We worked on my brother in laws computer about a month ago. We were close, but didn't quite finish. I asked him to let me finish the job when he left, but if forgot. I wanted to make sure he got to the internet, without touching our system. Now who knows.
I notice he had several updates from Microsoft (maybe?)
The minute he turned it on, at about 1:06 pm, his email started giving him email errors (his problems started with his Yahoo Account), and within a few minutes, hyperfil .sys added 2.7 Gigs and pagefile .sys added 3.36 gigs of something somewhere.
He is using Windows Defender, and a scan showed nothing, but there is a rogue there somewhere.
I don't want to connect it to the network, and hope it is not too late, but here is the dss & attach logs.
Can I load and update mbam to a thumbdrive to run?
DSS:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16521
Run by Randy at 14:59:27 on 2013-03-22
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3561.2261 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
TCP: Interfaces\{3973625B-D550-4482-8626-055C851FA7F8}\14344594F4E4455434 : DHCPNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{3973625B-D550-4482-8626-055C851FA7F8}\2434 : DHCPNameServer = 10.10.98.200
TCP: Interfaces\{3973625B-D550-4482-8626-055C851FA7F8}\25963656027457563747 : DHCPNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{3973625B-D550-4482-8626-055C851FA7F8}\641627D6 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{3973625B-D550-4482-8626-055C851FA7F8}\84564636F675962756C6563737 : DHCPNameServer = 192.168.1.5
TCP: Interfaces\{3973625B-D550-4482-8626-055C851FA7F8}\E454259475962756C6563737 : DHCPNameServer = 192.168.1.5
TCP: Interfaces\{797FC918-2A02-4A5F-9F81-CC4932956EA0} : DHCPNameServer = 192.168.1.5
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
x64-Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-mASetup: {6032497A-4479-462B-ADB8-A0A372BB9A23} - msiexec /fu {6032497A-4479-462B-ADB8-A0A372BB9A23} /qn
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-12-13 82048]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-12-13 42624]
R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\Windows\System32\drivers\amdkmpfd.sys [2012-2-2 31872]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-2-10 235520]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-2-10 361984]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2012-1-19 106144]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-11-22 227896]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-11-29 34872]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2012-1-19 158880]
R3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\System32\drivers\amdhub30.sys [2011-10-26 102528]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-6-26 46136]
R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\amdxhc.sys [2011-10-26 219776]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-12-6 95248]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2012-1-19 30368]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\System32\drivers\RtsP2Stor.sys [2012-6-26 258664]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-6-26 565352]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-6-26 56448]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2012-1-19 36000]
S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\System32\drivers\AthDfu.sys [2012-1-19 51872]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2012-1-19 339616]
S3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2012-1-19 110752]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2012-1-19 167584]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2012-1-19 68256]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2012-1-19 280992]
S3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2012-1-19 550560]
S3 GamesAppService;GamesAppService;"C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" --> C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [?]
S3 hpCMSrv;HP Connection Manager 4 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-9-13 1098296]
S3 lehidmini;Bluetooth Low Energy Hid Device;C:\Windows\System32\drivers\leath_hid.sys [2012-1-19 36128]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-1 19456]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-1 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-2-1 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-11-19 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-03-22 21:59:30 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C44DC9F5-C4F2-4CD3-AFAF-9704EC643814}\offreg.dll
2013-03-22 21:19:50 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-03-22 21:19:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-03-22 06:48:15 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-20 20:04:08 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-03-20 19:02:47 9162192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C44DC9F5-C4F2-4CD3-AFAF-9704EC643814}\mpengine.dll
2013-03-04 15:31:28 -------- d-----w- C:\Program Files (x86)\PlayPianoTODAY
2013-02-25 17:37:55 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2013-02-25 17:37:30 2876528 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-02-25 17:37:20 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-02-25 17:37:17 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-02-25 06:01:10 -------- d-----w- C:\Adobe
2013-02-25 06:00:43 -------- d-----w- C:\Download RRR
2013-02-24 21:05:14 -------- d-----w- C:\Program Files (x86)\FileASSASSIN
2013-02-24 06:04:42 -------- d-----w- C:\Windows\SHELLNEW
2013-02-24 02:35:46 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2013-02-24 02:26:10 -------- d-----w- C:\Program Files (x86)\ESET
2013-02-22 23:50:21 -------- d-----w- C:\Users\Randy\AppData\Local\Hewlett-Packard_Developme
2013-02-22 18:39:09 -------- d-----w- C:\Windows\ERUNT
2013-02-22 18:39:02 -------- d-----w- C:\JRT
2013-02-22 18:23:50 -------- d-sh--w- C:\$RECYCLE.BIN
2013-02-22 01:45:44 98816 ----a-w- C:\Windows\sed.exe
2013-02-22 01:45:44 256000 ----a-w- C:\Windows\PEV.exe
2013-02-22 01:45:44 208896 ----a-w- C:\Windows\MBR.exe
.
==================== Find3M ====================
.
2013-03-22 06:48:15 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-15 21:31:16 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-15 21:31:16 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-01-17 08:28:58 273840 ------w- C:\Windows\System32\MpSigStub.exe
2013-01-05 05:53:43 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-01-05 05:00:15 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00:11 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-01-04 05:46:09 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-01-04 03:26:48 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-01-03 06:00:54 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-01-03 06:00:42 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
.
============= FINISH: 15:00:02.01 ===============
I notice he had several updates from Microsoft (maybe?)
The minute he turned it on, at about 1:06 pm, his email started giving him email errors (his problems started with his Yahoo Account), and within a few minutes, hyperfil .sys added 2.7 Gigs and pagefile .sys added 3.36 gigs of something somewhere.
He is using Windows Defender, and a scan showed nothing, but there is a rogue there somewhere.
I don't want to connect it to the network, and hope it is not too late, but here is the dss & attach logs.
Can I load and update mbam to a thumbdrive to run?
DSS:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16521
Run by Randy at 14:59:27 on 2013-03-22
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3561.2261 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
TCP: Interfaces\{3973625B-D550-4482-8626-055C851FA7F8}\14344594F4E4455434 : DHCPNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{3973625B-D550-4482-8626-055C851FA7F8}\2434 : DHCPNameServer = 10.10.98.200
TCP: Interfaces\{3973625B-D550-4482-8626-055C851FA7F8}\25963656027457563747 : DHCPNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{3973625B-D550-4482-8626-055C851FA7F8}\641627D6 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{3973625B-D550-4482-8626-055C851FA7F8}\84564636F675962756C6563737 : DHCPNameServer = 192.168.1.5
TCP: Interfaces\{3973625B-D550-4482-8626-055C851FA7F8}\E454259475962756C6563737 : DHCPNameServer = 192.168.1.5
TCP: Interfaces\{797FC918-2A02-4A5F-9F81-CC4932956EA0} : DHCPNameServer = 192.168.1.5
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
x64-Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-mASetup: {6032497A-4479-462B-ADB8-A0A372BB9A23} - msiexec /fu {6032497A-4479-462B-ADB8-A0A372BB9A23} /qn
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-12-13 82048]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-12-13 42624]
R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\Windows\System32\drivers\amdkmpfd.sys [2012-2-2 31872]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-2-10 235520]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-2-10 361984]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2012-1-19 106144]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-11-22 227896]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-11-29 34872]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2012-1-19 158880]
R3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\System32\drivers\amdhub30.sys [2011-10-26 102528]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-6-26 46136]
R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\amdxhc.sys [2011-10-26 219776]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-12-6 95248]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2012-1-19 30368]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\System32\drivers\RtsP2Stor.sys [2012-6-26 258664]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-6-26 565352]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-6-26 56448]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2012-1-19 36000]
S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\System32\drivers\AthDfu.sys [2012-1-19 51872]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2012-1-19 339616]
S3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2012-1-19 110752]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2012-1-19 167584]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2012-1-19 68256]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2012-1-19 280992]
S3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2012-1-19 550560]
S3 GamesAppService;GamesAppService;"C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" --> C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [?]
S3 hpCMSrv;HP Connection Manager 4 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-9-13 1098296]
S3 lehidmini;Bluetooth Low Energy Hid Device;C:\Windows\System32\drivers\leath_hid.sys [2012-1-19 36128]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-1 19456]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-1 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-2-1 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-11-19 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-03-22 21:59:30 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C44DC9F5-C4F2-4CD3-AFAF-9704EC643814}\offreg.dll
2013-03-22 21:19:50 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-03-22 21:19:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-03-22 06:48:15 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-20 20:04:08 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-03-20 19:02:47 9162192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C44DC9F5-C4F2-4CD3-AFAF-9704EC643814}\mpengine.dll
2013-03-04 15:31:28 -------- d-----w- C:\Program Files (x86)\PlayPianoTODAY
2013-02-25 17:37:55 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2013-02-25 17:37:30 2876528 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-02-25 17:37:20 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-02-25 17:37:17 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-02-25 06:01:10 -------- d-----w- C:\Adobe
2013-02-25 06:00:43 -------- d-----w- C:\Download RRR
2013-02-24 21:05:14 -------- d-----w- C:\Program Files (x86)\FileASSASSIN
2013-02-24 06:04:42 -------- d-----w- C:\Windows\SHELLNEW
2013-02-24 02:35:46 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2013-02-24 02:26:10 -------- d-----w- C:\Program Files (x86)\ESET
2013-02-22 23:50:21 -------- d-----w- C:\Users\Randy\AppData\Local\Hewlett-Packard_Developme
2013-02-22 18:39:09 -------- d-----w- C:\Windows\ERUNT
2013-02-22 18:39:02 -------- d-----w- C:\JRT
2013-02-22 18:23:50 -------- d-sh--w- C:\$RECYCLE.BIN
2013-02-22 01:45:44 98816 ----a-w- C:\Windows\sed.exe
2013-02-22 01:45:44 256000 ----a-w- C:\Windows\PEV.exe
2013-02-22 01:45:44 208896 ----a-w- C:\Windows\MBR.exe
.
==================== Find3M ====================
.
2013-03-22 06:48:15 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-15 21:31:16 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-15 21:31:16 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-01-17 08:28:58 273840 ------w- C:\Windows\System32\MpSigStub.exe
2013-01-05 05:53:43 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-01-05 05:00:15 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00:11 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-01-04 05:46:09 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-01-04 03:26:48 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-01-03 06:00:54 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-01-03 06:00:42 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
.
============= FINISH: 15:00:02.01 ===============