 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 16:31 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 16:31 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 16:31 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 16:31 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 16:31 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 16:31 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 16:31 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 16:30 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 16:30 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2012-08-20 07:38 - 2012-10-09 16:31 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2012-08-20 07:38 - 2012-10-09 16:30 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2012-08-20 07:33 - 2012-10-09 16:30 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2012-08-20 07:33 - 2012-10-09 16:30 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-08-20 07:33 - 2012-10-09 16:30 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2012-08-20 07:33 - 2012-10-09 16:30 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2012-08-10 16:56 - 2012-10-09 16:30 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
    2012-08-10 15:56 - 2012-10-09 16:30 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

    ATTENTION: ========> Check for possible partition/boot infection:
    C:\Windows\svchost.exe
    ==================== Known DLLs (Whitelisted) =================

    ==================== Bamital & volsnap Check =================
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    TDL4: custom:26000022 <===== ATTENTION!
    ==================== EXE ASSOCIATION =====================
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
    ==================== Restore Points =========================
    Restore point made on: 2012-10-31 20:11:10
    Restore point made on: 2012-11-02 18:14:46
    Restore point made on: 2012-11-03 12:27:20
    Restore point made on: 2012-11-03 13:56:29
    Restore point made on: 2012-11-04 14:38:10
    Restore point made on: 2012-11-04 14:39:31
    Restore point made on: 2012-11-04 14:40:00
    Restore point made on: 2012-11-04 14:40:36
    Restore point made on: 2012-11-06 19:52:26
    ==================== Memory info ===========================
    Percentage of memory in use: 10%
    Total physical RAM: 8117.84 MB
    Available physical RAM: 7241.79 MB
    Total Pagefile: 8116.04 MB
    Available Pagefile: 7238.82 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.91 MB
    ==================== Partitions =============================
    1 Drive c: () (Fixed) (Total:218.2 GB) (Free:28.46 GB) NTFS
    2 Drive e: (WIN7SP1ULTX64) (CDROM) (Total:3.49 GB) (Free:0 GB) UDF
    3 Drive f: (4 GB) (Removable) (Total:3.72 GB) (Free:1.64 GB) FAT32
    4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    5 Drive y: (System Reserved) (Fixed) (Total:14.65 GB) (Free:14.41 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    ATTENTION: Malware custom entry on BCD on drive y: detected. Check for MBR/Partition infection.
    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 232 GB 0 B
    Disk 1 Online 3820 MB 0 B
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 OEM 39 MB 31 KB
    Partition 2 Primary 14 GB 40 MB
    Partition 3 Primary 218 GB 14 GB
    ==================================================================================
    Disk: 0
    Partition 1
    Type : DE
    Hidden: Yes
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 FAT Partition 39 MB Healthy Hidden
    =========================================================
    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y System Rese NTFS Partition 14 GB Healthy
    =========================================================
    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 218 GB Healthy
    =========================================================
    Partitions of Disk 1:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 3816 MB 4032 KB
    ==================================================================================
    Disk: 1
    Partition 1
    Type : 0B
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 F 4 GB FAT32 Removable 3816 MB Healthy
    =========================================================
    Last Boot: 2012-11-05 20:00
    ==================== End Of Log =============================
  14. Broni

    Broni Malware Annihilator Posts: 46,329   +252

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    See if you can boot normally.

    Attached Files:

  15. No1Herd

    No1Herd Newcomer, in training Topic Starter Posts: 45

    OK yes it booted normally and exe's seem to work

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-10-2012
    Ran by SYSTEM at 2012-11-07 21:08:46 Run:3
    Running from F:\stuff
    ==============================================
    C:\Windows\svchost.exe moved successfully.
    The operation completed successfully.
    The operation completed successfully.
    ==== End of Fixlog ====
  16. Broni

    Broni Malware Annihilator Posts: 46,329   +252

    Perfect!

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    ==================================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ===================================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    Alternate download: http://www.filehippo.com/download_malwarebytes_anti_malware/
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer IF MBAM asks you to do so.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    ======================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
  17. No1Herd

    No1Herd Newcomer, in training Topic Starter Posts: 45

    21:55:24.0619 3032 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

    21:55:26.0620 3032 ============================================================

    21:55:26.0620 3032 Current date / time: 2012/11/07 21:55:26.0620

    21:55:26.0620 3032 SystemInfo:

    21:55:26.0620 3032

    21:55:26.0621 3032 OS Version: 6.1.7601 ServicePack: 1.0

    21:55:26.0621 3032 Product type: Workstation

    21:55:26.0621 3032 ComputerName: FASTE6410

    21:55:26.0621 3032 UserName: Administrator

    21:55:26.0621 3032 Windows directory: C:\Windows

    21:55:26.0621 3032 System windows directory: C:\Windows

    21:55:26.0621 3032 Running under WOW64

    21:55:26.0621 3032 Processor architecture: Intel x64

    21:55:26.0621 3032 Number of processors: 4

    21:55:26.0621 3032 Page size: 0x1000

    21:55:26.0621 3032 Boot type: Normal boot

    21:55:26.0621 3032 ============================================================

    21:55:27.0875 3032 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

    21:55:27.0879 3032 Drive \Device\Harddisk1\DR1 - Size: 0xF333600 (0.24 Gb), SectorSize: 0x200, Cylinders: 0x1F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

    21:55:27.0881 3032 Drive \Device\Harddisk2\DR2 - Size: 0xEEC00000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

    21:55:27.0884 3032 ============================================================

    21:55:27.0884 3032 \Device\Harddisk0\DR0:

    21:55:27.0884 3032 MBR partitions:

    21:55:27.0884 3032 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000

    21:55:27.0884 3032 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x1B465170

    21:55:27.0884 3032 \Device\Harddisk1\DR1:

    21:55:27.0884 3032 MBR partitions:

    21:55:27.0884 3032 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0x65, BlocksNum 0x7999B

    21:55:27.0884 3032 \Device\Harddisk2\DR2:

    21:55:27.0885 3032 MBR partitions:

    21:55:27.0885 3032 \Device\Harddisk2\DR2\Partition1: MBR, Type 0xB, StartLBA 0x1F80, BlocksNum 0x774080

    21:55:27.0885 3032 ============================================================

    21:55:27.0908 3032 C: <-> \Device\Harddisk0\DR0\Partition2

    21:55:27.0908 3032 ============================================================

    21:55:27.0908 3032 Initialize success

    21:55:27.0908 3032 ============================================================

    21:55:56.0922 0268 ============================================================

    21:55:56.0922 0268 Scan started

    21:55:56.0922 0268 Mode: Manual;

    21:55:56.0922 0268 ============================================================

    21:55:57.0749 0268 ================ Scan system memory ========================

    21:55:57.0749 0268 System memory - ok

    21:55:57.0749 0268 ================ Scan services =============================

    21:55:57.0936 0268 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

    21:55:57.0952 0268 1394ohci - ok

    21:55:58.0030 0268 [ 627371B2D48F64CECC4D019114FB140D ] Acceler C:\Windows\system32\DRIVERS\Accelern.sys

    21:55:58.0030 0268 Acceler - ok

    21:55:58.0092 0268 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

    21:55:58.0092 0268 ACPI - ok

    21:55:58.0108 0268 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

    21:55:58.0108 0268 AcpiPmi - ok

    21:55:58.0186 0268 [ E42F90B27BDDDD611FA7040AFD256FDA ] acsock C:\Windows\system32\DRIVERS\acsock64.sys

    21:55:58.0201 0268 acsock - ok

    21:55:58.0233 0268 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

    21:55:58.0248 0268 adp94xx - ok

    21:55:58.0279 0268 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

    21:55:58.0279 0268 adpahci - ok

    21:55:58.0311 0268 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

    21:55:58.0311 0268 adpu320 - ok

    21:55:58.0342 0268 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

    21:55:58.0342 0268 AeLookupSvc - ok

    21:55:58.0404 0268 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

    21:55:58.0420 0268 AFD - ok

    21:55:58.0467 0268 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

    21:55:58.0482 0268 agp440 - ok

    21:55:58.0498 0268 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

    21:55:58.0498 0268 ALG - ok

    21:55:58.0513 0268 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

    21:55:58.0513 0268 aliide - ok

    21:55:58.0529 0268 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

    21:55:58.0529 0268 amdide - ok

    21:55:58.0545 0268 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

    21:55:58.0545 0268 AmdK8 - ok

    21:55:58.0560 0268 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

    21:55:58.0560 0268 AmdPPM - ok

    21:55:58.0607 0268 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

    21:55:58.0623 0268 amdsata - ok

    21:55:58.0638 0268 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

    21:55:58.0638 0268 amdsbs - ok

    21:55:58.0654 0268 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

    21:55:58.0654 0268 amdxata - ok

    21:55:58.0732 0268 [ 8655A2983A86D6675135B1FF6892055D ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys

    21:55:58.0732 0268 ApfiltrService - ok

    21:55:58.0810 0268 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

    21:55:58.0810 0268 AppID - ok

    21:55:58.0825 0268 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

    21:55:58.0825 0268 AppIDSvc - ok

    21:55:58.0903 0268 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

    21:55:58.0903 0268 Appinfo - ok

    21:55:59.0075 0268 [ D8E18021F91AD79CA8491CB5A5DA22D4 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    21:55:59.0075 0268 Apple Mobile Device - ok

    21:55:59.0137 0268 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll

    21:55:59.0153 0268 AppMgmt - ok

    21:55:59.0215 0268 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys

    21:55:59.0231 0268 arc - ok

    21:55:59.0278 0268 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

    21:55:59.0278 0268 arcsas - ok

    21:55:59.0434 0268 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

    21:55:59.0434 0268 aspnet_state - ok

    21:55:59.0496 0268 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

    21:55:59.0496 0268 AsyncMac - ok

    21:55:59.0559 0268 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

    21:55:59.0559 0268 atapi - ok

    21:55:59.0637 0268 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

    21:55:59.0637 0268 AudioEndpointBuilder - ok

    21:55:59.0668 0268 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

    21:55:59.0668 0268 AudioSrv - ok

    21:55:59.0777 0268 [ EAD65493EDBA0EBEA2192D46B938298E ] Autodesk Licensing Service C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe

    21:55:59.0777 0268 Autodesk Licensing Service - ok

    21:55:59.0964 0268 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe

    21:55:59.0995 0268 AVGIDSAgent - ok

    21:56:00.0042 0268 [ 1B2E9FCDC26DC7C81D4131430E2DC936 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys

    21:56:00.0042 0268 AVGIDSDriver - ok

    21:56:00.0073 0268 [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfiltera.sys

    21:56:00.0073 0268 AVGIDSFilter - ok

    21:56:00.0136 0268 [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys

    21:56:00.0136 0268 AVGIDSHA - ok

    21:56:00.0151 0268 [ 221FEBAB02D6C97C95558348CC354A85 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys

    21:56:00.0167 0268 Avgldx64 - ok

    21:56:00.0183 0268 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys

    21:56:00.0183 0268 Avgmfx64 - ok

    21:56:00.0229 0268 [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys

    21:56:00.0229 0268 Avgrkx64 - ok

    21:56:00.0261 0268 [ F8C3C7ED612A41B05C66358FC9786BFD ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys

    21:56:00.0261 0268 Avgtdia - ok

    21:56:00.0292 0268 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

    21:56:00.0292 0268 avgwd - ok

    21:56:00.0370 0268 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

    21:56:00.0370 0268 AxInstSV - ok

    21:56:00.0448 0268 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys

    21:56:00.0463 0268 b06bdrv - ok

    21:56:00.0541 0268 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

    21:56:00.0541 0268 b57nd60a - ok

    21:56:00.0619 0268 [ AC4E2D84DE54CD3A013AEFF0CC56095C ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys

    21:56:00.0619 0268 BCM42RLY - ok

    21:56:00.0729 0268 [ 8B5D16D20774FC3727F44E161BE2C0AC ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys

    21:56:00.0744 0268 BCM43XX - ok

    21:56:00.0853 0268 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

    21:56:00.0869 0268 BDESVC - ok

    21:56:00.0869 0268 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

    21:56:00.0885 0268 Beep - ok

    21:56:00.0947 0268 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

    21:56:00.0963 0268 BFE - ok

    21:56:00.0994 0268 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll

    21:56:00.0994 0268 BITS - ok

    21:56:01.0041 0268 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

    21:56:01.0056 0268 blbdrive - ok

    21:56:01.0181 0268 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

    21:56:01.0181 0268 Bonjour Service - ok

    21:56:01.0228 0268 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

    21:56:01.0228 0268 bowser - ok

    21:56:01.0243 0268 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

    21:56:01.0243 0268 BrFiltLo - ok

    21:56:01.0259 0268 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

    21:56:01.0259 0268 BrFiltUp - ok

    21:56:01.0306 0268 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

    21:56:01.0306 0268 Browser - ok

    21:56:01.0321 0268 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

    21:56:01.0337 0268 Brserid - ok

    21:56:01.0353 0268 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

    21:56:01.0353 0268 BrSerWdm - ok

    21:56:01.0368 0268 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

    21:56:01.0368 0268 BrUsbMdm - ok

    21:56:01.0384 0268 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

    21:56:01.0384 0268 BrUsbSer - ok

    21:56:01.0399 0268 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

    21:56:01.0399 0268 BTHMODEM - ok

    21:56:01.0462 0268 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

    21:56:01.0477 0268 bthserv - ok

    21:56:01.0493 0268 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

    21:56:01.0493 0268 cdfs - ok

    21:56:01.0555 0268 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

    21:56:01.0555 0268 cdrom - ok

    21:56:01.0633 0268 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

    21:56:01.0633 0268 CertPropSvc - ok

    21:56:01.0649 0268 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys

    21:56:01.0649 0268 circlass - ok

    21:56:01.0665 0268 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

    21:56:01.0680 0268 CLFS - ok

    21:56:01.0727 0268 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

    21:56:01.0727 0268 clr_optimization_v2.0.50727_32 - ok

    21:56:01.0758 0268 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

    21:56:01.0758 0268 clr_optimization_v2.0.50727_64 - ok

    21:56:01.0852 0268 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

    21:56:01.0852 0268 clr_optimization_v4.0.30319_32 - ok

    21:56:01.0867 0268 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

    21:56:01.0867 0268 clr_optimization_v4.0.30319_64 - ok

    21:56:01.0930 0268 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

    21:56:01.0945 0268 CmBatt - ok

    21:56:01.0977 0268 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

    21:56:01.0977 0268 cmdide - ok

    21:56:02.0023 0268 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys

    21:56:02.0039 0268 CNG - ok

    21:56:02.0086 0268 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

    21:56:02.0086 0268 Compbatt - ok

    21:56:02.0101 0268 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

    21:56:02.0101 0268 CompositeBus - ok

    21:56:02.0117 0268 COMSysApp - ok

    21:56:02.0133 0268 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

    21:56:02.0133 0268 crcdisk - ok

    21:56:02.0226 0268 [ 95669E82007DBD7BC3A7093252905612 ] Credential Vault Host Control Service C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe

    21:56:02.0226 0268 Credential Vault Host Control Service - ok

    21:56:02.0289 0268 [ 33BD6D2F7F3906E07913BE4D05E6ABFD ] Credential Vault Host Storage C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe

    21:56:02.0304 0268 Credential Vault Host Storage - ok

    21:56:02.0351 0268 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll

    21:56:02.0351 0268 CryptSvc - ok

    21:56:02.0398 0268 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys

    21:56:02.0413 0268 CSC - ok

    21:56:02.0445 0268 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll

    21:56:02.0445 0268 CscService - ok

    21:56:02.0460 0268 [ A84CAAE89B487931200B969D94018AFA ] cvusbdrv C:\Windows\system32\Drivers\cvusbdrv.sys

    21:56:02.0460 0268 cvusbdrv - ok

    21:56:02.0491 0268 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

    21:56:02.0491 0268 DcomLaunch - ok

    21:56:02.0523 0268 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

    21:56:02.0538 0268 defragsvc - ok

    21:56:02.0569 0268 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

    21:56:02.0569 0268 DfsC - ok

    21:56:02.0632 0268 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

    21:56:02.0647 0268 Dhcp - ok

    21:56:02.0663 0268 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

    21:56:02.0663 0268 discache - ok

    21:56:02.0741 0268 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys

    21:56:02.0741 0268 Disk - ok

    21:56:02.0803 0268 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

    21:56:02.0819 0268 Dnscache - ok

    21:56:02.0850 0268 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

    21:56:02.0866 0268 dot3svc - ok

    21:56:02.0897 0268 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

    21:56:02.0897 0268 DPS - ok

    21:56:02.0975 0268 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

    21:56:02.0975 0268 drmkaud - ok

    21:56:03.0053 0268 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

    21:56:03.0069 0268 DXGKrnl - ok

    21:56:03.0131 0268 [ 60C5B36E07BE8B3AF3911C3D10303CFE ] e1kexpress C:\Windows\system32\DRIVERS\e1k62x64.sys

    21:56:03.0131 0268 e1kexpress - ok

    21:56:03.0162 0268 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

    21:56:03.0162 0268 EapHost - ok

    21:56:03.0240 0268 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys

    21:56:03.0334 0268 ebdrv - ok

    21:56:03.0365 0268 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

    21:56:03.0365 0268 EFS - ok

    21:56:03.0396 0268 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

    21:56:03.0427 0268 ehRecvr - ok

    21:56:03.0443 0268 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

    21:56:03.0443 0268 ehSched - ok

    21:56:03.0505 0268 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

    21:56:03.0521 0268 elxstor - ok

    21:56:03.0552 0268 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

    21:56:03.0552 0268 ErrDev - ok

    21:56:03.0615 0268 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

    21:56:03.0630 0268 EventSystem - ok

    21:56:03.0677 0268 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

    21:56:03.0693 0268 exfat - ok

    21:56:03.0708 0268 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

    21:56:03.0708 0268 fastfat - ok

    21:56:03.0786 0268 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

    21:56:03.0802 0268 Fax - ok

    21:56:03.0864 0268 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys

    21:56:03.0864 0268 fdc - ok

    21:56:03.0911 0268 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

    21:56:03.0911 0268 fdPHost - ok

    21:56:03.0927 0268 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

    21:56:03.0927 0268 FDResPub - ok

    21:56:03.0942 0268 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

    21:56:03.0942 0268 FileInfo - ok

    21:56:03.0958 0268 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

    21:56:03.0958 0268 Filetrace - ok

    21:56:04.0005 0268 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

    21:56:04.0020 0268 flpydisk - ok

    21:56:04.0067 0268 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

    21:56:04.0067 0268 FltMgr - ok

    21:56:04.0129 0268 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll

    21:56:04.0145 0268 FontCache - ok

    21:56:04.0207 0268 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

    21:56:04.0207 0268 FontCache3.0.0.0 - ok

    21:56:04.0223 0268 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

    21:56:04.0223 0268 FsDepends - ok

    21:56:04.0254 0268 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

    21:56:04.0254 0268 Fs_Rec - ok

    21:56:04.0285 0268 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

    21:56:04.0285 0268 fvevol - ok

    21:56:04.0301 0268 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

    21:56:04.0317 0268 gagp30kx - ok

    21:56:04.0348 0268 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

    21:56:04.0348 0268 GEARAspiWDM - ok

    21:56:04.0395 0268 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

    21:56:04.0410 0268 gpsvc - ok

    21:56:04.0426 0268 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

    21:56:04.0441 0268 hcw85cir - ok

    21:56:04.0504 0268 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

    21:56:04.0519 0268 HdAudAddService - ok

    21:56:04.0566 0268 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys

    21:56:04.0566 0268 HDAudBus - ok

    21:56:04.0597 0268 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

    21:56:04.0597 0268 HidBatt - ok

    21:56:04.0629 0268 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

    21:56:04.0629 0268 HidBth - ok

    21:56:04.0644 0268 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

    21:56:04.0644 0268 HidIr - ok

    21:56:04.0675 0268 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll

    21:56:04.0675 0268 hidserv - ok

    21:56:04.0675 0268 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

    21:56:04.0691 0268 HidUsb - ok

    21:56:04.0722 0268 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

    21:56:04.0738 0268 hkmsvc - ok

    21:56:04.0769 0268 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

    21:56:04.0785 0268 HomeGroupListener - ok

    21:56:04.0800 0268 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

    21:56:04.0800 0268 HomeGroupProvider - ok

    21:56:04.0831 0268 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

    21:56:04.0831 0268 HpSAMD - ok

    21:56:04.0878 0268 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

    21:56:04.0894 0268 HTTP - ok

    21:56:04.0925 0268 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

    21:56:04.0925 0268 hwpolicy - ok

    21:56:04.0987 0268 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

    21:56:04.0987 0268 i8042prt - ok

    21:56:05.0081 0268 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

    21:56:05.0081 0268 iaStorV - ok

    21:56:05.0128 0268 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

    21:56:05.0143 0268 idsvc - ok

    21:56:05.0409 0268 [ 31569A2E836C12014148BF7342716946 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys

    21:56:05.0643 0268 igfx - ok

    21:56:05.0705 0268 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

    21:56:05.0705 0268 iirsp - ok

    21:56:05.0752 0268 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

    21:56:05.0752 0268 IKEEXT - ok

    21:56:05.0830 0268 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys

    21:56:05.0845 0268 Impcd - ok

    21:56:05.0892 0268 [ A4A87C2F228DD2AC93DAE94E103792D3 ] InstallFilterService C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\InstallFilterService.exe

    21:56:05.0908 0268 InstallFilterService - ok

    21:56:05.0923 0268 [ 03C74719D48056A1078F3A51CEB76BAA ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys

    21:56:05.0923 0268 IntcDAud - ok

    21:56:05.0939 0268 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

    21:56:05.0939 0268 intelide - ok

    21:56:06.0001 0268 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

    21:56:06.0001 0268 intelppm - ok

    21:56:06.0111 0268 [ 3DC635B66DD7412E1C9C3A77B8D78F25 ] IntuitUpdateService C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

    21:56:06.0111 0268 IntuitUpdateService - ok

    21:56:06.0189 0268 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

    21:56:06.0189 0268 IPBusEnum - ok

    21:56:06.0235 0268 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

    21:56:06.0235 0268 IpFilterDriver - ok

    21:56:06.0298 0268 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

    21:56:06.0298 0268 iphlpsvc - ok

    21:56:06.0345 0268 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

    21:56:06.0345 0268 IPMIDRV - ok

    21:56:06.0360 0268 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

    21:56:06.0360 0268 IPNAT - ok

    21:56:06.0423 0268 [ 3C0D4B3E80FC4854CA325DD123CC4DED ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

    21:56:06.0438 0268 iPod Service - ok

    21:56:06.0501 0268 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

    21:56:06.0501 0268 IRENUM - ok

    21:56:06.0516 0268 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

    21:56:06.0516 0268 isapnp - ok

    21:56:06.0547 0268 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

    21:56:06.0563 0268 iScsiPrt - ok

    21:56:06.0563 0268 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys

    21:56:06.0563 0268 kbdclass - ok

    21:56:06.0594 0268 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys

    21:56:06.0594 0268 kbdhid - ok

    21:56:06.0657 0268 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

    21:56:06.0657 0268 KeyIso - ok

    21:56:06.0703 0268 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

    21:56:06.0719 0268 KSecDD - ok

    21:56:06.0735 0268 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

    21:56:06.0735 0268 KSecPkg - ok

    21:56:06.0750 0268 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

    21:56:06.0750 0268 ksthunk - ok

    21:56:06.0766 0268 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

    21:56:06.0781 0268 KtmRm - ok

    21:56:06.0844 0268 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll

    21:56:06.0859 0268 LanmanServer - ok

    21:56:06.0891 0268 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

    21:56:06.0891 0268 LanmanWorkstation - ok

    21:56:07.0047 0268 [ 55AFD4A9D5ED4AD40D5215CCDF4D65F3 ] Lavasoft Ad-Aware Service C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe

    21:56:07.0062 0268 Lavasoft Ad-Aware Service - ok

    21:56:07.0156 0268 [ 9A7FA6371F68335FD3C3D6488BC5A9F8 ] Lavasoft Kernexplorer C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys

    21:56:07.0156 0268 Lavasoft Kernexplorer - ok

    21:56:07.0234 0268 [ C8B3131857931AE76798A741CC52B021 ] Lbd C:\Windows\system32\DRIVERS\Lbd.sys

    21:56:07.0234 0268 Lbd - ok

    21:56:07.0312 0268 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

    21:56:07.0312 0268 lltdio - ok

    21:56:07.0327 0268 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

    21:56:07.0343 0268 lltdsvc - ok

    21:56:07.0359 0268 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

    21:56:07.0359 0268 lmhosts - ok

    21:56:07.0405 0268 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

    21:56:07.0421 0268 LSI_FC - ok

    21:56:07.0437 0268 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

    21:56:07.0437 0268 LSI_SAS - ok

    21:56:07.0468 0268 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

    21:56:07.0468 0268 LSI_SAS2 - ok

    21:56:07.0483 0268 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

    21:56:07.0483 0268 LSI_SCSI - ok

    21:56:07.0530 0268 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

    21:56:07.0530 0268 luafv - ok

    21:56:07.0608 0268 [ CEC4D9C0A64993F4F82FD77A84B21944 ] McAfeeEngineService C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe

    21:56:07.0608 0268 McAfeeEngineService - ok

    21:56:07.0702 0268 [ 1B963D79740B187795407CD03E2F7B4D ] McAfeeFramework C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe

    21:56:07.0702 0268 McAfeeFramework - ok

    21:56:07.0764 0268 [ 911A6416D429EE8A8804D44F2E181A31 ] McShield C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe

    21:56:07.0764 0268 McShield - ok

    21:56:07.0811 0268 [ F199668780C3D208930257A7CE655C27 ] McTaskManager C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe

    21:56:07.0811 0268 McTaskManager - ok

    21:56:07.0858 0268 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

    21:56:07.0858 0268 Mcx2Svc - ok

    21:56:07.0873 0268 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

    21:56:07.0873 0268 megasas - ok

    21:56:07.0889 0268 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

    21:56:07.0905 0268 MegaSR - ok

    21:56:07.0920 0268 [ 12AD015F8C2C109C6A74D25DA94607FE ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys

    21:56:07.0920 0268 mfeapfk - ok

    21:56:07.0951 0268 [ DD17753AD5FA52F3BCD3B512934690C4 ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys

    21:56:07.0951 0268 mfeavfk - ok

    21:56:07.0967 0268 [ 3BA96B0584AD024F03EB9835D45619C2 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys

    21:56:07.0967 0268 mfehidk - ok

    21:56:07.0998 0268 [ 158C24A8ED5F2CAB71A86FD775BC1727 ] mferkdet C:\Windows\system32\drivers\mferkdet.sys

    21:56:07.0998 0268 mferkdet - ok

    21:56:08.0014 0268 [ 6CFFF53E82808268DD61AB4790A36426 ] mfetdik C:\Windows\system32\drivers\mfetdik.sys

    21:56:08.0014 0268 mfetdik - ok

    21:56:08.0029 0268 [ BE9D3BF69F3958492B56DCE7EA7F5FA9 ] mfevtp C:\Windows\system32\mfevtps.exe

    21:56:08.0029 0268 mfevtp - ok

    21:56:08.0185 0268 [ AA0C4A2C33CE075DF2C272D678734991 ] mi-raysat_3dsMax2009_64 C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe

    21:56:08.0185 0268 mi-raysat_3dsMax2009_64 - ok

    21:56:08.0279 0268 Microsoft SharePoint Workspace Audit Service - ok

    21:56:08.0326 0268 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

    21:56:08.0326 0268 MMCSS - ok

    21:56:08.0341 0268 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

    21:56:08.0341 0268 Modem - ok

    21:56:08.0404 0268 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

    21:56:08.0404 0268 monitor - ok

    21:56:08.0466 0268 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

    21:56:08.0466 0268 mouclass - ok

  18. No1Herd

    No1Herd Newcomer, in training Topic Starter Posts: 45

    21:56:08.0497 0268 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

    21:56:08.0513 0268 mouhid - ok

    21:56:08.0575 0268 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

    21:56:08.0575 0268 mountmgr - ok

    21:56:08.0653 0268 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys

    21:56:08.0653 0268 MpFilter - ok

    21:56:08.0700 0268 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

    21:56:08.0716 0268 mpio - ok

    21:56:08.0763 0268 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

    21:56:08.0763 0268 mpsdrv - ok

    21:56:08.0841 0268 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

    21:56:08.0841 0268 MpsSvc - ok

    21:56:08.0887 0268 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

    21:56:08.0903 0268 MRxDAV - ok

    21:56:08.0950 0268 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

    21:56:08.0950 0268 mrxsmb - ok

    21:56:08.0981 0268 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

    21:56:08.0997 0268 mrxsmb10 - ok

    21:56:09.0012 0268 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

    21:56:09.0012 0268 mrxsmb20 - ok

    21:56:09.0059 0268 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

    21:56:09.0059 0268 msahci - ok

    21:56:09.0075 0268 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

    21:56:09.0075 0268 msdsm - ok

    21:56:09.0090 0268 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

    21:56:09.0090 0268 MSDTC - ok

    21:56:09.0246 0268 [ 7D0AC2859EEACCC5BD038B8CDDCAFF62 ] MsDtsServer100 C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe

    21:56:09.0246 0268 MsDtsServer100 - ok

    21:56:09.0277 0268 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

    21:56:09.0277 0268 Msfs - ok

    21:56:09.0324 0268 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

    21:56:09.0324 0268 mshidkmdf - ok

    21:56:09.0340 0268 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

    21:56:09.0340 0268 msisadrv - ok

    21:56:09.0371 0268 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

    21:56:09.0371 0268 MSiSCSI - ok

    21:56:09.0371 0268 msiserver - ok

    21:56:09.0433 0268 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

    21:56:09.0433 0268 MSKSSRV - ok

    21:56:09.0511 0268 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe

    21:56:09.0527 0268 MsMpSvc - ok

    21:56:09.0543 0268 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

    21:56:09.0543 0268 MSPCLOCK - ok

    21:56:09.0543 0268 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

    21:56:09.0558 0268 MSPQM - ok

    21:56:09.0605 0268 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

    21:56:09.0605 0268 MsRPC - ok

    21:56:09.0621 0268 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

    21:56:09.0621 0268 mssmbios - ok

    21:56:09.0683 0268 MSSQLSERVER - ok

    21:56:09.0761 0268 [ 04EF36EAF5C4DBCE424D81B76F1E9231 ] MSSQLServerADHelper100 C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE

    21:56:09.0761 0268 MSSQLServerADHelper100 - ok

    21:56:09.0777 0268 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

    21:56:09.0777 0268 MSTEE - ok

    21:56:09.0792 0268 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

    21:56:09.0792 0268 MTConfig - ok

    21:56:09.0808 0268 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

    21:56:09.0808 0268 Mup - ok

    21:56:09.0870 0268 [ 6B477CE78C8BA859F8337892517DC6BC ] NAL C:\Windows\system32\Drivers\iqvw64e.sys

    21:56:09.0886 0268 NAL - ok

    21:56:09.0933 0268 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

    21:56:09.0948 0268 napagent - ok

    21:56:10.0011 0268 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

    21:56:10.0011 0268 NativeWifiP - ok

    21:56:10.0104 0268 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys

    21:56:10.0104 0268 NDIS - ok

    21:56:10.0135 0268 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

    21:56:10.0135 0268 NdisCap - ok

    21:56:10.0182 0268 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

    21:56:10.0182 0268 NdisTapi - ok

    21:56:10.0229 0268 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

    21:56:10.0229 0268 Ndisuio - ok

    21:56:10.0276 0268 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

    21:56:10.0276 0268 NdisWan - ok

    21:56:10.0338 0268 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

    21:56:10.0338 0268 NDProxy - ok

    21:56:10.0354 0268 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

    21:56:10.0354 0268 NetBIOS - ok

    21:56:10.0385 0268 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

    21:56:10.0385 0268 NetBT - ok

    21:56:10.0385 0268 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

    21:56:10.0385 0268 Netlogon - ok

    21:56:10.0432 0268 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

    21:56:10.0432 0268 Netman - ok

    21:56:10.0494 0268 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

    21:56:10.0494 0268 NetMsmqActivator - ok

    21:56:10.0510 0268 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

    21:56:10.0510 0268 NetPipeActivator - ok

    21:56:10.0525 0268 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

    21:56:10.0525 0268 netprofm - ok

    21:56:10.0525 0268 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

    21:56:10.0525 0268 NetTcpActivator - ok

    21:56:10.0541 0268 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

    21:56:10.0541 0268 NetTcpPortSharing - ok

    21:56:10.0557 0268 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

    21:56:10.0557 0268 nfrd960 - ok

    21:56:10.0697 0268 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys

    21:56:10.0697 0268 NisDrv - ok

    21:56:10.0759 0268 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe

    21:56:10.0759 0268 NisSrv - ok

    21:56:10.0822 0268 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll

    21:56:10.0837 0268 NlaSvc - ok

    21:56:10.0915 0268 [ 1675AC45BEFD9CFFADD3E251524A9468 ] NovacomD C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe

    21:56:10.0915 0268 NovacomD - ok

    21:56:10.0962 0268 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

    21:56:10.0978 0268 Npfs - ok

    21:56:11.0025 0268 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

    21:56:11.0025 0268 nsi - ok

    21:56:11.0040 0268 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

    21:56:11.0056 0268 nsiproxy - ok

    21:56:11.0118 0268 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

    21:56:11.0134 0268 Ntfs - ok

    21:56:11.0181 0268 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

    21:56:11.0181 0268 Null - ok

    21:56:11.0227 0268 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

    21:56:11.0227 0268 nvraid - ok

    21:56:11.0274 0268 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

    21:56:11.0274 0268 nvstor - ok

    21:56:11.0321 0268 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

    21:56:11.0337 0268 nv_agp - ok

    21:56:11.0477 0268 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

    21:56:11.0477 0268 odserv - ok

    21:56:11.0493 0268 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

    21:56:11.0508 0268 ohci1394 - ok

    21:56:11.0571 0268 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

    21:56:11.0586 0268 ose - ok

    21:56:11.0649 0268 [ 4965B005492CBA7719E82B71E3245495 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

    21:56:11.0649 0268 ose64 - ok

    21:56:11.0820 0268 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

    21:56:11.0929 0268 osppsvc - ok

    21:56:11.0961 0268 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

    21:56:11.0961 0268 p2pimsvc - ok

    21:56:11.0992 0268 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

    21:56:12.0007 0268 p2psvc - ok

    21:56:12.0070 0268 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys

    21:56:12.0070 0268 Parport - ok

    21:56:12.0117 0268 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

    21:56:12.0117 0268 partmgr - ok

    21:56:12.0179 0268 [ 363B3F857ABEE85767E01E3044C539CD ] PBADRV C:\Windows\system32\DRIVERS\PBADRV.sys

    21:56:12.0179 0268 PBADRV - ok

    21:56:12.0195 0268 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

    21:56:12.0195 0268 PcaSvc - ok

    21:56:12.0210 0268 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

    21:56:12.0210 0268 pci - ok

    21:56:12.0257 0268 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

    21:56:12.0257 0268 pciide - ok

    21:56:12.0273 0268 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

    21:56:12.0288 0268 pcmcia - ok

    21:56:12.0304 0268 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

    21:56:12.0304 0268 pcw - ok

    21:56:12.0319 0268 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

    21:56:12.0335 0268 PEAUTH - ok

    21:56:12.0366 0268 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll

    21:56:12.0397 0268 PeerDistSvc - ok

    21:56:12.0491 0268 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

    21:56:12.0491 0268 PerfHost - ok

    21:56:12.0569 0268 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

    21:56:12.0600 0268 pla - ok

    21:56:12.0678 0268 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

    21:56:12.0694 0268 PlugPlay - ok

    21:56:12.0694 0268 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

    21:56:12.0709 0268 PNRPAutoReg - ok

    21:56:12.0725 0268 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

    21:56:12.0725 0268 PNRPsvc - ok

    21:56:12.0787 0268 [ B8D8EC78B0F9ED8E220506181274F3D3 ] Point64 C:\Windows\system32\DRIVERS\point64.sys

    21:56:12.0803 0268 Point64 - ok

    21:56:12.0881 0268 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

    21:56:12.0897 0268 PolicyAgent - ok

    21:56:12.0928 0268 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

    21:56:12.0928 0268 Power - ok

    21:56:12.0990 0268 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

    21:56:12.0990 0268 PptpMiniport - ok

    21:56:13.0021 0268 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys

    21:56:13.0021 0268 Processor - ok

    21:56:13.0068 0268 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

    21:56:13.0084 0268 ProfSvc - ok

    21:56:13.0084 0268 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

    21:56:13.0084 0268 ProtectedStorage - ok

    21:56:13.0131 0268 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

    21:56:13.0131 0268 Psched - ok

    21:56:13.0177 0268 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

    21:56:13.0255 0268 ql2300 - ok

    21:56:13.0255 0268 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

    21:56:13.0271 0268 ql40xx - ok

    21:56:13.0302 0268 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

    21:56:13.0302 0268 QWAVE - ok

    21:56:13.0318 0268 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

    21:56:13.0318 0268 QWAVEdrv - ok

    21:56:13.0333 0268 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

    21:56:13.0333 0268 RasAcd - ok

    21:56:13.0349 0268 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

    21:56:13.0349 0268 RasAgileVpn - ok

    21:56:13.0365 0268 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

    21:56:13.0380 0268 RasAuto - ok

    21:56:13.0411 0268 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

    21:56:13.0411 0268 Rasl2tp - ok

    21:56:13.0458 0268 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

    21:56:13.0474 0268 RasMan - ok

    21:56:13.0489 0268 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

    21:56:13.0489 0268 RasPppoe - ok

    21:56:13.0505 0268 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

    21:56:13.0505 0268 RasSstp - ok

    21:56:13.0567 0268 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

    21:56:13.0567 0268 rdbss - ok

    21:56:13.0567 0268 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

    21:56:13.0583 0268 rdpbus - ok

    21:56:13.0583 0268 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

    21:56:13.0583 0268 RDPCDD - ok

    21:56:13.0630 0268 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys

    21:56:13.0630 0268 RDPDR - ok

    21:56:13.0677 0268 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

    21:56:13.0677 0268 RDPENCDD - ok

    21:56:13.0692 0268 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

    21:56:13.0692 0268 RDPREFMP - ok

    21:56:13.0801 0268 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys

    21:56:13.0801 0268 RdpVideoMiniport - ok

    21:56:13.0848 0268 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

    21:56:13.0848 0268 RDPWD - ok

    21:56:13.0895 0268 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

    21:56:13.0895 0268 rdyboost - ok

    21:56:13.0926 0268 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

    21:56:13.0926 0268 RemoteAccess - ok

    21:56:13.0942 0268 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

    21:56:13.0957 0268 RemoteRegistry - ok

    21:56:14.0020 0268 [ 91C2AE052652E7ABD88155F11D667ED2 ] risdpcie C:\Windows\system32\DRIVERS\risdpe64.sys

    21:56:14.0020 0268 risdpcie - ok

    21:56:14.0035 0268 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

    21:56:14.0035 0268 RpcEptMapper - ok

    21:56:14.0067 0268 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

    21:56:14.0067 0268 RpcLocator - ok

    21:56:14.0113 0268 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

    21:56:14.0129 0268 RpcSs - ok

    21:56:14.0176 0268 [ EB1C539E621A35A49F7692B0EB565AB9 ] RsFx0150 C:\Windows\system32\DRIVERS\RsFx0150.sys

    21:56:14.0176 0268 RsFx0150 - ok

    21:56:14.0191 0268 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

    21:56:14.0207 0268 rspndr - ok

    21:56:14.0238 0268 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys

    21:56:14.0254 0268 s3cap - ok

    21:56:14.0254 0268 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

    21:56:14.0269 0268 SamSs - ok

    21:56:14.0285 0268 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

    21:56:14.0285 0268 sbp2port - ok

    21:56:14.0347 0268 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

    21:56:14.0347 0268 SCardSvr - ok

    21:56:14.0394 0268 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

    21:56:14.0394 0268 scfilter - ok

    21:56:14.0441 0268 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

    21:56:14.0457 0268 Schedule - ok

    21:56:14.0503 0268 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

    21:56:14.0503 0268 SCPolicySvc - ok

    21:56:14.0550 0268 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys

    21:56:14.0550 0268 sdbus - ok

    21:56:14.0566 0268 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

    21:56:14.0581 0268 SDRSVC - ok

    21:56:14.0628 0268 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

    21:56:14.0628 0268 secdrv - ok

    21:56:14.0691 0268 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

    21:56:14.0691 0268 seclogon - ok

    21:56:14.0706 0268 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll

    21:56:14.0706 0268 SENS - ok

    21:56:14.0722 0268 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

    21:56:14.0722 0268 SensrSvc - ok

    21:56:14.0769 0268 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

    21:56:14.0769 0268 Serenum - ok

    21:56:14.0815 0268 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys

    21:56:14.0831 0268 Serial - ok

    21:56:14.0831 0268 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

    21:56:14.0847 0268 sermouse - ok

    21:56:14.0893 0268 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

    21:56:14.0893 0268 SessionEnv - ok

    21:56:14.0909 0268 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

    21:56:14.0909 0268 sffdisk - ok

    21:56:14.0925 0268 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

    21:56:14.0925 0268 sffp_mmc - ok

    21:56:14.0940 0268 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

    21:56:14.0940 0268 sffp_sd - ok

    21:56:14.0956 0268 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

    21:56:14.0956 0268 sfloppy - ok

    21:56:15.0018 0268 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

    21:56:15.0034 0268 SharedAccess - ok

    21:56:15.0049 0268 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

    21:56:15.0049 0268 ShellHWDetection - ok

    21:56:15.0096 0268 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

    21:56:15.0096 0268 SiSRaid2 - ok

    21:56:15.0112 0268 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

    21:56:15.0112 0268 SiSRaid4 - ok

    21:56:15.0159 0268 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

    21:56:15.0174 0268 Smb - ok

    21:56:15.0237 0268 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

    21:56:15.0237 0268 SNMPTRAP - ok

    21:56:15.0252 0268 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

    21:56:15.0252 0268 spldr - ok

    21:56:15.0299 0268 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe

    21:56:15.0299 0268 Spooler - ok

    21:56:15.0393 0268 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

    21:56:15.0471 0268 sppsvc - ok

    21:56:15.0486 0268 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

    21:56:15.0486 0268 sppuinotify - ok

    21:56:15.0595 0268 [ 7D67C07C63796775CC5492BCFEAFF125 ] SQLBrowser C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

    21:56:15.0595 0268 SQLBrowser - ok

    21:56:15.0673 0268 [ 70F05E8ECE922C20E785A46224E12183 ] SQLSERVERAGENT C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE

    21:56:15.0673 0268 SQLSERVERAGENT - ok

    21:56:15.0751 0268 [ F98DDFBFE0EE66D4C4B00693512B9527 ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

    21:56:15.0751 0268 SQLWriter - ok

    21:56:15.0798 0268 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

    21:56:15.0798 0268 srv - ok

    21:56:15.0814 0268 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

    21:56:15.0814 0268 srv2 - ok

    21:56:15.0845 0268 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

    21:56:15.0845 0268 srvnet - ok

    21:56:15.0892 0268 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

    21:56:15.0892 0268 SSDPSRV - ok

    21:56:15.0907 0268 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

    21:56:15.0907 0268 SstpSvc - ok

    21:56:15.0954 0268 [ C568FDB21CE77A44FD166F28F104AC46 ] stdflt C:\Windows\system32\DRIVERS\stdfltn.sys

    21:56:15.0954 0268 stdflt - ok

    21:56:15.0985 0268 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

    21:56:15.0985 0268 stexstor - ok

    21:56:16.0032 0268 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

    21:56:16.0032 0268 stisvc - ok

    21:56:16.0079 0268 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys

    21:56:16.0079 0268 storflt - ok

    21:56:16.0095 0268 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll

    21:56:16.0095 0268 StorSvc - ok

    21:56:16.0110 0268 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys

    21:56:16.0110 0268 storvsc - ok

    21:56:16.0141 0268 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys

    21:56:16.0141 0268 swenum - ok

    21:56:16.0251 0268 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

    21:56:16.0266 0268 SwitchBoard - ok

    21:56:16.0297 0268 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

    21:56:16.0313 0268 swprv - ok

    21:56:16.0344 0268 Synth3dVsc - ok

    21:56:16.0422 0268 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

    21:56:16.0438 0268 SysMain - ok

    21:56:16.0469 0268 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

    21:56:16.0485 0268 TabletInputService - ok

    21:56:16.0500 0268 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

    21:56:16.0500 0268 TapiSrv - ok

    21:56:16.0516 0268 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

    21:56:16.0516 0268 TBS - ok

    21:56:16.0609 0268 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys

    21:56:16.0641 0268 Tcpip - ok

    21:56:16.0734 0268 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

    21:56:16.0750 0268 TCPIP6 - ok

    21:56:16.0781 0268 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

    21:56:16.0797 0268 tcpipreg - ok

    21:56:16.0812 0268 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

    21:56:16.0828 0268 TDPIPE - ok

    21:56:16.0859 0268 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

    21:56:16.0859 0268 TDTCP - ok

    21:56:16.0906 0268 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

    21:56:16.0906 0268 tdx - ok

    21:56:16.0953 0268 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys

    21:56:16.0953 0268 TermDD - ok

    21:56:16.0984 0268 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

    21:56:16.0984 0268 TermService - ok

    21:56:16.0999 0268 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

    21:56:16.0999 0268 Themes - ok

    21:56:17.0015 0268 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

    21:56:17.0015 0268 THREADORDER - ok

    21:56:17.0031 0268 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

    21:56:17.0031 0268 TrkWks - ok

    21:56:17.0109 0268 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

    21:56:17.0109 0268 TrustedInstaller - ok

    21:56:17.0140 0268 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

    21:56:17.0140 0268 tssecsrv - ok

    21:56:17.0187 0268 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

    21:56:17.0187 0268 TsUsbFlt - ok

    21:56:17.0187 0268 tsusbhub - ok

    21:56:17.0265 0268 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

    21:56:17.0280 0268 tunnel - ok

    21:56:17.0296 0268 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

    21:56:17.0296 0268 uagp35 - ok

    21:56:17.0343 0268 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

    21:56:17.0343 0268 udfs - ok

    21:56:17.0374 0268 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

    21:56:17.0374 0268 UI0Detect - ok

    21:56:17.0389 0268 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

    21:56:17.0389 0268 uliagpkx - ok

    21:56:17.0467 0268 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

    21:56:17.0467 0268 umbus - ok

    21:56:17.0483 0268 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

    21:56:17.0483 0268 UmPass - ok

    21:56:17.0514 0268 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll

    21:56:17.0530 0268 UmRdpService - ok

    21:56:17.0545 0268 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

    21:56:17.0545 0268 upnphost - ok

    21:56:17.0608 0268 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys

    21:56:17.0623 0268 USBAAPL64 - ok

    21:56:17.0655 0268 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

    21:56:17.0655 0268 usbccgp - ok

    21:56:17.0701 0268 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

    21:56:17.0701 0268 usbcir - ok

    21:56:17.0733 0268 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys

    21:56:17.0733 0268 usbehci - ok

    21:56:17.0748 0268 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

    21:56:17.0764 0268 usbhub - ok

    21:56:17.0779 0268 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys

    21:56:17.0779 0268 usbohci - ok

    21:56:17.0842 0268 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

    21:56:17.0842 0268 usbprint - ok

    21:56:17.0889 0268 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

    21:56:17.0904 0268 usbscan - ok

    21:56:17.0935 0268 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

    21:56:17.0935 0268 USBSTOR - ok

    21:56:17.0967 0268 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

    21:56:17.0967 0268 usbuhci - ok

    21:56:17.0982 0268 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

    21:56:17.0982 0268 UxSms - ok

    21:56:17.0998 0268 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

    21:56:17.0998 0268 VaultSvc - ok

    21:56:18.0045 0268 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

    21:56:18.0045 0268 vdrvroot - ok

    21:56:18.0091 0268 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

    21:56:18.0123 0268 vds - ok

    21:56:18.0169 0268 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

    21:56:18.0169 0268 vga - ok

    21:56:18.0185 0268 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

    21:56:18.0201 0268 VgaSave - ok

    21:56:18.0216 0268 VGPU - ok

    21:56:18.0263 0268 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

    21:56:18.0263 0268 vhdmp - ok

    21:56:18.0279 0268 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

    21:56:18.0279 0268 viaide - ok

    21:56:18.0294 0268 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys

    21:56:18.0294 0268 vmbus - ok

    21:56:18.0325 0268 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys

    21:56:18.0325 0268 VMBusHID - ok

    21:56:18.0341 0268 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

    21:56:18.0341 0268 volmgr - ok

    21:56:18.0372 0268 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

    21:56:18.0388 0268 volmgrx - ok

    21:56:18.0403 0268 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

    21:56:18.0403 0268 volsnap - ok

    21:56:18.0528 0268 [ F937E203D6F18FAD36B68D92DF02775D ] vpnagent C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe

    21:56:18.0544 0268 vpnagent - ok

    21:56:18.0575 0268 [ 845DAE50510383B7F6ACA73CE2099048 ] vpnva C:\Windows\system32\DRIVERS\vpnva64.sys

    21:56:18.0575 0268 vpnva - ok

    21:56:18.0637 0268 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

    21:56:18.0653 0268 vsmraid - ok

    21:56:18.0715 0268 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

    21:56:18.0778 0268 VSS - ok

    21:56:18.0793 0268 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

    21:56:18.0793 0268 vwifibus - ok

    21:56:18.0809 0268 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

    21:56:18.0809 0268 vwififlt - ok

    21:56:18.0856 0268 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys

    21:56:18.0856 0268 vwifimp - ok

    21:56:18.0918 0268 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

    21:56:18.0934 0268 W32Time - ok

    21:56:18.0949 0268 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

    21:56:18.0965 0268 WacomPen - ok

    21:56:19.0027 0268 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

    21:56:19.0027 0268 WANARP - ok

    21:56:19.0043 0268 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

    21:56:19.0043 0268 Wanarpv6 - ok

    21:56:19.0105 0268 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

    21:56:19.0137 0268 WatAdminSvc - ok

    21:56:19.0199 0268 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

    21:56:19.0230 0268 wbengine - ok

    21:56:19.0246 0268 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

    21:56:19.0261 0268 WbioSrvc - ok

    21:56:19.0308 0268 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

    21:56:19.0324 0268 wcncsvc - ok

    21:56:19.0324 0268 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

    21:56:19.0339 0268 WcsPlugInService - ok

    21:56:19.0355 0268 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys

    21:56:19.0355 0268 Wd - ok

    21:56:19.0386 0268 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

    21:56:19.0386 0268 Wdf01000 - ok

    21:56:19.0449 0268 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

    21:56:19.0449 0268 WdiServiceHost - ok

    21:56:19.0449 0268 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

    21:56:19.0449 0268 WdiSystemHost - ok

    21:56:19.0495 0268 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

    21:56:19.0511 0268 WebClient - ok

    21:56:19.0527 0268 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

    21:56:19.0527 0268 Wecsvc - ok

    21:56:19.0542 0268 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

    21:56:19.0542 0268 wercplsupport - ok

    21:56:19.0573 0268 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

    21:56:19.0573 0268 WerSvc - ok

    21:56:19.0605 0268 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

    21:56:19.0620 0268 WfpLwf - ok

    21:56:19.0636 0268 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

    21:56:19.0636 0268 WIMMount - ok

    21:56:19.0651 0268 WinDefend - ok

    21:56:19.0667 0268 WinHttpAutoProxySvc - ok

    21:56:19.0714 0268 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

    21:56:19.0714 0268 Winmgmt - ok

    21:56:19.0792 0268 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

    21:56:19.0823 0268 WinRM - ok

    21:56:19.0901 0268 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

    21:56:19.0901 0268 WinUsb - ok

    21:56:19.0932 0268 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

    21:56:19.0948 0268 Wlansvc - ok

    21:56:20.0026 0268 [ DE816A0624D54D68E1FB8A9028DCF81A ] wltrysvc C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE

    21:56:20.0026 0268 wltrysvc - ok

    21:56:20.0041 0268 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

    21:56:20.0041 0268 WmiAcpi - ok

    21:56:20.0057 0268 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

    21:56:20.0057 0268 wmiApSrv - ok

    21:56:20.0073 0268 WMPNetworkSvc - ok

    21:56:20.0135 0268 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

    21:56:20.0135 0268 WPCSvc - ok

    21:56:20.0166 0268 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

    21:56:20.0182 0268 WPDBusEnum - ok

    21:56:20.0197 0268 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

    21:56:20.0197 0268 ws2ifsl - ok

    21:56:20.0229 0268 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll

    21:56:20.0229 0268 wscsvc - ok

    21:56:20.0229 0268 WSearch - ok

    21:56:20.0322 0268 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

    21:56:20.0338 0268 wuauserv - ok

    21:56:20.0385 0268 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

    21:56:20.0385 0268 WudfPf - ok

    21:56:20.0400 0268 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

    21:56:20.0400 0268 WUDFRd - ok

    21:56:20.0447 0268 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

    21:56:20.0447 0268 wudfsvc - ok

    21:56:20.0463 0268 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

    21:56:20.0463 0268 WwanSvc - ok

    21:56:20.0494 0268 ================ Scan global ===============================

    21:56:20.0541 0268 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

    21:56:20.0587 0268 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll

    21:56:20.0603 0268 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll

    21:56:20.0619 0268 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

    21:56:20.0634 0268 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

    21:56:20.0650 0268 [Global] - ok

    21:56:20.0650 0268 ================ Scan MBR ==================================

    21:56:20.0665 0268 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

    21:56:20.0977 0268 \Device\Harddisk0\DR0 - ok

    21:56:20.0993 0268 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1

    21:56:20.0993 0268 \Device\Harddisk1\DR1 - ok

    21:56:21.0009 0268 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2

    21:56:21.0009 0268 \Device\Harddisk2\DR2 - ok

    21:56:21.0009 0268 ================ Scan VBR ==================================

    21:56:21.0024 0268 [ 880020D6E640E7C13AEAC39B3AE400EC ] \Device\Harddisk0\DR0\Partition1

    21:56:21.0024 0268 \Device\Harddisk0\DR0\Partition1 - ok

    21:56:21.0040 0268 [ 0CCCBACC61BC3F8A729D1366FDACDE71 ] \Device\Harddisk0\DR0\Partition2

    21:56:21.0040 0268 \Device\Harddisk0\DR0\Partition2 - ok

    21:56:21.0040 0268 [ E8E61151846DC99834D16F8556041D35 ] \Device\Harddisk1\DR1\Partition1

    21:56:21.0040 0268 \Device\Harddisk1\DR1\Partition1 - ok

    21:56:21.0040 0268 [ 4570D4315B50E6129D3B6262E522681E ] \Device\Harddisk2\DR2\Partition1

    21:56:21.0055 0268 \Device\Harddisk2\DR2\Partition1 - ok

    21:56:21.0055 0268 ============================================================

    21:56:21.0055 0268 Scan finished

    21:56:21.0055 0268 ============================================================

    21:56:21.0055 3784 Detected object count: 0

    21:56:21.0055 3784 Actual detected object count: 0
  19. No1Herd

    No1Herd Newcomer, in training Topic Starter Posts: 45

    RogueKiller V8.2.3 [11/07/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com
    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Administrator [Admin rights]
    Mode : Remove -- Date : 11/07/2012 22:09:58
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 5 ¤¤¤
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
    [HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [NOT LOADED] ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts
    127.0.0.1 activate.adobe.com
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    [...]

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: ST9250410AS +++++
    --- User ---
    [MBR] 54dced37207999f355b090b2f64b632a
    [BSP] a0f1b249035d539426ccd39de99184fe : Windows 7/8 MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 223434 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    +++++ PhysicalDrive1: Ricoh SD Disk Device +++++
    --- User ---
    [MBR] 073194e4daba85468c8b8107b2513102
    [BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
    Partition table:
    0 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 101 | Size: 243 Mo
    Error reading LL1 MBR!
    Error reading LL2 MBR!
    +++++ PhysicalDrive2: Imation Nano Pro USB Device +++++
    --- User ---
    [MBR] 00ce97aeb92ad7884c0887ee0b88af1e
    [BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8064 | Size: 3816 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!
    Finished : << RKreport[2]_D_11072012_02d2209.txt >>
    RKreport[1]_S_11072012_02d2209.txt ; RKreport[2]_D_11072012_02d2209.txt
  20. No1Herd

    No1Herd Newcomer, in training Topic Starter Posts: 45

    Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org
    Database version: v2012.11.08.01
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Administrator :: FASTE6410 [administrator]
    11/7/2012 10:21:24 PM
    mbam-log-2012-11-07 (22-21-24).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 205516
    Time elapsed: 3 minute(s), 8 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
  21. No1Herd

    No1Herd Newcomer, in training Topic Starter Posts: 45

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-11-07 22:26:22
    -----------------------------
    22:26:22.054 OS Version: Windows x64 6.1.7601 Service Pack 1
    22:26:22.054 Number of processors: 4 586 0x2502
    22:26:22.054 ComputerName: FASTE6410 UserName:
    22:26:23.302 Initialize success
    22:34:28.049 AVAST engine defs: 12110701
    22:34:38.454 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    22:34:38.470 Disk 0 Vendor: ST925041 D005 Size: 238475MB BusType: 8
    22:34:38.470 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000080
    22:34:38.470 Disk 1 Vendor: RICOH 01 Size: 243MB BusType: 0
    22:34:38.485 Disk 0 MBR read successfully
    22:34:38.501 Disk 0 MBR scan
    22:34:38.501 Disk 0 Windows 7 default MBR code
    22:34:38.501 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
    22:34:38.517 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920
    22:34:38.532 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 223434 MB offset 30801920
    22:34:38.563 Disk 0 scanning C:\Windows\system32\drivers
    22:34:52.775 Service scanning
    22:35:24.084 Modules scanning
    22:35:24.084 Disk 0 trace - called modules:
    22:35:24.131 ntoskrnl.exe CLASSPNP.SYS disk.sys stdfltn.sys iaStorV.sys hal.dll
    22:35:24.131 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80083a4060]
    22:35:24.147 3 CLASSPNP.SYS[fffff88001bbf43f] -> nt!IofCallDriver -> [0xfffffa80081e0910]
    22:35:24.147 5 stdfltn.sys[fffff8800165baf2] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007539050]
    22:35:27.126 AVAST engine scan C:\Windows
    22:35:29.076 AVAST engine scan C:\Windows\system32
    22:40:45.258 AVAST engine scan C:\Windows\system32\drivers
    22:41:12.402 AVAST engine scan C:\Users\Administrator
    22:46:41.609 Disk 0 MBR has been saved successfully to "F:\stuff\MBR.dat"
    22:46:41.640 The log file has been saved successfully to "F:\stuff\aswMBR.txt"
  22. Broni

    Broni Malware Annihilator Posts: 46,329   +252

    Good :)

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    ================================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
  23. No1Herd

    No1Herd Newcomer, in training Topic Starter Posts: 45

    ComboFix 12-11-06.03 - Administrator 11/07/2012 23:03:22.1.4 - x64
    Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.8118.5454 [GMT -5:00]
    Running from: c:\users\Administrator\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
    AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
    SP: McAfee VirusScan Enterprise Antispyware Module *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\SelectRebates
    c:\program files (x86)\SelectRebates\FFToolbar\chrome.manifest
    c:\program files (x86)\SelectRebates\FFToolbar\chrome\sahtoolbar.jar
    c:\program files (x86)\SelectRebates\FFToolbar\defaults\preferences\sahtoolbar.js
    c:\program files (x86)\SelectRebates\FFToolbar\install.rdf
    c:\program files (x86)\SelectRebates\SahImages\alert.png
    c:\program files (x86)\SelectRebates\SahImages\check.png
    c:\program files (x86)\SelectRebates\SahImages\close.png
    c:\program files (x86)\SelectRebates\SelectAlerts.dat
    c:\program files (x86)\SelectRebates\SelectRebates.exe
    c:\program files (x86)\SelectRebates\SelectRebates.ini
    c:\program files (x86)\SelectRebates\SelectRebatesA.dat
    c:\program files (x86)\SelectRebates\SelectRebatesApi.exe
    c:\program files (x86)\SelectRebates\SelectRebatesB.dat
    c:\program files (x86)\SelectRebates\SelectRebatesBT.dat
    c:\program files (x86)\SelectRebates\SelectRebatesDownload.exe
    c:\program files (x86)\SelectRebates\SelectRebatesH.dat
    c:\program files (x86)\SelectRebates\SelectRebatesUninstall.exe
    c:\program files (x86)\SelectRebates\SRebates.dll
    c:\program files (x86)\SelectRebates\SRFF3.dll
    c:\program files (x86)\SelectRebates\Toolbar\AddtoList.bmp
    c:\program files (x86)\SelectRebates\Toolbar\basis.xml
    c:\program files (x86)\SelectRebates\Toolbar\Basis.xml.dym
    c:\program files (x86)\SelectRebates\Toolbar\Blank.bmp
    c:\program files (x86)\SelectRebates\Toolbar\CashBack.bmp
    c:\program files (x86)\SelectRebates\Toolbar\Coupons.bmp
    c:\program files (x86)\SelectRebates\Toolbar\GroceryCoupon.bmp
    c:\program files (x86)\SelectRebates\Toolbar\i_magnifying.bmp
    c:\program files (x86)\SelectRebates\Toolbar\icons.bmp
    c:\program files (x86)\SelectRebates\Toolbar\logo.bmp
    c:\program files (x86)\SelectRebates\Toolbar\logo_24.bmp
    c:\program files (x86)\SelectRebates\Toolbar\logo_HotSpots.bmp
    c:\program files (x86)\SelectRebates\Toolbar\ReviewSite.bmp
    c:\program files (x86)\SelectRebates\Toolbar\RightControls.dym
    c:\program files (x86)\SelectRebates\Toolbar\sahtb-alert.bmp
    c:\program files (x86)\SelectRebates\Toolbar\sahtb-go.bmp
    c:\program files (x86)\SelectRebates\Toolbar\sahtb-grocerycoupons.bmp
    c:\program files (x86)\SelectRebates\Toolbar\sahtb-icons.bmp
    c:\program files (x86)\SelectRebates\Toolbar\sahtb-restaurant.bmp
    c:\program files (x86)\SelectRebates\Toolbar\sahtb-wishlist.bmp
    c:\program files (x86)\SelectRebates\Toolbar\Scissors.bmp
    c:\program files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
    c:\users\Administrator\AppData\Local\assembly\tmp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-10-08 to 2012-11-08 )))))))))))))))))))))))))))))))
    .
    .
    2012-11-08 04:07 . 2012-11-08 04:07 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-11-08 03:21 . 2012-11-08 03:21 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
    2012-11-08 03:20 . 2012-11-08 03:20 -------- d-----w- c:\programdata\Malwarebytes
    2012-11-08 03:20 . 2012-11-08 03:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-11-08 03:20 . 2012-09-30 00:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-11-08 02:10 . 2012-11-08 02:10 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F85FA51E-3C79-45E7-A091-D1EFA26E3716}\offreg.dll
    2012-11-07 04:41 . 2012-11-07 04:41 35664 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F85FA51E-3C79-45E7-A091-D1EFA26E3716}\MpKsl3d7f45f2.sys
    2012-11-07 03:52 . 2012-10-17 06:31 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F85FA51E-3C79-45E7-A091-D1EFA26E3716}\mpengine.dll
    2012-11-06 02:10 . 2012-10-17 06:31 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-11-06 01:59 . 2012-11-07 03:40 -------- d-----w- C:\Stuff
    2012-11-04 20:02 . 2012-11-04 20:02 -------- d-----w- C:\FRST
    2012-11-04 06:19 . 2012-08-07 20:18 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2012-11-04 06:19 . 2012-08-07 20:18 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F08C7A53-343D-4541-8774-EC63BE8340DD}\gapaengine.dll
    2012-11-03 21:40 . 2012-11-03 21:40 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2012-11-03 21:40 . 2012-11-03 21:40 -------- d-----w- c:\program files\Microsoft Security Client
    2012-11-03 21:39 . 2012-11-03 21:40 -------- d-----w- C:\d2f0698d88b3cc6c3cb9a2
    2012-10-19 02:11 . 2012-10-19 02:15 -------- d-----w- c:\program files (x86)\e-Sword
    2012-10-19 02:11 . 2012-10-19 02:11 -------- d-----w- c:\program files (x86)\Common Files\EzTools
    2012-10-10 00:30 . 2012-08-20 18:38 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2012-10-10 00:29 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
    2012-10-10 00:29 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-10-10 00:29 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
    2012-10-10 00:29 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
    2012-10-10 00:29 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
    2012-10-10 00:29 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-10-11 07:04 . 2011-02-08 20:59 65309168 ----a-w- c:\windows\system32\MRT.exe
    2012-08-31 02:03 . 2012-08-31 02:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
    2012-08-31 02:03 . 2012-08-31 02:03 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
    2012-08-24 19:43 . 2012-08-24 19:43 384352 ----a-w- c:\windows\system32\drivers\avgtdia.sys
    2012-08-24 11:15 . 2012-10-02 12:56 17810944 ----a-w- c:\windows\system32\mshtml.dll
    2012-08-24 10:39 . 2012-10-02 12:56 10925568 ----a-w- c:\windows\system32\ieframe.dll
    2012-08-24 10:31 . 2012-10-02 12:57 2312704 ----a-w- c:\windows\system32\jscript9.dll
    2012-08-24 10:22 . 2012-10-02 12:57 1346048 ----a-w- c:\windows\system32\urlmon.dll
    2012-08-24 10:21 . 2012-10-02 12:57 1392128 ----a-w- c:\windows\system32\wininet.dll
    2012-08-24 10:20 . 2012-10-02 12:57 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-08-24 10:18 . 2012-10-02 12:57 237056 ----a-w- c:\windows\system32\url.dll
    2012-08-24 10:17 . 2012-10-02 12:57 85504 ----a-w- c:\windows\system32\jsproxy.dll
    2012-08-24 10:14 . 2012-10-02 12:57 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-08-24 10:14 . 2012-10-02 12:57 816640 ----a-w- c:\windows\system32\jscript.dll
    2012-08-24 10:13 . 2012-10-02 12:57 599040 ----a-w- c:\windows\system32\vbscript.dll
    2012-08-24 10:12 . 2012-10-02 12:57 2144768 ----a-w- c:\windows\system32\iertutil.dll
    2012-08-24 10:11 . 2012-10-02 12:57 729088 ----a-w- c:\windows\system32\msfeeds.dll
    2012-08-24 10:10 . 2012-10-02 12:57 96768 ----a-w- c:\windows\system32\mshtmled.dll
    2012-08-24 10:09 . 2012-10-02 12:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-08-24 10:04 . 2012-10-02 12:57 248320 ----a-w- c:\windows\system32\ieui.dll
    2012-08-24 06:59 . 2012-10-02 12:57 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
    2012-08-24 06:51 . 2012-10-02 12:57 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
    2012-08-24 06:51 . 2012-10-02 12:57 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2012-08-24 06:47 . 2012-10-02 12:57 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2012-08-24 06:47 . 2012-10-02 12:57 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2012-08-24 06:43 . 2012-10-02 12:57 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2012-08-22 18:12 . 2012-09-12 12:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-08-22 18:12 . 2012-09-12 12:13 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
    2012-08-22 18:12 . 2012-09-12 12:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
    2012-08-22 18:12 . 2012-09-12 12:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2012-08-21 21:01 . 2012-09-27 20:38 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
    2012-08-20 17:38 . 2012-10-10 00:31 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{8660E5B3-6C41-44DE-8503-98D99BBECD41}"= "c:\program files (x86)\Coupons.com CouponBar\tbcore3.dll" [2012-02-06 2664864]
    .
    [HKEY_CLASSES_ROOT\clsid\{8660e5b3-6c41-44de-8503-98d99bbecd41}]
    [HKEY_CLASSES_ROOT\TBSB07898.TBSB07898.3]
    [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
    [HKEY_CLASSES_ROOT\TBSB07898.TBSB07898]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-09-30 766536]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
    R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2012-03-24 17152]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-03-26 78896]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
    R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
    R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2010-07-21 45456]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-16 1255736]
    R4 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-08-13 5167736]
    R4 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
    R4 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2010-03-24 1039776]
    R4 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2010-03-24 31136]
    R4 InstallFilterService;FF Install Filter Service;c:\program files (x86)\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [2010-01-10 60928]
    R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2012-05-29 2152720]
    R4 McAfeeEngineService;McAfee Engine Service;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [2010-03-26 20792]
    R4 mi-raysat_3dsMax2009_64;mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 64-bit 64-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe [2008-03-10 65536]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]
    R4 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacomd\amd64\novacomd.exe [2011-06-25 72192]
    R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [2010-04-03 313696]
    R4 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
    S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-11-03 69376]
    S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdfltn.sys [2010-01-18 21040]
    S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-07-26 291680]
    S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
    S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-03-26 79504]
    S2 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2011-04-24 210784]
    S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [2010-03-19 81920]
    S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2011-09-09 475088]
    S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-01-18 26160]
    S3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys [2011-09-09 106408]
    S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [2009-11-04 38440]
    S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2010-04-06 301232]
    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-06-21 287232]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 59134801
    *NewlyCreated* - ASWMBR
    *Deregistered* - 59134801
    *Deregistered* - aswMBR
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://search.coupons.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    Trusted Zone: intuit.com\ttlc
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
    DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://ra.wv.gov/CACHE/stc/1/binaries/vpnweb.cab
    FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\65zcteee.default\
    FF - prefs.js: browser.search.selectedEngine -
    FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=109935&babsrc=HP_ss&mntrId=0e15faf1000000000000c446195fde0d
    FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=109935&babsrc=KW_ss&mntrId=0e15faf1000000000000c446195fde0d&q=
    FF - user.js: extensions.BabylonToolbar_i.id - 0e15faf1000000000000c446195fde0d
    FF - user.js: extensions.BabylonToolbar_i.hardId - 0e15faf1000000000000c446195fde0d
    FF - user.js: extensions.BabylonToolbar_i.instlDay - 15454
    FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.178:46
    FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
    FF - user.js: extensions.BabylonToolbar_i.newTab - false
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109935
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-{98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - c:\program files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
    Toolbar-Locked - (no file)
    Wow6432Node-HKCU-Run-AdobeBridge - (no file)
    Toolbar-Locked - (no file)
    WebBrowser-{8660E5B3-6C41-44DE-8503-98D99BBECD41} - (no file)
    AddRemove-SelectRebatesUninstall - c:\program files (x86)\SelectRebates\SelectRebatesUninstall.exe
    AddRemove-PDF Reader - c:\program files (x86)\PDFReader\Uninstall\Uninstall.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (Administrator)
    "Timestamp"=hex:89,f4,19,2a,80,f9,cc,01
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,77,9a,9e,bd,5a,11,e8,40,96,89,01,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3c,bb,33,84,66,58,2c,41,bc,91,99,\
    "027C9CB72E593A8F02C55092F385DBAC99DF56D067"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,77,9a,9e,bd,5a,11,e8,40,96,89,01,\
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.3G2"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.3GP"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.3G2"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.3GP"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ADTS"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ac3\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="QuickTime.ac3"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ADTS"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ADTS"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AIFF"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AIFF"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AIFF"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amc\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="QuickTime.amc"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ASF"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ASX"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AU"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AVI"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.CDA"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.config\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Applications\\notepad.exe"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dif\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="QuickTime.dif"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dv\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="QuickTime.dv"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flv\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Flash.VideoFile"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="IE.AssocFile.HTM"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="IE.AssocFile.HTM"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2T\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.M2TS"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2TS\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.M2TS"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.m3u"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.M4A"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MP4"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mac\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="QuickTime.mac"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="IE.AssocFile.MHT"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="IE.AssocFile.MHT"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MIDI"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MIDI"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="QuickTime.mov"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MP3"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MP3"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="QuickTime.mp4"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MP4"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mqv\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="QuickTime.mqv"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MTS\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.M2TS"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nfo\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Applications\\notepad.exe"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.partial\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="IE.AssocFile.PARTIAL"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="QuickTime.pct"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="QuickTime.pic"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="QuickTime.pict"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pnt\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="QuickTime.pnt"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pntg\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="QuickTime.pntg"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qt\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="QuickTime.qt"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qti\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="QuickTime.qti"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qtif\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="QuickTime.qtif"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MIDI"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sd2\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="QuickTime.sd2"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AU"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="IE.AssocFile.SVG"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.TTS"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.TTS"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="IE.AssocFile.URL"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WAV"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WAX"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.website\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="IE.AssocFile.WEBSITE"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ASF"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMA"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMD"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMS"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMV"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ASX"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMZ"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WPL"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WVX"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="IE.AssocFile.XHT"
    .
    [HKEY_USERS\S-1-5-21-2545530072-643886663-2263006114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="IE.AssocFile.XHT"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
    "Version"=hex:20,45,61,42,2e,d2,8f,26,42,2d,83,f1,a2,15,bd,4a,68,24,e6,87,70,
    fd,61,8f,90,e8,1b,54,89,a9,a0,b5,38,1a,22,69,fc,aa,28,e1,d2,2c,68,29,da,b7,\
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
    "Version"=hex:20,45,61,42,2e,d2,8f,26,42,2d,83,f1,a2,15,bd,4a,68,24,e6,87,70,
    fd,61,8f,90,e8,1b,54,89,a9,a0,b5,38,1a,22,69,fc,aa,28,e1,d2,2c,68,29,da,b7,\
    .
    [HKEY_LOCAL_MACHINE\software\Network Associates]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-11-07 23:10:33
    ComboFix-quarantined-files.txt 2012-11-08 04:10
    .
    Pre-Run: 30,831,058,944 bytes free
    Post-Run: 30,908,407,808 bytes free
    .
    - - End Of File - - 76CF2A242E18EEAC52678813C3CCE4FF
  24. Broni

    Broni Malware Annihilator Posts: 46,329   +252

    Looks good :)

    Any current issues?

    ==============================

    You're running four AV programs:
    Microsoft Security Essentials
    McAfee VirusScan Enterprise
    Lavasoft Ad-Watch Live! Anti-Virus
    AVG
    You must uninstall THREE of them.
    I suggest Lavasoft is first to go.
    If AVG is another one use AVG Remover: http://www.avg.com/us-en/utilities

    When done...

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  25. No1Herd

    No1Herd Newcomer, in training Topic Starter Posts: 45

    OTL logfile created on: 11/8/2012 9:14:58 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Downloads
    64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.93 Gb Total Physical Memory | 6.29 Gb Available Physical Memory | 79.36% Memory free
    15.85 Gb Paging File | 14.02 Gb Available in Paging File | 88.45% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 218.20 Gb Total Space | 29.31 Gb Free Space | 13.43% Space Free | Partition Type: NTFS
    Drive D: | 3.49 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
    Drive E: | 243.13 Mb Total Space | 242.97 Mb Free Space | 99.94% Space Free | Partition Type: FAT
    Drive F: | 3.72 Gb Total Space | 1.64 Gb Free Space | 44.16% Space Free | Partition Type: FAT32

    Computer Name: FASTE6410 | User Name: Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/11/08 09:12:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Downloads\OTL.exe
    PRC - [2011/09/09 11:08:54 | 000,475,088 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe


    ========== Modules (No Company Name) ==========


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012/09/12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2012/09/12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2011/06/24 20:16:58 | 000,072,192 | ---- | M] (Palm) [Disabled | Stopped] -- C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe -- (NovacomD)
    SRV:64bit: - [2010/03/25 22:07:00 | 000,079,504 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
    SRV:64bit: - [2010/03/24 02:07:58 | 001,039,776 | ---- | M] (Broadcom Corporation) [Disabled | Stopped] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)
    SRV:64bit: - [2010/03/24 02:07:58 | 000,031,136 | ---- | M] (Broadcom Corporation) [Disabled | Stopped] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)
    SRV:64bit: - [2010/02/02 07:21:06 | 000,048,128 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
    SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV:64bit: - [2008/03/09 23:08:42 | 000,065,536 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe -- (mi-raysat_3dsMax2009_64)
    SRV - [2011/09/09 11:08:54 | 000,475,088 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
    SRV - [2011/06/08 07:24:24 | 000,079,360 | ---- | M] (Autodesk) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
    SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
    SRV - [2010/03/25 22:07:00 | 000,180,968 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe -- (McShield)
    SRV - [2010/03/25 22:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
    SRV - [2010/03/25 22:07:00 | 000,020,792 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe -- (McAfeeEngineService)
    SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2010/01/10 14:01:38 | 000,060,928 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\InstallFilterService.exe -- (InstallFilterService)
    SRV - [2009/08/25 18:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/08/30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/09/09 11:00:05 | 000,026,536 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
    DRV:64bit: - [2011/09/09 10:59:19 | 000,106,408 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\acsock64.sys -- (acsock)
    DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 06:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010/07/21 18:59:28 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
    DRV:64bit: - [2010/07/20 02:10:40 | 010,603,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2010/06/21 15:07:24 | 000,304,760 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV:64bit: - [2010/06/21 11:45:56 | 000,287,232 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2010/04/06 02:37:42 | 000,301,232 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress)
    DRV:64bit: - [2010/04/03 12:30:40 | 000,313,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0150.sys -- (RsFx0150)
    DRV:64bit: - [2010/03/25 22:07:00 | 000,469,400 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
    DRV:64bit: - [2010/03/25 22:07:00 | 000,120,096 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
    DRV:64bit: - [2010/03/25 22:07:00 | 000,097,576 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
    DRV:64bit: - [2010/03/25 22:07:00 | 000,084,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfetdik.sys -- (mfetdik)
    DRV:64bit: - [2010/03/25 22:07:00 | 000,078,896 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
    DRV:64bit: - [2010/03/19 18:39:58 | 000,081,920 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie)
    DRV:64bit: - [2010/02/27 01:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
    DRV:64bit: - [2010/02/03 02:10:32 | 000,034,472 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iqvw64e.sys -- (NAL)
    DRV:64bit: - [2010/02/02 07:20:46 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
    DRV:64bit: - [2010/02/02 07:20:22 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
    DRV:64bit: - [2010/01/18 09:56:26 | 000,026,160 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)
    DRV:64bit: - [2010/01/18 09:56:26 | 000,021,040 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdfltn.sys -- (stdflt)
    DRV:64bit: - [2009/11/03 19:40:44 | 000,038,440 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cvusbdrv.sys -- (cvusbdrv)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2008/06/04 16:14:00 | 000,032,240 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PBADRV.SYS -- (PBADRV)
    DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://search.coupons.com/search.asp?p=df&q={searchTerms}
    IE - HKCU\..\SearchScopes\Comcast: "URL" = http://search.xfinity.com/?cat=subweb&con=mmchrome&q={searchTerms}&cid=xfstart_tech_search
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
    FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
    FF - prefs.js..browser.search.selectedEngine: ""
    FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?affID=109935&babsrc=HP_ss&mntrId=0e15faf1000000000000c446195fde0d"
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30
    FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1912
    FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.2.0
    FF - prefs.js..extensions.enabledItems: toolbar@shopathome.com:5.2.0.0
    FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=109935&babsrc=KW_ss&mntrId=0e15faf1000000000000c446195fde0d&q="


    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}: C:\Program Files (x86)\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpi [2012/01/26 12:18:46 | 000,185,164 | ---- | M] ()
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/21 11:58:06 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/21 11:58:06 | 000,000,000 | ---D | M]

    [2011/02/16 11:28:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
    [2012/05/07 07:47:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\65zcteee.default\extensions
    [2012/11/08 08:00:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\65zcteee.default\extensions\ffxtlbr@babylon.com
    [2012/04/26 11:12:49 | 000,000,000 | ---D | M] (ShopAtHome.com Intelligent Shopping Toolbar) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\65zcteee.default\extensions\toolbar@shopathome.com
    [2012/05/07 07:47:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/01/30 21:42:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
    File not found (No name found) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX4
    [2012/02/22 17:58:26 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
    [2012/01/30 21:42:46 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    [2012/02/22 17:58:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
    [2012/04/24 07:46:46 | 000,002,313 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
    [2012/02/03 14:40:51 | 000,001,692 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\comcast.xml

    O1 HOSTS File: ([2012/11/07 23:07:55 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O3 - HKLM\..\Toolbar: (Coupons.com CouponBar) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll ()
    O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll File not found
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (Coupons.com CouponBar) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll ()
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
    O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://ra.wv.gov/CACHE/stc/1/binaries/vpnweb.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ADB4B3B8-1554-4798-BFC3-1C1722EA2EF7}: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
    O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2011/04/12 04:38:58 | 000,000,122 | R--- | M] () - D:\autorun.inf -- [ UDF ]
    O32 - AutoRun File - [2009/06/10 09:44:18 | 000,000,049 | ---- | M] () - F:\AutoRun.inf -- [ FAT32 ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/11/08 09:06:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/11/07 23:10:34 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/11/07 23:02:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/11/07 23:02:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/11/07 23:02:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/11/07 23:02:28 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/11/07 23:02:09 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/11/07 22:59:37 | 004,997,881 | R--- | C] (Swearware) -- C:\Users\Administrator\Desktop\ComboFix.exe
    [2012/11/07 22:21:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
    [2012/11/07 22:20:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/11/07 22:20:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/11/07 22:20:43 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/11/07 22:20:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/11/07 22:07:55 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\RK_Quarantine
    [2012/11/05 20:59:46 | 000,000,000 | ---D | C] -- C:\Stuff
    [2012/11/04 16:54:38 | 001,459,963 | ---- | C] (Farbar) -- C:\Users\Administrator\Desktop\FRST64.exe
    [2012/11/04 16:35:43 | 000,687,724 | ---- | C] (Swearware) -- C:\Users\Administrator\Desktop\dds.com
    [2012/11/04 16:03:02 | 004,996,943 | ---- | C] (Swearware) -- C:\Users\Administrator\Desktop\Commy.exe
    [2012/11/04 15:29:59 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Administrator\Desktop\tdsskiller.exe
    [2012/11/04 15:02:00 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/11/03 16:48:51 | 000,000,000 | ---D | C] -- C:\Windows\pss
    [2012/11/03 16:40:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
    [2012/11/03 16:40:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2012/11/03 16:39:31 | 000,000,000 | ---D | C] -- C:\d2f0698d88b3cc6c3cb9a2
    [2012/10/18 21:11:50 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\e-Sword
    [2012/10/18 21:11:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\e-Sword
    [2012/10/18 21:11:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EzTools
    [2012/10/18 21:11:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\e-Sword

    ========== Files - Modified Within 30 Days ==========

    [2012/11/08 08:20:42 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/11/08 08:20:42 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/11/08 08:18:20 | 000,877,772 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/11/08 08:18:20 | 000,730,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/11/08 08:18:20 | 000,146,838 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/11/08 08:12:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/11/08 08:12:33 | 2089,156,607 | -HS- | M] () -- C:\hiberfil.sys
    [2012/11/08 08:01:10 | 000,000,582 | ---- | M] () -- C:\Windows\wininit.ini
    [2012/11/07 23:07:55 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/11/07 22:20:44 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/11/07 03:43:23 | 000,153,091 | ---- | M] () -- C:\KasperskyRescueDisk10
    [2012/11/06 20:47:24 | 004,997,881 | R--- | M] (Swearware) -- C:\Users\Administrator\Desktop\ComboFix.exe
    [2012/11/04 16:44:22 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/11/04 16:35:16 | 000,687,724 | ---- | M] (Swearware) -- C:\Users\Administrator\Desktop\dds.com
    [2012/11/04 16:34:38 | 000,302,592 | ---- | M] () -- C:\Users\Administrator\Desktop\r6yt3c6g.exe
    [2012/11/04 16:09:34 | 000,430,592 | ---- | M] () -- C:\Users\Administrator\Desktop\RogueKiller.exe
    [2012/11/04 16:01:40 | 004,996,943 | ---- | M] (Swearware) -- C:\Users\Administrator\Desktop\Commy.exe
    [2012/11/04 15:56:56 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Administrator\Desktop\tdsskiller.exe
    [2012/11/04 09:24:56 | 001,459,963 | ---- | M] (Farbar) -- C:\Users\Administrator\Desktop\FRST64.exe
    [2012/11/03 15:37:36 | 543,703,852 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/10/31 20:29:55 | 004,931,480 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/10/20 09:52:58 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
    [2012/10/20 09:52:58 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
    [2012/10/18 21:11:14 | 000,001,945 | ---- | M] () -- C:\Users\Public\Desktop\e-Sword.lnk

    ========== Files Created - No Company Name ==========

    [2012/11/08 08:00:52 | 000,000,582 | ---- | C] () -- C:\Windows\wininit.ini
    [2012/11/07 23:02:40 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/11/07 23:02:40 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/11/07 23:02:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/11/07 23:02:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/11/07 23:02:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/11/07 22:20:44 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/11/07 03:43:22 | 000,153,091 | ---- | C] () -- C:\KasperskyRescueDisk10
    [2012/11/04 16:35:43 | 000,302,592 | ---- | C] () -- C:\Users\Administrator\Desktop\r6yt3c6g.exe
    [2012/11/04 16:10:01 | 000,430,592 | ---- | C] () -- C:\Users\Administrator\Desktop\RogueKiller.exe
    [2012/11/03 16:40:26 | 000,002,198 | ---- | C] () -- C:\Windows\epplauncher.mif
    [2012/11/03 16:40:20 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/11/03 15:37:36 | 543,703,852 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2012/10/18 21:11:14 | 000,001,945 | ---- | C] () -- C:\Users\Public\Desktop\e-Sword.lnk
    [2012/06/02 22:51:09 | 000,044,544 | ---- | C] () -- C:\Windows\SysWow64\Gif89.dll
    [2012/03/27 09:51:32 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
    [2012/03/27 09:51:32 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
    [2011/09/26 22:58:52 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
    [2011/08/03 21:39:59 | 000,000,132 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Adobe GIF Format CS5 Prefs
    [2011/03/20 08:58:10 | 000,001,456 | ---- | C] () -- C:\Users\Administrator\AppData\Local\Adobe Save for Web 12.0 Prefs
    [2011/02/16 11:28:21 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
    [2011/02/15 11:59:09 | 000,871,988 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/02/08 14:52:30 | 000,000,008 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2011/02/08 14:47:01 | 000,080,368 | ---- | C] () -- C:\Windows\SysWow64\pbadrvdll.dll

    ========== ZeroAccess Check ==========

    [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2011/06/08 07:33:55 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Autodesk
    [2012/08/07 22:45:16 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\BitTorrent
    [2011/04/11 20:16:02 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Bullzip
    [2011/06/08 13:33:16 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2011/06/22 09:23:46 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Cisco
    [2012/01/30 21:59:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\eTeks
    [2011/09/19 20:36:35 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Jason Robitaille
    [2012/03/31 19:51:56 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\JasonRobitaille
    [2012/03/24 20:03:52 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\MAXON
    [2011/09/28 20:54:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\OverDrive
    [2011/04/03 14:52:16 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\OxelonMC
    [2011/09/26 22:58:51 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PACE Anti-Piracy
    [2011/05/28 21:42:39 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 998 bytes -> C:\ProgramData\Microsoft:9DP3BwPu4OqZrx4Ip8XG
    @Alternate Data Stream - 88 bytes -> C:\Users\Administrator\Documents\Underwater title sequence.mp4:SummaryInformation
    @Alternate Data Stream - 1187 bytes -> C:\Program Files\Common Files\System:ERljqFUW0CqNTCx7MR
    @Alternate Data Stream - 1045 bytes -> C:\ProgramData\Microsoft:a8a0aGfewdUOsRFvcLG6V
    < End of report >


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.