cassovel Posted November 3, 2012 ID:609145 Share Posted November 3, 2012 Hi, ive been having issues with both my laptop and my desktop. Also my wireless network in my home. I'm not sure if any are related but i will start with my desktop since it was the most expensive/recent purchase. Ive followed the instructions from the "I'm infected - What do i do now..." post so here is my DDS.txt file:DDS (Ver_2012-10-19.01) - NTFS_AMD64Internet Explorer: 9.0.8112.16421Run by Cassovel at 22:52:37 on 2012-11-02Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8151.5356 [GMT -10:00].AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSc:\Program Files\Microsoft Security Client\MsMpEng.exeC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\atieclxx.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files\ActivIdentity\ActivClient\acevents.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Windows\SysWOW64\svchost.exe -k hpdevmgmtC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe\\.\globalroot\systemroot\svchost.exe -netsvcsC:\Windows\system32\conhost.exeC:\Windows\system32\svchost.exe -k HPServiceC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\WUDFHost.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exeC:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler64.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\splwow64.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exeC:\Windows\Explorer.EXEC:\Program Files\Microsoft Security Client\msseces.exeC:\Program Files\ActivIdentity\ActivClient\acevents.exeC:\Program Files\ActivIdentity\ActivClient\accrdsub.exeC:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Users\Cassovel\AppData\Local\Google\Update\GoogleUpdate.exeC:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exeC:\Program Files (x86)\Samsung\Kies\Kies.exeC:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exeC:\Program Files (x86)\Google\Drive\googledrivesync.exeC:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exeC:\Program Files\ActivIdentity\ActivClient\acsagent.exeC:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exeC:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exeC:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exeC:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exeC:\Windows\system32\conhost.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exeC:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exeC:\Program Files\ActivIdentity\ActivClient\acevents.exeC:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exeC:\Program Files (x86)\Google\Drive\googledrivesync.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exeC:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exeC:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Windows\system32\taskeng.exec:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Windows\system32\DllHost.exeC:\Program Files (x86)\Logitech\LWS\LU\LULnchr.exeC:\Program Files (x86)\Logitech\LWS\LU\LogitechUpdate.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Windows\system32\PrintIsolationHost.exeC:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exeC:\Windows\system32\conhost.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.google.com/mWinlogon: Userinit = userinit.exe,BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dllBHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\hp\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dllBHO: PE_IE_Helper Class: {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files (x86)\IBM\Lotus Forms\Viewer\3.5\PEhelper.dllBHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coieplg.dllBHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ipsbho.dllBHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLLBHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllBHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllBHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLLBHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllBHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dllBHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dllTB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllTB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coieplg.dllTB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dllTB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coieplg.dllTB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dllTB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllEB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\hp\Digital Imaging\Smart Web Printing\hpswp_bho.dllEB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\hp\Digital Imaging\Smart Web Printing\hpswp_bho.dlluRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"uRun: [Google Update] "C:\Users\Cassovel\AppData\Local\Google\Update\GoogleUpdate.exe" /cuRun: [bdfccfbdceeddct] "C:\ProgramData\bdfccfbdceeddct.exe"uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exeuRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preloaduRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startupuRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exeuRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostartuRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exemRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exemRun: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exemRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exemRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exemRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDEDmRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServicesmRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hidemRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunmRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exemRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exemRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ACTIVC~1.LNK - C:\Program Files\ActivIdentity\ActivClient\acsagent.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exemPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllIE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dllDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabTCP: NameServer = 192.168.0.1TCP: Interfaces\{F46FA383-ABBB-4A7D-954C-E3A36BCFBB5B} : DHCPNameServer = 192.168.0.1TCP: Interfaces\{F46FA383-ABBB-4A7D-954C-E3A36BCFBB5B}\36163737F66756C6 : DHCPNameServer = 24.25.227.55 209.18.47.61 24.25.227.53Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllSSODL: WebCheck - <orphaned>SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLLLSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livesspx64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLLx64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLLx64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exex64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkeyx64-Run: [acevents] "C:\Program Files\ActivIdentity\ActivClient\acevents.exe"x64-Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllx64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLx64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-SSODL: WebCheck - <orphaned>x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Cassovel\AppData\Roaming\Mozilla\Firefox\Profiles\ruvvtxuz.default\FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/FF - prefs.js: keyword.URL - hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=sf&tbid=80001&language=en&qkw=FF - prefs.js: network.proxy.type - 0FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dllFF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\components\coFFPlgn.dllFF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dllFF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLLFF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLLFF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dllFF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npclntax_HBLiteSA.dllFF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dllFF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dllFF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npmfv.dllFF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dllFF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - plugin: C:\Users\Cassovel\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dllFF - plugin: C:\Users\Cassovel\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dllFF - plugin: C:\Users\Cassovel\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dllFF - plugin: C:\Users\Cassovel\AppData\Roaming\Mozilla\plugins\npgoogletalk.dllFF - plugin: C:\Users\Cassovel\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dllFF - ExtSQL: 2012-10-21 16:51; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}FF - ExtSQL: !HIDDEN! 2011-07-22 17:01; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3.---- FIREFOX POLICIES ----FF - user.js: yahoo.ytff.general.dontshowhpoffer - true.============= SERVICES / DRIVERS ===============.R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1109000.00C\symds64.sys [2011-10-11 433200]R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1109000.00C\symefa64.sys [2011-10-11 221304]R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\NISx64\1109000.00C\cchpx64.sys [2011-10-11 593544]R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20121102.001\IDSviA64.sys [2012-11-2 513184]R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1109000.00C\ironx64.sys [2011-10-11 150064]R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\NISx64\1109000.00C\symtdiv.sys [2011-10-11 451704]R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/03/19 09:30:21];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2010-3-19 146928]R2 ac.sharedstore;ActivIdentity Shared Store Service;C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [2012-6-20 277656]R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-9-8 203776]R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-3-19 13336]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-26 399432]R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccsvchst.exe [2011-10-11 126400]R2 sxuptp;SXUPTP Driver;C:\Windows\System32\drivers\sxuptp.sys [2009-7-3 291336]R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2011-6-1 9320448]R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2011-6-1 306688]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-23 138912]R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-3-19 56344]R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]R3 LVUVC64;Logitech Webcam C210(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-3-19 239616]S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20120928.001\BHDrvx64.sys [2012-10-2 1385120]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-16 135664]S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-26 676936]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-29 250808]S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-10-18 102368]S3 dgderdrv;dgderdrv;C:\Windows\System32\drivers\dgderdrv.sys [2010-9-14 20552]S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-11-21 48488]S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-16 135664]S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-10-26 32768]S3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\System32\drivers\lvpopf64.sys [2010-7-27 271712]S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2010-5-7 30304]S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-10-26 25928]S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-8-23 114144]S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2010-3-19 763904]S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 128456]S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2012-10-18 203104]S3 TFsExDisk;TFsExDisk;C:\Windows\System32\drivers\TFsExDisk.sys [2010-10-7 16392]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-20 59392]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-17 1255736]S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2009-2-13 14464]S4 D-Link SharePort Helper;D-Link SharePort Helper;C:\Program Files\D-Link\SharePort Utility\Spnuhelper.exe [2011-4-12 49152]S4 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]S4 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2010-5-7 197976]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184].=============== Created Last 30 ================.2012-11-03 04:37:21 9291768 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{98FCBCC8-9F2F-4623-B602-DFE20828B5AE}\mpengine.dll2012-11-03 03:52:47 20480 ------w- C:\Windows\svchost.exe2012-10-29 07:35:01 9291768 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2012-10-27 04:52:01 -------- d-----w- C:\Users\Cassovel\AppData\Roaming\Malwarebytes2012-10-27 04:51:53 -------- d-----w- C:\ProgramData\Malwarebytes2012-10-27 04:51:52 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys2012-10-27 04:51:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2012-10-27 04:20:09 972192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{605722E5-387A-46B3-88AF-41EF31239CA5}\gapaengine.dll2012-10-22 12:25:24 -------- d-----w- C:\Users\Cassovel\AppData\Roaming\Tific2012-10-22 12:25:23 -------- d-----w- C:\Users\Cassovel\AppData\Local\Symantec2012-10-19 00:00:23 203104 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys2012-10-19 00:00:23 102368 ----a-w- C:\Windows\System32\drivers\ssudbus.sys2012-10-10 18:01:53 220160 ----a-w- C:\Windows\System32\wintrust.dll2012-10-10 18:01:52 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll2012-10-10 18:01:45 2048 ----a-w- C:\Windows\SysWow64\tzres.dll2012-10-10 18:01:45 2048 ----a-w- C:\Windows\System32\tzres.dll2012-10-10 18:01:28 715776 ----a-w- C:\Windows\System32\kerberos.dll2012-10-10 18:01:28 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll2012-10-10 18:01:23 1464320 ----a-w- C:\Windows\System32\crypt32.dll2012-10-10 18:01:23 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll2012-10-10 18:01:22 184320 ----a-w- C:\Windows\System32\cryptsvc.dll2012-10-10 18:01:22 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll2012-10-10 18:01:22 140288 ----a-w- C:\Windows\System32\cryptnet.dll2012-10-10 18:01:21 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll.==================== Find3M ====================.2012-10-09 01:26:37 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2012-10-09 01:26:37 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2012-09-26 11:57:14 24576 ----a-w- C:\Windows\SysWow64\MASetupCleaner.exe2012-09-26 11:57:14 172032 ----a-w- C:\Windows\SysWow64\muzapp.exe2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys2012-08-31 08:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys2012-08-31 08:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll.============= FINISH: 22:53:18.69 ===============Here is my Attach.txt :.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-10-19.01).Microsoft Windows 7 Home PremiumBoot Device: \Device\HarddiskVolume1Install Date: 8/15/2010 4:19:06 PMSystem Uptime: 11/2/2012 8:58:11 PM (2 hours ago).Motherboard: MSI | | IONAProcessor: Intel® Core i7 CPU 860 @ 2.80GHz | CPU 1 | 1176/133mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 920 GiB total, 778.726 GiB free.D: is FIXED (NTFS) - 11 GiB total, 1.6 GiB free.E: is CDROM ()G: is RemovableH: is RemovableI: is RemovableJ: is Removable.==== Disabled Device Manager Items =============.Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}Description: Photosmart C6200 seriesDevice ID: ROOT\IMAGE\0000Manufacturer: HPName: Photosmart C6200 seriesPNP Device ID: ROOT\IMAGE\0000Service: StillCam.Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}Description: BHDrvx64Device ID: ROOT\LEGACY_BHDRVX64\0000Manufacturer:Name: BHDrvx64PNP Device ID: ROOT\LEGACY_BHDRVX64\0000Service: BHDrvx64.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: 802.11n Wireless LAN CardDevice ID: PCI\VEN_1814&DEV_3090&SUBSYS_760211AD&REV_00\4&2ED86587&0&00E3Manufacturer: Ralink Technology, Corp.Name: 802.11n Wireless LAN CardPNP Device ID: PCI\VEN_1814&DEV_3090&SUBSYS_760211AD&REV_00\4&2ED86587&0&00E3Service: netr28x.Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}Description: Photosmart C6200 seriesDevice ID: ROOT\MULTIFUNCTION\0000Manufacturer: HPName: Photosmart C6200 seriesPNP Device ID: ROOT\MULTIFUNCTION\0000Service:.==== System Restore Points ===================.RP375: 10/21/2012 7:07:26 PM - Windows UpdateRP376: 10/26/2012 1:44:04 PM - Windows UpdateRP377: 10/26/2012 6:15:47 PM - Windows UpdateRP378: 10/26/2012 6:45:34 PM - Installed Java 6 Update 37.==== Installed Programs ======================.µTorrent64 Bit HP CIO Components InstallerActivClient CAC x64ActiveCheck component for HP Active Support LibraryAdobe AIRAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader 9.5.2Adobe Shockwave Player 11.6AIO_ScanAMD Drag and Drop TranscodingApple Application SupportApple Mobile Device SupportApple Software UpdateATI Catalyst Install ManagerATI Catalyst RegistrationAvatar: Bobble BattlesBonjourBufferChmC6200C6200_HelpCameraHelperMsiCatalyst Control Center - BrandingCatalyst Control Center Graphics Previews CommonCatalyst Control Center Graphics Previews VistaCatalyst Control Center InstallProxyccc-core-staticccc-utility64CCC Help EnglishCompatibility Pack for the 2007 Office systemCopyCoupon Printer for WindowsCyberLink DVD Suite DeluxeD3DX10Definition Update for Microsoft Office 2010 (KB982726) 32-Bit EditionDestinationsDeviceDiscoveryDirectX for Managed Code Update (Summer 2004)DivX SetupDocProcDVD Menu Pack for HP MediaSmart VideoerLTFATE: The Cursed KingFaxGoogle ChromeGoogle DriveGoogle Talk PluginGoogle Toolbar for Internet ExplorerGoogle Update HelperGPBaseService2Hardware Diagnostic ToolsHidden WorldHobby FarmHotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)HP AdvisorHP Customer Experience EnhancementsHP Customer Participation Program 13.0HP GamesHP Imaging Device Functions 13.0HP MediaSmart DemoHP MediaSmart DVDHP MediaSmart Music/Photo/VideoHP MediaSmart SmartMenuHP MediaSmart/TouchSmart NetflixHP OdometerHP Photosmart All-In-One Driver Software 13.0 Rel. 2HP Photosmart Essential 3.5HP Remote SolutionHP SetupHP Smart Web Printing 4.51HP Solution Center 13.0HP Support AssistantHP Support InformationHP UpdateHPAsset component for HP Active Support LibraryHPPhotoGadgetHPPhotoSmartDiscLabel_PaperLabelHPPhotoSmartDiscLabel_PrintOnDiscHPPhotoSmartDiscLabelContent1hpphotosmartdisclabelpluginHPPhotosmartEssentialHPProductAssistantHPSSupplyHulu DesktopHydraVisionIBM Lotus Forms Viewer 3.5.1iCloudIntel® Rapid Storage TechnologyiTunesJava Auto UpdaterJunk Mail filter updateKies miniLabelPrintLightScribe System SoftwareLogitech Vid HDLogitech Webcam SoftwareLWS FacebookLWS GalleryLWS Help_mainLWS LauncherLWS Motion DetectionLWS Pictures And VideoLWS TwitterLWS Video Mask MakerLWS VideoEffectsLWS Webcam SoftwareLWS WLM PluginLWS YouTube PluginMalwarebytes Anti-Malware version 1.65.1.1000MarketResearchMediaSPaceMesh RuntimeMessenger CompanionMicrosoft .NET Framework 4 Client ProfileMicrosoft Application Error ReportingMicrosoft Live Search ToolbarMicrosoft Office 2010 Service Pack 1 (SP1)Microsoft Office Access MUI (English) 2010Microsoft Office Access Setup Metadata MUI (English) 2010Microsoft Office Excel MUI (English) 2010Microsoft Office Groove MUI (English) 2010Microsoft Office Home and Student 60 day trialMicrosoft Office InfoPath MUI (English) 2010Microsoft Office Office 64-bit Components 2010Microsoft Office OneNote MUI (English) 2010Microsoft Office Outlook ConnectorMicrosoft Office Outlook MUI (English) 2010Microsoft Office PowerPoint MUI (English) 2010Microsoft Office PowerPoint Viewer 2007 (English)Microsoft Office Professional Plus 2010Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2010Microsoft Office Publisher MUI (English) 2010Microsoft Office Shared 64-bit MUI (English) 2010Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office Word MUI (English) 2010Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bitMicrosoft Security ClientMicrosoft Security EssentialsMicrosoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft WorksMobileMe Control PanelMovie Theme Pack for HP MediaSmart VideoMozilla Firefox 15.0.1 (x86 en-US)Mozilla Maintenance ServiceMSVCRTMSVCRT_amd64MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)My Kingdom for the Princess 3MyFreeCodecMystic GalleryNetwork64Norton Internet SecurityNorton Online BackupNorton Security ScanOCR Software by I.R.I.S. 13.0OutlookAddInNet3SetupPictureMoverPlayReady PC Runtime amd64Power2GoPowerDirectorPS_AIO_02_ProductContextPS_AIO_02_SoftwarePS_AIO_02_Software_MinQuickTimeRealtek High Definition Audio DriverRecovery ManagerSamsung KiesSAMSUNG USB Driver for Mobile PhonesScanSecurity Update for CAPICOM (KB931906)Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit EditionSecurity Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit EditionSecurity Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553091)Security Update for Microsoft Office 2010 (KB2553096)Security Update for Microsoft Office 2010 (KB2553260) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553371) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553447) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2589320) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2589322) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2597986) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2598243) 32-Bit EditionSecurity Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit EditionSecurity Update for Microsoft SharePoint Workspace 2010 (KB2566445)Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit EditionSecurity Update for Microsoft Word 2010 (KB2553488) 32-Bit EditionSharePort UtilityShop for HP SuppliesSilicon Laboratories CP210x USB to UART Bridge (Driver Removal)Skype Click to CallSkype™ 5.10SmartWebPrintingSolutionCenterStatusSteamThermaData LoggerThermaData Logger Cradle (Driver Removal)ToolboxTrayAppUnloadSupportUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft Office 2010 (KB2494150)Update for Microsoft Office 2010 (KB2553065)Update for Microsoft Office 2010 (KB2553092)Update for Microsoft Office 2010 (KB2553181) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553267) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553270) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553272) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553310) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2566458)Update for Microsoft Office 2010 (KB2596964) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2598289) 32-Bit EditionUpdate for Microsoft OneNote 2010 (KB2553290) 32-Bit EditionUpdate for Microsoft OneNote 2010 (KB2589345) 32-Bit EditionUpdate for Microsoft Outlook 2010 (KB2553248) 32-Bit EditionUpdate for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit EditionUpdate Installer for WildTangent Games AppVC80CRTRedist - 8.0.50727.4053ViewSonic Monitor DriversVLCVLC media player 1.1.5WebRegWildTangent GamesWildTangent Games AppWildTangent Games App (HP Games)Windows Live Communications PlatformWindows Live EssentialsWindows Live Family SafetyWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live Language SelectorWindows Live MailWindows Live MeshWindows Live Mesh ActiveX Control for Remote ConnectionsWindows Live MessengerWindows Live Messenger Companion CoreWindows Live MIME IFilterWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live Remote ClientWindows Live Remote Client ResourcesWindows Live Remote ServiceWindows Live Remote Service ResourcesWindows Live SOXEWindows Live SOXE DefinitionsWindows Live SyncWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesWindows Movie Maker 2.6WModem Driver InstallerWMV9/VC-1 Video PlaybackYahoo! BrowserPlus 2.9.8Yahoo! MessengerYahoo! Software UpdateYahoo! Toolbar.==== Event Viewer Messages From Past Week ========.11/2/2012 6:36:50 PM, Error: Service Control Manager [7022] - The Server service hung on starting.11/2/2012 6:36:50 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: After starting, the service hung in a start-pending state.11/2/2012 6:11:18 PM, Error: Service Control Manager [7022] - The Windows Search service hung on starting.11/2/2012 6:09:33 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume F:.11/2/2012 5:53:53 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx6411/2/2012 5:02:41 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.842.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x80240022 Error description: The program can't check for definition updates.11/2/2012 5:02:41 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.842.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x80240022 Error description: The program can't check for definition updates.11/2/2012 12:27:41 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.842.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x80240022 Error description: The program can't check for definition updates.11/2/2012 12:27:41 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.842.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x80240022 Error description: The program can't check for definition updates.11/2/2012 10:49:23 PM, Error: Ntfs [137] - The default transaction resource manager on volume F: encountered a non-retryable error and could not start. The data contains the error code.11/2/2012 10:49:23 PM, Error: Microsoft-Windows-Smartcard-Server [610] - Smart Card Reader 'SCM Microsystems Inc. SCRx31 USB Smart Card Reader 0' rejected IOCTL GET_STATE: The I/O operation has been aborted because of either a thread exit or an application request. If this error persists, your smart card or reader may not be functioning correctly. Command Header: XX XX XX XX11/2/2012 10:49:09 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.10/29/2012 11:45:12 AM, Error: Microsoft-Windows-Smartcard-Server [610] - Smart Card Reader 'SCM Microsystems Inc. SCRx31 USB Smart Card Reader 0' rejected IOCTL GET_STATE: The device has been removed. If this error persists, your smart card or reader may not be functioning correctly. Command Header: XX XX XX XX10/28/2012 9:26:57 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.10/28/2012 9:23:18 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000096, 0xfffff80002cc516a, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 102812-67361-01.10/26/2012 8:31:54 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.0.193. The computer with the IP address 192.168.0.194 did not allow the name to be claimed by this computer.10/26/2012 7:52:37 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 SRTSP10/26/2012 7:51:51 PM, Error: SRTSP [5] - Error loading Symantec real time Anti-Virus driver.10/26/2012 7:51:50 PM, Error: SRTSP [4] - Error loading virus definitions.10/26/2012 6:58:49 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002f8363a, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 102612-45552-01.10/26/2012 6:15:07 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000300000229, 0x0000000000000002, 0x0000000000000001, 0xfffff80002cda39b). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 102612-36987-01.10/26/2012 5:49:30 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x000000000000029d, 0x0000000000000002, 0x0000000000000001, 0xfffff80002cf90c5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 102612-39234-01.10/26/2012 5:44:53 PM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 1.139.43.0;1.139.43.0 Engine version: 1.1.8800.010/26/2012 1:36:23 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SRTSP10/26/2012 1:35:55 PM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 1.139.43.0;1.139.43.0 Engine version: 1.1.8800.0.==== End Of File ===========================I just want to thank everyone ahead of time for the help.. I thought i was somewhat computer saavy but i guess im not Link to post Share on other sites More sharing options...
cassovel Posted November 3, 2012 Author ID:609148 Share Posted November 3, 2012 Also here is a copy of the roguekiller report:RogueKiller V8.2.1 [10/29/2012] by Tigzymail: tigzyRK<at>gmail<dot>comFeedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/Website: http://tigzy.geekstogo.com/roguekiller.phpBlog: http://tigzyrk.blogspot.comOperating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Cassovel [Admin rights]Mode : Scan -- Date : 11/02/2012 23:13:25¤¤¤ Bad processes : 1 ¤¤¤[sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]¤¤¤ Registry Entries : 7 ¤¤¤[RUN][sUSP PATH] HKCU\[...]\Run : bdfccfbdceeddct ("C:\ProgramData\bdfccfbdceeddct.exe") -> FOUND[RUN][sUSP PATH] HKUS\S-1-5-21-411804229-1992954851-3435353238-1001[...]\Run : bdfccfbdceeddct ("C:\ProgramData\bdfccfbdceeddct.exe") -> FOUND[services][ROGUE ST] HKLM\[...]\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49} (\??\c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl) -> FOUND[services][ROGUE ST] HKLM\[...]\ControlSet002\Services\{55662437-DA8C-40c0-AADA-2C816A897A49} (\??\c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl) -> FOUND[TASK][sUSP PATH] {9AF2DD5C-8BE8-4D70-8713-F8F30F9FE0DF} : C:\Windows\system32\pcalua.exe -a "C:\Users\Cassovel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6E17WYBV\AdobeAIRInstaller[1].exe" -d C:\Users\Cassovel\Desktop -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [NOT LOADED] ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> C:\Windows\system32\drivers\etc\hosts¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: Hitachi HDS721010CLA332 +++++--- User ---[MBR] 3f80fc3defdb5ceb3f4b5c4332c99d6e[bSP] 9006b614b814c894c5bb1128e5f21743 : Windows Vista/7 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 942445 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1930334208 | Size: 11322 MoUser != LL1 ... KO!--- LL1 ---[MBR] a7e89396e6d4b3e302b34cf3b51570ed[bSP] 9006b614b814c894c5bb1128e5f21743 : Windows Vista/7 MBR CodePartition table:1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 942445 Mo3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1930334208 | Size: 11322 MoUser != LL2 ... KO!--- LL2 ---[MBR] a7e89396e6d4b3e302b34cf3b51570ed[bSP] 9006b614b814c894c5bb1128e5f21743 : Windows Vista/7 MBR CodePartition table:1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 942445 Mo3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1930334208 | Size: 11322 MoFinished : << RKreport[1].txt >>RKreport[1].txt Link to post Share on other sites More sharing options...
Maniac Posted November 3, 2012 ID:609265 Share Posted November 3, 2012 Hello cassovel and ! My name is Maniac and I will be glad to help you solve your malware problem.Please note:If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.Make sure you read all of the instructions and fixes thoroughly before continuing with them.Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.BACKDOOR WARNINGOne or more of the identified infections is known to use a backdoor.This allows hackers to remotely control your computer, steal critical system information and download and execute files.I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:Help: I Got Hacked. Now What Do I Do?Help: I Got Hacked. Now What Do I Do? Part IIHow Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?When Should I Format, How Should I ReinstallWe can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.Step 1Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. My suggestion is to uninstall Microsoft Security Essentials, but only if you have license for Norton Internet Security, but if not do the opposite.Also, uninstall µTorrent.Finally, restart your computer.Step 2Please download the latest version of TDSSKiller from here and save it to your Desktop.Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.Put a checkmark beside loaded modules.A reboot will be needed to apply the changes. Do it.TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.Then click on Change parameters in TDSSKiller.Check all boxes then click OK.Click the Start Scan button.The scan should take no longer than 2 minutes.If a suspicious object is detected, the default action will be Skip, click on Continue. If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.Step 3Launch Malwarebytes' Anti-MalwareGo to Update tab and select Check for Updates. If an update is found, it will download and install the latest version. Go to Scanner tab and select Perform Quick Scan, then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.In your next reply, post the following log files:TDSSKiller logMalwarebytes' Anti-Malware loga new fresh DDS log Link to post Share on other sites More sharing options...
cassovel Posted November 3, 2012 Author ID:609347 Share Posted November 3, 2012 Ok quick question while im waiting on my computer to restart(typing this from my laptop which may or may not be infected) is there a better alternative to Microsoft Security Essentials or Norton Internet Security? Such as Avast! or AVG? Just curious. thank you so much for the help. My desktop crashed again when i reconnected back to the internet to download TDSSKiller. Another question, is it possible to download TDSSKiller onto my laptop(not crashing when connected to interwebs) and then transfer via USB to desktop? <--- probably a dumb question lol Link to post Share on other sites More sharing options...
Maniac Posted November 4, 2012 ID:609534 Share Posted November 4, 2012 They are very good solutions, but need to be updated program and database versions to be better at their protection. Good free solutions are avast! Anti-Virus or Avira AntiVir. You could find a lot of results from AV test organisation named Av-Comparatives:http://www.av-comparatives.org/You could transfer them, but first prevent this USB from infection.http://www.pandasecurity.com/homeusers/downloads/usbvaccine/Then use it on what you need. Link to post Share on other sites More sharing options...
cassovel Posted November 4, 2012 Author ID:609616 Share Posted November 4, 2012 Hi Maniac thanks for the response. as of my last reply i have not been able to restart my desktop computer. It starts, shows the black Microsoft Windows loader screen then flashes a blue screen the restarts. It then asks if i want to start computer normally or via "startup repair"(i think this is what it is called) upon startup repair it then does a quick load then automatically goes to the HP "system repair"(i really can't remember what the screen is called) it has the system checkup option, then it offers system restore, startup repair, and something else lol i can't remember. Is there anything i can try before reformating the computer?? I was looking at the Windows Defender Offline to see if that works, I will let you know if that allows me to actually start the computer and then i will reaccomplish the above task with TDSSKiller. If this is not a good a idea please let me know lol.. As always thank you for your help. Link to post Share on other sites More sharing options...
Maniac Posted November 4, 2012 ID:609648 Share Posted November 4, 2012 We have other options too. After you already immunize your USB flash drive:For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options.To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Select English as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Select English as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press EnterNote: Replace letter e with the drive letter of your flash drive.[*]The tool will start to run.[*]When the tool opens click Yes to disclaimer.[*]Press Scan button.[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply. Link to post Share on other sites More sharing options...
cassovel Posted November 5, 2012 Author ID:609713 Share Posted November 5, 2012 FRST.txt as follows:Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-10-2012Ran by SYSTEM at 04-11-2012 15:45:41Running from G:\Windows 7 Home Premium (X64) OS Language: English(US)The current controlset is ControlSet001==================== Registry (Whitelisted) ===================HKLM\...\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-16] (PC-Doctor, Inc.)HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1289704 2012-09-12] (Microsoft Corporation)HKLM\...\Run: [acevents] "C:\Program Files\ActivIdentity\ActivClient\acevents.exe" [197272 2012-06-21] (ActivIdentity)HKLM\...\Run: [] [x]HKLM\...\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe" [491160 2012-06-21] (ActivIdentity)HKLM-x32\...\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)HKLM-x32\...\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [x]HKLM-x32\...\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)HKLM-x32\...\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)HKLM-x32\...\Run: [] [x]HKLM-x32\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED [600936 2009-06-29] (Symantec Corporation)HKLM-x32\...\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)HKLM-x32\...\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [165208 2010-05-07] (Logitech Inc.)HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-10-01] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)HKLM-x32\...\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated)HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)HKLM-x32\...\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [309688 2012-10-10] (Samsung Electronics Co., Ltd.)HKU\Cassovel\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-08-16] (Google Inc.)HKU\Cassovel\...\Run: [Google Update] "C:\Users\Cassovel\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-08-05] (Google Inc.)HKU\Cassovel\...\Run: [bdfccfbdceeddct] "C:\ProgramData\bdfccfbdceeddct.exe" [x]HKU\Cassovel\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)HKU\Cassovel\...\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload [966072 2012-10-10] (Samsung)HKU\Cassovel\...\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup [580096 2012-10-08] (Samsung Electronics)HKU\Cassovel\...\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [842680 2012-10-10] (Samsung)HKU\Cassovel\...\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart [15668432 2012-09-06] (Google)HKU\Cassovel\...\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [842680 2012-10-10] (Samsung)HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1685048 2009-09-29] (Hewlett-Packard)HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1685048 2009-09-29] (Hewlett-Packard)HKLM\...\Runonce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [x]HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)Tcpip\Parameters: [DhcpNameServer] 192.168.0.1Startup: C:\Users\All Users\Start Menu\Programs\Startup\ActivClient Agent.lnkShortcutTarget: ActivClient Agent.lnk -> C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnkShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)Startup: C:\Users\All Users\Start Menu\Programs\Startup\PictureMover.lnkShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)==================== Services (Whitelisted) ===================2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277656 2012-06-21] (ActivIdentity)4 D-Link SharePort Helper; "C:\Program Files\D-Link\SharePort Utility\Spnuhelper.exe" /service [49152 2011-04-12] ()2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22072 2012-09-12] (Microsoft Corporation)2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\diMaster.dll" /prefetch:1 [135032 2010-04-29] (Symantec Corporation)3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [368896 2012-09-12] (Microsoft Corporation)==================== Drivers (Whitelisted) =====================1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20120928.001\BHDrvx64.sys [1385120 2012-08-31] (Symantec Corporation)1 ccHP; C:\Windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys [593544 2011-08-03] (Symantec Corporation)3 dgderdrv; C:\Windows\System32\Drivers\dgderdrv.sys [20552 2010-09-15] (Devguru Co., Ltd)3 dgderdrv; C:\Windows\SysWow64\Drivers\dgderdrv.sys [20032 2011-03-29] (Devguru Co., Ltd)1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-19] (Symantec Corporation)3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-19] (Symantec Corporation)1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20121017.001\IDSvia64.sys [513184 2012-08-31] (Symantec Corporation)3 LVPr2M64; C:\Windows\System32\Drivers\LVPr2M64.sys [30304 2010-05-07] ()3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [228768 2012-08-31] (Microsoft Corporation)2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-31] (Microsoft Corporation)1 SRTSP; C:\Windows\System32\Drivers\NISx64\1109000.00C\SRTSP64.SYS [505392 2010-04-21] (Symantec Corporation)1 SRTSPX; C:\Windows\system32\drivers\NISx64\1109000.00C\SRTSPX64.SYS [32304 2010-04-21] (Symantec Corporation)2 sxuptp; C:\Windows\System32\Drivers\sxuptp.sys [291336 2011-04-12] (silex technology, Inc.)0 SymDS; C:\Windows\System32\drivers\NISx64\1109000.00C\SYMDS64.SYS [433200 2009-08-29] (Symantec Corporation)0 SymEFA; C:\Windows\System32\drivers\NISx64\1109000.00C\SYMEFA64.SYS [221304 2011-08-21] (Symantec Corporation)3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [173104 2010-08-15] (Symantec Corporation)1 SymIRON; C:\Windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS [150064 2010-04-28] (Symantec Corporation)1 SYMTDIv; C:\Windows\System32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS [451704 2011-08-21] (Symantec Corporation)2 {55662437-DA8C-40c0-AADA-2C816A897A49}; \??\c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2009-09-17] (CyberLink Corp.)3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20121020.007\ENG64.SYS [x]3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20121020.007\EX64.SYS [x]==================== NetSvcs (Whitelisted) ======================================== One Month Created Files and Folders ========2012-11-04 11:34 - 2012-11-04 11:34 - 00000000 ____D C:\Windows\Microsoft Antimalware2012-11-03 01:17 - 2012-11-03 01:18 - 00002951 ____A C:\Users\Cassovel\Desktop\Result.txt2012-11-03 01:13 - 2012-11-03 01:13 - 00003043 ____A C:\Users\Cassovel\Desktop\RKreport[1].txt2012-11-03 01:12 - 2012-11-03 01:13 - 00000000 ____D C:\Users\Cassovel\Desktop\RK_Quarantine2012-11-03 00:53 - 2012-11-03 00:54 - 00031950 ____A C:\Users\Cassovel\Desktop\dds.txt2012-11-03 00:53 - 2012-11-03 00:54 - 00019199 ____A C:\Users\Cassovel\Desktop\attach.txt2012-10-29 13:41 - 2012-10-29 13:41 - 00000000 ____D C:\Users\All Users\Windows Genuine Advantage2012-10-28 23:43 - 2012-11-03 09:45 - 00000000 ____D C:\Users\Cassovel\Desktop\Entry.aspx_files2012-10-28 23:43 - 2012-10-28 23:43 - 00090790 ____A C:\Users\Cassovel\Desktop\Entry.aspx.htm2012-10-26 20:52 - 2012-10-26 20:52 - 00000000 ____D C:\Users\Cassovel\AppData\Roaming\Malwarebytes2012-10-26 20:51 - 2012-11-03 09:45 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware2012-10-26 20:51 - 2012-10-26 20:51 - 00000000 ____D C:\Users\All Users\Malwarebytes2012-10-26 20:19 - 2012-10-26 20:19 - 00000000 ____D C:\Windows\Sun2012-10-26 20:15 - 2012-10-26 20:15 - 00275336 ____A C:\Windows\Minidump\102612-36987-01.dmp2012-10-26 19:49 - 2012-10-26 19:49 - 00275336 ____A C:\Windows\Minidump\102612-39234-01.dmp2012-10-22 04:25 - 2012-10-22 04:25 - 00000000 ____D C:\Users\Cassovel\AppData\Roaming\Tific2012-10-22 04:25 - 2012-10-22 04:25 - 00000000 ____D C:\Users\Cassovel\AppData\Local\Symantec2012-10-21 20:53 - 2012-10-21 20:53 - 01115152 ____A C:\Windows\Minidump\102112-45957-01.dmp2012-10-18 16:39 - 2012-10-18 16:39 - 00000000 ____D C:\Users\Public\Documents\CrashDump2012-10-18 16:28 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe2012-10-18 16:01 - 2012-10-18 16:01 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log2012-10-18 16:00 - 2012-09-19 20:35 - 00203104 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys2012-10-18 16:00 - 2012-09-19 20:35 - 00102368 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys2012-10-10 10:02 - 2012-08-31 10:19 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys2012-10-10 10:02 - 2012-08-30 10:03 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe2012-10-10 10:02 - 2012-08-30 09:12 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe2012-10-10 10:02 - 2012-08-30 09:12 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe2012-10-10 10:02 - 2012-08-20 10:48 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll2012-10-10 10:02 - 2012-08-20 10:48 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll2012-10-10 10:02 - 2012-08-20 10:48 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll2012-10-10 10:02 - 2012-08-20 10:48 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll2012-10-10 10:02 - 2012-08-20 10:48 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll2012-10-10 10:02 - 2012-08-20 10:48 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll2012-10-10 10:02 - 2012-08-20 10:48 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll2012-10-10 10:02 - 2012-08-20 10:46 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe2012-10-10 10:02 - 2012-08-20 10:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 10:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 09:40 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll2012-10-10 10:02 - 2012-08-20 09:38 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe2012-10-10 10:02 - 2012-08-20 09:37 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll2012-10-10 10:02 - 2012-08-20 09:37 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll2012-10-10 10:02 - 2012-08-20 09:37 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll2012-10-10 10:02 - 2012-08-20 09:32 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 09:32 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 07:38 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe2012-10-10 10:02 - 2012-08-20 07:38 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe2012-10-10 10:02 - 2012-08-20 07:33 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 07:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 07:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 07:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll2012-10-10 10:01 - 2012-09-14 11:19 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll2012-10-10 10:01 - 2012-09-14 10:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll2012-10-10 10:01 - 2012-08-24 10:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll2012-10-10 10:01 - 2012-08-24 08:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll2012-10-10 10:01 - 2012-08-10 16:56 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll2012-10-10 10:01 - 2012-08-10 15:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll2012-10-10 10:01 - 2012-06-01 21:41 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll2012-10-10 10:01 - 2012-06-01 21:41 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll2012-10-10 10:01 - 2012-06-01 21:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll2012-10-10 10:01 - 2012-06-01 20:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll2012-10-10 10:01 - 2012-06-01 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll2012-10-10 10:01 - 2012-06-01 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll==================== 3 Months Modified Files ==================2012-11-03 01:18 - 2012-11-03 01:17 - 00002951 ____A C:\Users\Cassovel\Desktop\Result.txt2012-11-03 01:13 - 2012-11-03 01:13 - 00003043 ____A C:\Users\Cassovel\Desktop\RKreport[1].txt2012-11-03 00:54 - 2012-11-03 00:53 - 00031950 ____A C:\Users\Cassovel\Desktop\dds.txt2012-11-03 00:54 - 2012-11-03 00:53 - 00019199 ____A C:\Users\Cassovel\Desktop\attach.txt2012-10-28 23:43 - 2012-10-28 23:43 - 00090790 ____A C:\Users\Cassovel\Desktop\Entry.aspx.htm2012-10-26 20:15 - 2012-10-26 20:15 - 00275336 ____A C:\Windows\Minidump\102612-36987-01.dmp2012-10-26 20:15 - 2010-06-24 09:29 - 01311227 ____A C:\Windows\WindowsUpdate.log2012-10-26 20:15 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT2012-10-26 20:15 - 2009-07-13 20:51 - 00065163 ____A C:\Windows\setupact.log2012-10-26 20:14 - 2011-07-17 23:17 - 594894212 ____A C:\Windows\MEMORY.DMP2012-10-26 20:14 - 2010-08-17 05:22 - 00126562 ____A C:\Windows\PFRO.log2012-10-26 19:49 - 2012-10-26 19:49 - 00275336 ____A C:\Windows\Minidump\102612-39234-01.dmp2012-10-26 19:49 - 2010-08-16 17:30 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2012-10-21 21:05 - 2011-08-26 10:43 - 00000920 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-411804229-1992954851-3435353238-1001UA.job2012-10-21 21:01 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02012-10-21 21:01 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02012-10-21 21:00 - 2009-07-13 21:13 - 00730512 ____A C:\Windows\System32\PerfStringBackup.INI2012-10-21 20:58 - 2010-08-16 17:30 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2012-10-21 20:53 - 2012-10-21 20:53 - 01115152 ____A C:\Windows\Minidump\102112-45957-01.dmp2012-10-18 16:27 - 2012-08-20 01:30 - 00000344 ____A C:\Windows\Tasks\HPCeeScheduleForCassovel.job2012-10-18 15:30 - 2011-08-26 10:43 - 00000868 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-411804229-1992954851-3435353238-1001Core.job2012-10-18 15:26 - 2012-04-29 11:51 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job2012-10-12 21:06 - 2010-11-13 22:10 - 00000408 ___AH C:\Windows\Tasks\Norton Security Scan for Cassovel.job2012-10-11 05:06 - 2010-08-21 14:09 - 65309168 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe2012-10-11 05:05 - 2011-04-11 09:55 - 00002376 ____A C:\Users\Public\Desktop\Google Chrome.lnk2012-10-08 17:26 - 2012-04-29 11:51 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2012-10-08 17:26 - 2011-05-23 17:26 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2012-10-03 05:01 - 2011-05-22 19:38 - 00001945 ____A C:\Windows\epplauncher.mif2012-10-02 16:54 - 2010-08-15 15:32 - 00000544 ____A C:\Windows\Tasks\PCDRScheduledMaintenance.job2012-10-02 15:49 - 2010-11-07 15:29 - 00023541 ____A C:\Windows\System32\lvcoinst.log2012-09-27 12:29 - 2011-05-21 10:23 - 00174080 __ASH C:\Users\Cassovel\Desktop\Thumbs.db2012-09-26 03:57 - 2011-03-18 01:06 - 00172032 ____A (Musiccity Co.Ltd.) C:\Windows\SysWOW64\muzapp.exe2012-09-26 03:57 - 2011-03-18 01:06 - 00024576 ____A ((?)????) C:\Windows\SysWOW64\MASetupCleaner.exe2012-09-19 20:35 - 2012-10-18 16:00 - 00203104 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys2012-09-19 20:35 - 2012-10-18 16:00 - 00102368 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys2012-09-18 12:47 - 2012-09-18 11:38 - 941387776 ____A C:\Users\Cassovel\Desktop\Food.Inc.XviD.AC3.MVGroup.org.avi2012-09-14 11:19 - 2012-10-10 10:01 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll2012-09-14 10:28 - 2012-10-10 10:01 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll2012-08-31 10:19 - 2012-10-10 10:02 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys2012-08-31 00:03 - 2012-08-31 00:03 - 00228768 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys2012-08-31 00:03 - 2010-10-24 23:25 - 00128456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys2012-08-30 10:03 - 2012-10-10 10:02 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe2012-08-30 09:12 - 2012-10-10 10:02 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe2012-08-30 09:12 - 2012-10-10 10:02 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe2012-08-27 02:11 - 2012-08-27 02:11 - 00033923 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.232012-08-27 02:11 - 2012-08-27 02:11 - 00033923 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.222012-08-27 02:11 - 2012-08-27 02:11 - 00033922 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.242012-08-27 02:11 - 2012-08-27 02:11 - 00033916 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.252012-08-27 02:11 - 2012-08-27 02:11 - 00033824 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.212012-08-27 02:11 - 2012-08-27 02:11 - 00033815 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.202012-08-27 02:11 - 2012-08-27 02:11 - 00033776 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.192012-08-27 02:11 - 2012-08-27 02:11 - 00033774 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.112012-08-27 02:11 - 2012-08-27 02:11 - 00033769 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.162012-08-27 02:11 - 2012-08-27 02:11 - 00033765 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.182012-08-27 02:11 - 2012-08-27 02:11 - 00033765 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.172012-08-27 02:11 - 2012-08-27 02:11 - 00033762 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.122012-08-27 02:11 - 2012-08-27 02:11 - 00033752 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.92012-08-27 02:11 - 2012-08-27 02:11 - 00033752 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.152012-08-27 02:11 - 2012-08-27 02:11 - 00033749 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.132012-08-27 02:11 - 2012-08-27 02:11 - 00033741 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.62012-08-27 02:11 - 2012-08-27 02:11 - 00033741 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.142012-08-27 02:11 - 2012-08-27 02:11 - 00033736 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.102012-08-27 02:11 - 2012-08-27 02:11 - 00033726 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.72012-08-27 02:11 - 2012-08-27 02:11 - 00033724 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.82012-08-27 02:10 - 2012-08-27 02:11 - 00033837 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.52012-08-27 02:10 - 2012-08-27 02:10 - 00053472 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.42012-08-27 02:10 - 2012-08-27 02:10 - 00053472 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.02012-08-27 02:10 - 2012-08-27 02:10 - 00034034 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.32012-08-27 02:10 - 2012-08-27 02:10 - 00033387 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.12012-08-27 02:10 - 2012-08-27 02:10 - 00033106 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.22012-08-27 02:06 - 2012-08-27 02:06 - 01001264 ____A (Solid State Networks) C:\Users\Cassovel\Downloads\install_flashplayer11x32ax_mssa_au_aih.exe2012-08-27 02:05 - 2012-08-27 02:05 - 00001705 ____A C:\Users\Cassovel\Desktop\Google Drive.lnk2012-08-27 00:45 - 2012-08-27 00:45 - 00001915 ____A C:\Users\Public\Desktop\Samsung Kies.lnk2012-08-27 00:15 - 2011-04-25 14:26 - 00001136 ____A C:\Users\Public\Desktop\Samsung Kies mini.lnk2012-08-25 14:56 - 2012-01-25 06:38 - 00001976 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk2012-08-24 10:05 - 2012-10-10 10:01 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll2012-08-24 08:57 - 2012-10-10 10:01 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll2012-08-24 03:15 - 2012-09-23 05:00 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll2012-08-24 02:39 - 2012-09-23 05:00 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll2012-08-24 02:31 - 2012-09-23 05:00 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll2012-08-24 02:22 - 2012-09-23 05:00 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll2012-08-24 02:21 - 2012-09-23 05:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll2012-08-24 02:20 - 2012-09-23 05:00 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl2012-08-24 02:18 - 2012-09-23 05:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll2012-08-24 02:17 - 2012-09-23 05:00 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll2012-08-24 02:14 - 2012-09-23 05:00 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll2012-08-24 02:14 - 2012-09-23 05:00 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe2012-08-24 02:13 - 2012-09-23 05:00 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll2012-08-24 02:12 - 2012-09-23 05:00 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll2012-08-24 02:11 - 2012-09-23 05:00 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll2012-08-24 02:10 - 2012-09-23 05:00 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll2012-08-24 02:09 - 2012-09-23 05:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb2012-08-24 02:04 - 2012-09-23 05:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll2012-08-24 00:09 - 2012-08-24 00:08 - 00265600 ____A C:\Windows\Minidump\082312-123412-01.dmp2012-08-23 23:27 - 2012-09-23 05:00 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2012-08-23 23:03 - 2012-09-23 05:00 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2012-08-23 22:59 - 2012-09-23 05:00 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2012-08-23 22:51 - 2012-09-23 05:00 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2012-08-23 22:51 - 2012-09-23 05:00 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2012-08-23 22:51 - 2012-09-23 05:00 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2012-08-23 22:49 - 2012-09-23 05:00 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll2012-08-23 22:48 - 2012-09-23 05:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2012-08-23 22:47 - 2012-09-23 05:00 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2012-08-23 22:47 - 2012-09-23 05:00 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2012-08-23 22:47 - 2012-09-23 05:00 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2012-08-23 22:45 - 2012-09-23 05:00 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2012-08-23 22:44 - 2012-09-23 05:00 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2012-08-23 22:44 - 2012-09-23 05:00 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2012-08-23 22:43 - 2012-09-23 05:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2012-08-23 22:40 - 2012-09-23 05:00 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2012-08-23 05:18 - 2009-07-13 20:45 - 00431064 ____A C:\Windows\System32\FNTCACHE.DAT2012-08-22 10:12 - 2012-09-15 15:51 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys2012-08-22 10:12 - 2012-09-15 15:51 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys2012-08-22 10:12 - 2012-09-15 15:51 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys2012-08-22 10:12 - 2012-09-15 15:51 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS2012-08-21 13:01 - 2012-09-25 13:40 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe2012-08-20 23:06 - 2010-11-17 20:35 - 00116896 ____A C:\Users\Cassovel\AppData\Local\GDIPFONTCACHEV1.DAT2012-08-20 10:48 - 2012-10-10 10:02 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll2012-08-20 10:48 - 2012-10-10 10:02 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll2012-08-20 10:48 - 2012-10-10 10:02 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll2012-08-20 10:48 - 2012-10-10 10:02 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll2012-08-20 10:48 - 2012-10-10 10:02 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll2012-08-20 10:48 - 2012-10-10 10:02 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll2012-08-20 10:48 - 2012-10-10 10:02 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll2012-08-20 10:46 - 2012-10-10 10:02 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe2012-08-20 10:38 - 2012-10-10 10:02 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll2012-08-20 10:38 - 2012-10-10 10:02 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll2012-08-20 10:38 - 2012-10-10 10:02 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll2012-08-20 10:38 - 2012-10-10 10:02 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll2012-08-20 10:38 - 2012-10-10 10:02 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll2012-08-20 10:38 - 2012-10-10 10:02 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll2012-08-20 10:38 - 2012-10-10 10:02 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll2012-08-20 10:38 - 2012-10-10 10:02 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll2012-08-20 10:38 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll2012-08-20 10:38 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll2012-08-20 10:38 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll2012-08-20 10:38 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll2012-08-20 10:38 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll2012-08-20 10:38 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll2012-08-20 10:38 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll2012-08-20 09:40 - 2012-10-10 10:02 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll2012-08-20 09:38 - 2012-10-10 10:02 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe2012-08-20 09:37 - 2012-10-10 10:02 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll2012-08-20 09:37 - 2012-10-10 10:02 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll2012-08-20 09:37 - 2012-10-10 10:02 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll2012-08-20 09:32 - 2012-10-10 10:02 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll2012-08-20 09:32 - 2012-10-10 10:02 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll2012-08-20 09:32 - 2012-10-10 10:02 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll2012-08-20 09:32 - 2012-10-10 10:02 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll2012-08-20 09:32 - 2012-10-10 10:02 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll2012-08-20 09:32 - 2012-10-10 10:02 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll2012-08-20 09:32 - 2012-10-10 10:02 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll2012-08-20 09:32 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll2012-08-20 09:32 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll2012-08-20 09:32 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll2012-08-20 09:32 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll2012-08-20 09:32 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll2012-08-20 09:32 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll2012-08-20 07:38 - 2012-10-10 10:02 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe2012-08-20 07:38 - 2012-10-10 10:02 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe2012-08-20 07:33 - 2012-10-10 10:02 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll2012-08-20 07:33 - 2012-10-10 10:02 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll2012-08-20 07:33 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll2012-08-20 07:33 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll2012-08-20 03:37 - 2012-08-20 03:37 - 00001859 ____A C:\Users\Cassovel\Desktop\Install ApproveIt Desktop.lnk2012-08-20 02:47 - 2012-08-20 02:44 - 40046905 ____A C:\Users\Cassovel\Documents\AC62_AFR_Home_Use.zip2012-08-20 02:04 - 2012-08-20 01:59 - 71935640 ____A (IBM ) C:\Users\Cassovel\Documents\Viewer_DSig_3.5.1.333.exe2012-08-20 01:57 - 2012-08-20 01:55 - 27386256 ____A ( ) C:\Users\Cassovel\Documents\AdbeRdr930_en_US.exe2012-08-19 22:01 - 2012-08-19 21:58 - 32886524 ____A C:\Users\Cassovel\Downloads\ActivClient62.zip2012-08-19 21:56 - 2012-08-19 21:56 - 00138403 ____A C:\Users\Cassovel\Downloads\InstallRoot_v3.15A.zip2012-08-19 21:55 - 2012-08-19 21:55 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf2012-08-10 16:56 - 2012-10-10 10:01 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll2012-08-10 15:56 - 2012-10-10 10:01 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dllATTENTION: ========> Check for possible partition/boot infection:C:\Windows\svchost.exe==================== Known DLLs (Whitelisted) ===================================== Bamital & volsnap Check =================C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legitTDL4: custom:26000022 <===== ATTENTION!==================== EXE ASSOCIATION =====================HKLM\...\.exe: exefile => OKHKLM\...\exefile\DefaultIcon: %1 => OKHKLM\...\exefile\open\command: "%1" %* => OK==================== Restore Points =========================Restore point made on: 2012-10-21 21:07:42Restore point made on: 2012-10-26 15:44:18Restore point made on: 2012-10-26 20:16:02Restore point made on: 2012-10-26 20:45:39==================== Memory info ===========================Percentage of memory in use: 12%Total physical RAM: 8151.08 MBAvailable physical RAM: 7169.23 MBTotal Pagefile: 8149.23 MBAvailable Pagefile: 7164.36 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.9 MB==================== Partitions =============================1 Drive c: (HP) (Fixed) (Total:920.36 GB) (Free:778.93 GB) NTFS2 Drive e: (FACTORY_IMAGE) (Fixed) (Total:11.06 GB) (Free:1.59 GB) NTFS ==>[system with boot components (obtained from reading drive)]4 Drive g: (WDO_MEDIA64) (Removable) (Total:3.77 GB) (Free:3.76 GB) FAT329 Drive x: (Boot) (Fixed) (Total:0.08 GB) (Free:0.07 GB) NTFS10 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]ATTENTION: Malware custom entry on BCD on drive y: detected. Check for MBR/Partition infection. Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 931 GB 0 B Disk 1 Online 3864 MB 0 B Disk 2 No Media 0 B 0 B Disk 3 No Media 0 B 0 B Disk 4 No Media 0 B 0 B Disk 5 No Media 0 B 0 B Partitions of Disk 0:=============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 100 MB 1024 KB Partition 2 Primary 920 GB 101 MB Partition 3 Primary 11 GB 920 GB==================================================================================Disk: 0Partition 1Type : 07Hidden: NoActive: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 1 Y SYSTEM NTFS Partition 100 MB Healthy =========================================================Disk: 0Partition 2Type : 07Hidden: NoActive: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 2 C HP NTFS Partition 920 GB Healthy =========================================================Disk: 0Partition 3Type : 07Hidden: NoActive: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 3 E FACTORY_IMA NTFS Partition 11 GB Healthy =========================================================Partitions of Disk 1:=============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 3863 MB 31 KB==================================================================================Disk: 1Partition 1Type : 0BHidden: NoActive: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 4 G WDO_MEDIA64 FAT32 Removable 3863 MB Healthy =========================================================Last Boot: 2012-11-02 19:18==================== End Of Log ============================= Link to post Share on other sites More sharing options...
Maniac Posted November 5, 2012 ID:609771 Share Posted November 5, 2012 Open Notepad (Start => All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open Notepad and select Paste). Save it on the flashdrive as fixlist.txtstartHKU\Cassovel\...\Run: [bdfccfbdceeddct] "C:\ProgramData\bdfccfbdceeddct.exe" [x]C:\ProgramData\bdfccfbdceeddct.exeC:\Windows\svchost.execmd: bootrec /FixMbrendNOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating systemNow please enter System Recovery Options then select Command PromptRun FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.Reboot Normally. Link to post Share on other sites More sharing options...
cassovel Posted November 6, 2012 Author ID:609931 Share Posted November 6, 2012 <p>ok here is the fixlog.txt:</p><p> </p><p> </p><div>Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-10-2012</div><div>Ran by SYSTEM at 2012-11-05 14:30:07 Run:1</div><div>Running from H:\</div><div> </div><div>==============================================</div><div> </div><div>HKEY_USERS\Cassovel\Software\Microsoft\Windows\CurrentVersion\Run\\bdfccfbdceeddct Value deleted successfully.</div><div>C:\ProgramData\bdfccfbdceeddct.exe not found.</div><div>C:\Windows\svchost.exe moved successfully.</div><div> </div><div>========= bootrec /FixMbr =========</div><div> </div><div>ÿþT h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y . </div><div> </div><div>========= End of CMD: =========</div><div> </div><div> </div><div>==== End of Fixlog ====</div> Link to post Share on other sites More sharing options...
cassovel Posted November 6, 2012 Author ID:609933 Share Posted November 6, 2012 Also when rebooting it still did the same... Goes to black windows screen for a few seconds then the blue screen flashes and the computer restarts.. Link to post Share on other sites More sharing options...
cassovel Posted November 6, 2012 Author ID:609934 Share Posted November 6, 2012 Not sure why it is doing the HTML looking code on the fixlog post but here it is againFix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-10-2012Ran by SYSTEM at 2012-11-05 14:30:07 Run:1Running from H:\==============================================HKEY_USERS\Cassovel\Software\Microsoft\Windows\CurrentVersion\Run\\bdfccfbdceeddct Value deleted successfully.C:\ProgramData\bdfccfbdceeddct.exe not found.C:\Windows\svchost.exe moved successfully.========= bootrec /FixMbr =========ÿþT h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y . ========= End of CMD: ============= End of Fixlog ==== Link to post Share on other sites More sharing options...
Maniac Posted November 6, 2012 ID:610083 Share Posted November 6, 2012 Please post a new fresh FRST log. Link to post Share on other sites More sharing options...
cassovel Posted November 6, 2012 Author ID:610140 Share Posted November 6, 2012 <p>New FRST.txt:</p><p> </p><p> </p><div>Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-10-2012 (ATTENTION: FRST version is 7 days old)</div><div>Ran by SYSTEM at 06-11-2012 11:02:18</div><div>Running from G:\</div><div>Windows 7 Home Premium (X64) OS Language: English(US) </div><div>The current controlset is ControlSet001</div><div> </div><div>==================== Registry (Whitelisted) ===================</div><div> </div><div>HKLM\...\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-16] (PC-Doctor, Inc.)</div><div>HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1289704 2012-09-12] (Microsoft Corporation)</div><div>HKLM\...\Run: [acevents] "C:\Program Files\ActivIdentity\ActivClient\acevents.exe" [197272 2012-06-21] (ActivIdentity)</div><div>HKLM\...\Run: [] [x]</div><div>HKLM\...\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe" [491160 2012-06-21] (ActivIdentity)</div><div>HKLM-x32\...\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)</div><div>HKLM-x32\...\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [x]</div><div>HKLM-x32\...\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)</div><div>HKLM-x32\...\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)</div><div>HKLM-x32\...\Run: [] [x]</div><div>HKLM-x32\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED [600936 2009-06-29] (Symantec Corporation)</div><div>HKLM-x32\...\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)</div><div>HKLM-x32\...\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [165208 2010-05-07] (Logitech Inc.)</div><div>HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-10-01] (Advanced Micro Devices, Inc.)</div><div>HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)</div><div>HKLM-x32\...\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)</div><div>HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)</div><div>HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)</div><div>HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)</div><div>HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated)</div><div>HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated)</div><div>HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)</div><div>HKLM-x32\...\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [309688 2012-10-10] (Samsung Electronics Co., Ltd.)</div><div>HKU\Cassovel\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-08-16] (Google Inc.)</div><div>HKU\Cassovel\...\Run: [Google Update] "C:\Users\Cassovel\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-08-05] (Google Inc.)</div><div>HKU\Cassovel\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)</div><div>HKU\Cassovel\...\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload [966072 2012-10-10] (Samsung)</div><div>HKU\Cassovel\...\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup [580096 2012-10-08] (Samsung Electronics)</div><div>HKU\Cassovel\...\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [842680 2012-10-10] (Samsung)</div><div>HKU\Cassovel\...\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart [15668432 2012-09-06] (Google)</div><div>HKU\Cassovel\...\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [842680 2012-10-10] (Samsung)</div><div>HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1685048 2009-09-29] (Hewlett-Packard)</div><div>HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1685048 2009-09-29] (Hewlett-Packard)</div><div>HKLM\...\Runonce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [x]</div><div>HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)</div><div>Tcpip\Parameters: [DhcpNameServer] 192.168.0.1</div><div>Startup: C:\Users\All Users\Start Menu\Programs\Startup\ActivClient Agent.lnk</div><div>ShortcutTarget: ActivClient Agent.lnk -> C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)</div><div>Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk</div><div>ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)</div><div>Startup: C:\Users\All Users\Start Menu\Programs\Startup\PictureMover.lnk</div><div>ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)</div><div> </div><div>==================== Services (Whitelisted) ===================</div><div> </div><div>2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277656 2012-06-21] (ActivIdentity)</div><div>4 D-Link SharePort Helper; "C:\Program Files\D-Link\SharePort Utility\Spnuhelper.exe" /service [49152 2011-04-12] ()</div><div>2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22072 2012-09-12] (Microsoft Corporation)</div><div>2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\diMaster.dll" /prefetch:1 [135032 2010-04-29] (Symantec Corporation)</div><div>3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [368896 2012-09-12] (Microsoft Corporation)</div><div> </div><div>==================== Drivers (Whitelisted) =====================</div><div> </div><div>1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20120928.001\BHDrvx64.sys [1385120 2012-08-31] (Symantec Corporation)</div><div>1 ccHP; C:\Windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys [593544 2011-08-03] (Symantec Corporation)</div><div>3 dgderdrv; C:\Windows\System32\Drivers\dgderdrv.sys [20552 2010-09-15] (Devguru Co., Ltd)</div><div>3 dgderdrv; C:\Windows\SysWow64\Drivers\dgderdrv.sys [20032 2011-03-29] (Devguru Co., Ltd)</div><div>1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-19] (Symantec Corporation)</div><div>3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-19] (Symantec Corporation)</div><div>1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20121017.001\IDSvia64.sys [513184 2012-08-31] (Symantec Corporation)</div><div>3 LVPr2M64; C:\Windows\System32\Drivers\LVPr2M64.sys [30304 2010-05-07] ()</div><div>3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()</div><div>0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [228768 2012-08-31] (Microsoft Corporation)</div><div>2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-31] (Microsoft Corporation)</div><div>1 SRTSP; C:\Windows\System32\Drivers\NISx64\1109000.00C\SRTSP64.SYS [505392 2010-04-21] (Symantec Corporation)</div><div>1 SRTSPX; C:\Windows\system32\drivers\NISx64\1109000.00C\SRTSPX64.SYS [32304 2010-04-21] (Symantec Corporation)</div><div>2 sxuptp; C:\Windows\System32\Drivers\sxuptp.sys [291336 2011-04-12] (silex technology, Inc.)</div><div>0 SymDS; C:\Windows\System32\drivers\NISx64\1109000.00C\SYMDS64.SYS [433200 2009-08-29] (Symantec Corporation)</div><div>0 SymEFA; C:\Windows\System32\drivers\NISx64\1109000.00C\SYMEFA64.SYS [221304 2011-08-21] (Symantec Corporation)</div><div>3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [173104 2010-08-15] (Symantec Corporation)</div><div>1 SymIRON; C:\Windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS [150064 2010-04-28] (Symantec Corporation)</div><div>1 SYMTDIv; C:\Windows\System32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS [451704 2011-08-21] (Symantec Corporation)</div><div>2 {55662437-DA8C-40c0-AADA-2C816A897A49}; \??\c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2009-09-17] (CyberLink Corp.)</div><div>3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20121020.007\ENG64.SYS [x]</div><div>3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20121020.007\EX64.SYS [x]</div><div> </div><div>==================== NetSvcs (Whitelisted) ====================</div><div> </div><div> </div><div>==================== One Month Created Files and Folders ========</div><div> </div><div>2012-11-04 11:34 - 2012-11-04 11:34 - 00000000 ____D C:\Windows\Microsoft Antimalware</div><div>2012-11-03 01:17 - 2012-11-03 01:18 - 00002951 ____A C:\Users\Cassovel\Desktop\Result.txt</div><div>2012-11-03 01:13 - 2012-11-03 01:13 - 00003043 ____A C:\Users\Cassovel\Desktop\RKreport[1].txt</div><div>2012-11-03 01:12 - 2012-11-03 01:13 - 00000000 ____D C:\Users\Cassovel\Desktop\RK_Quarantine</div><div>2012-11-03 00:53 - 2012-11-03 00:54 - 00031950 ____A C:\Users\Cassovel\Desktop\dds.txt</div><div>2012-11-03 00:53 - 2012-11-03 00:54 - 00019199 ____A C:\Users\Cassovel\Desktop\attach.txt</div><div>2012-10-29 13:41 - 2012-10-29 13:41 - 00000000 ____D C:\Users\All Users\Windows Genuine Advantage</div><div>2012-10-28 23:43 - 2012-11-03 09:45 - 00000000 ____D C:\Users\Cassovel\Desktop\Entry.aspx_files</div><div>2012-10-28 23:43 - 2012-10-28 23:43 - 00090790 ____A C:\Users\Cassovel\Desktop\Entry.aspx.htm</div><div>2012-10-26 20:52 - 2012-10-26 20:52 - 00000000 ____D C:\Users\Cassovel\AppData\Roaming\Malwarebytes</div><div>2012-10-26 20:51 - 2012-11-03 09:45 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware</div><div>2012-10-26 20:51 - 2012-10-26 20:51 - 00000000 ____D C:\Users\All Users\Malwarebytes</div><div>2012-10-26 20:19 - 2012-10-26 20:19 - 00000000 ____D C:\Windows\Sun</div><div>2012-10-26 20:15 - 2012-10-26 20:15 - 00275336 ____A C:\Windows\Minidump\102612-36987-01.dmp</div><div>2012-10-26 19:49 - 2012-10-26 19:49 - 00275336 ____A C:\Windows\Minidump\102612-39234-01.dmp</div><div>2012-10-22 04:25 - 2012-10-22 04:25 - 00000000 ____D C:\Users\Cassovel\AppData\Roaming\Tific</div><div>2012-10-22 04:25 - 2012-10-22 04:25 - 00000000 ____D C:\Users\Cassovel\AppData\Local\Symantec</div><div>2012-10-21 20:53 - 2012-10-21 20:53 - 01115152 ____A C:\Windows\Minidump\102112-45957-01.dmp</div><div>2012-10-18 16:39 - 2012-10-18 16:39 - 00000000 ____D C:\Users\Public\Documents\CrashDump</div><div>2012-10-18 16:01 - 2012-10-18 16:01 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log</div><div>2012-10-18 16:00 - 2012-09-19 20:35 - 00203104 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys</div><div>2012-10-18 16:00 - 2012-09-19 20:35 - 00102368 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys</div><div>2012-10-10 10:02 - 2012-08-31 10:19 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys</div><div>2012-10-10 10:02 - 2012-08-30 10:03 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe</div><div>2012-10-10 10:02 - 2012-08-30 09:12 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe</div><div>2012-10-10 10:02 - 2012-08-30 09:12 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe</div><div>2012-10-10 10:02 - 2012-08-20 10:48 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll</div><div>2012-10-10 10:02 - 2012-08-20 10:48 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll</div><div>2012-10-10 10:02 - 2012-08-20 10:48 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll</div><div>2012-10-10 10:02 - 2012-08-20 10:48 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll</div><div>2012-10-10 10:02 - 2012-08-20 10:48 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll</div><div>2012-10-10 10:02 - 2012-08-20 10:48 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll</div><div>2012-10-10 10:02 - 2012-08-20 10:48 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll</div><div>2012-10-10 10:02 - 2012-08-20 10:46 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe</div><div>2012-10-10 10:02 - 2012-08-20 10:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 10:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 09:40 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll</div><div>2012-10-10 10:02 - 2012-08-20 09:38 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe</div><div>2012-10-10 10:02 - 2012-08-20 09:37 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll</div><div>2012-10-10 10:02 - 2012-08-20 09:37 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll</div><div>2012-10-10 10:02 - 2012-08-20 09:37 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll</div><div>2012-10-10 10:02 - 2012-08-20 09:32 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 09:32 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 07:38 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe</div><div>2012-10-10 10:02 - 2012-08-20 07:38 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe</div><div>2012-10-10 10:02 - 2012-08-20 07:33 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 07:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 07:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 07:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll</div><div>2012-10-10 10:01 - 2012-09-14 11:19 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll</div><div>2012-10-10 10:01 - 2012-09-14 10:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll</div><div>2012-10-10 10:01 - 2012-08-24 10:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll</div><div>2012-10-10 10:01 - 2012-08-24 08:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll</div><div>2012-10-10 10:01 - 2012-08-10 16:56 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll</div><div>2012-10-10 10:01 - 2012-08-10 15:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll</div><div>2012-10-10 10:01 - 2012-06-01 21:41 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll</div><div>2012-10-10 10:01 - 2012-06-01 21:41 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll</div><div>2012-10-10 10:01 - 2012-06-01 21:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll</div><div>2012-10-10 10:01 - 2012-06-01 20:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll</div><div>2012-10-10 10:01 - 2012-06-01 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll</div><div>2012-10-10 10:01 - 2012-06-01 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll</div><div> </div><div> </div><div>==================== 3 Months Modified Files ==================</div><div> </div><div>2012-11-03 01:18 - 2012-11-03 01:17 - 00002951 ____A C:\Users\Cassovel\Desktop\Result.txt</div><div>2012-11-03 01:13 - 2012-11-03 01:13 - 00003043 ____A C:\Users\Cassovel\Desktop\RKreport[1].txt</div><div>2012-11-03 00:54 - 2012-11-03 00:53 - 00031950 ____A C:\Users\Cassovel\Desktop\dds.txt</div><div>2012-11-03 00:54 - 2012-11-03 00:53 - 00019199 ____A C:\Users\Cassovel\Desktop\attach.txt</div><div>2012-10-28 23:43 - 2012-10-28 23:43 - 00090790 ____A C:\Users\Cassovel\Desktop\Entry.aspx.htm</div><div>2012-10-26 20:15 - 2012-10-26 20:15 - 00275336 ____A C:\Windows\Minidump\102612-36987-01.dmp</div><div>2012-10-26 20:15 - 2010-06-24 09:29 - 01311227 ____A C:\Windows\WindowsUpdate.log</div><div>2012-10-26 20:15 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT</div><div>2012-10-26 20:15 - 2009-07-13 20:51 - 00065163 ____A C:\Windows\setupact.log</div><div>2012-10-26 20:14 - 2011-07-17 23:17 - 594894212 ____A C:\Windows\MEMORY.DMP</div><div>2012-10-26 20:14 - 2010-08-17 05:22 - 00126562 ____A C:\Windows\PFRO.log</div><div>2012-10-26 19:49 - 2012-10-26 19:49 - 00275336 ____A C:\Windows\Minidump\102612-39234-01.dmp</div><div>2012-10-26 19:49 - 2010-08-16 17:30 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job</div><div>2012-10-21 21:05 - 2011-08-26 10:43 - 00000920 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-411804229-1992954851-3435353238-1001UA.job</div><div>2012-10-21 21:01 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</div><div>2012-10-21 21:01 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</div><div>2012-10-21 21:00 - 2009-07-13 21:13 - 00730512 ____A C:\Windows\System32\PerfStringBackup.INI</div><div>2012-10-21 20:58 - 2010-08-16 17:30 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job</div><div>2012-10-21 20:53 - 2012-10-21 20:53 - 01115152 ____A C:\Windows\Minidump\102112-45957-01.dmp</div><div>2012-10-18 16:27 - 2012-08-20 01:30 - 00000344 ____A C:\Windows\Tasks\HPCeeScheduleForCassovel.job</div><div>2012-10-18 15:30 - 2011-08-26 10:43 - 00000868 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-411804229-1992954851-3435353238-1001Core.job</div><div>2012-10-18 15:26 - 2012-04-29 11:51 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job</div><div>2012-10-12 21:06 - 2010-11-13 22:10 - 00000408 ___AH C:\Windows\Tasks\Norton Security Scan for Cassovel.job</div><div>2012-10-11 05:06 - 2010-08-21 14:09 - 65309168 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe</div><div>2012-10-11 05:05 - 2011-04-11 09:55 - 00002376 ____A C:\Users\Public\Desktop\Google Chrome.lnk</div><div>2012-10-08 17:26 - 2012-04-29 11:51 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe</div><div>2012-10-08 17:26 - 2011-05-23 17:26 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl</div><div>2012-10-03 05:01 - 2011-05-22 19:38 - 00001945 ____A C:\Windows\epplauncher.mif</div><div>2012-10-02 16:54 - 2010-08-15 15:32 - 00000544 ____A C:\Windows\Tasks\PCDRScheduledMaintenance.job</div><div>2012-10-02 15:49 - 2010-11-07 15:29 - 00023541 ____A C:\Windows\System32\lvcoinst.log</div><div>2012-09-27 12:29 - 2011-05-21 10:23 - 00174080 __ASH C:\Users\Cassovel\Desktop\Thumbs.db</div><div>2012-09-26 03:57 - 2011-03-18 01:06 - 00172032 ____A (Musiccity Co.Ltd.) C:\Windows\SysWOW64\muzapp.exe</div><div>2012-09-26 03:57 - 2011-03-18 01:06 - 00024576 ____A ((?)????) C:\Windows\SysWOW64\MASetupCleaner.exe</div><div>2012-09-19 20:35 - 2012-10-18 16:00 - 00203104 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys</div><div>2012-09-19 20:35 - 2012-10-18 16:00 - 00102368 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys</div><div>2012-09-18 12:47 - 2012-09-18 11:38 - 941387776 ____A C:\Users\Cassovel\Desktop\Food.Inc.XviD.AC3.MVGroup.org.avi</div><div>2012-09-14 11:19 - 2012-10-10 10:01 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll</div><div>2012-09-14 10:28 - 2012-10-10 10:01 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll</div><div>2012-08-31 10:19 - 2012-10-10 10:02 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys</div><div>2012-08-31 00:03 - 2012-08-31 00:03 - 00228768 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys</div><div>2012-08-31 00:03 - 2010-10-24 23:25 - 00128456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys</div><div>2012-08-30 10:03 - 2012-10-10 10:02 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe</div><div>2012-08-30 09:12 - 2012-10-10 10:02 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe</div><div>2012-08-30 09:12 - 2012-10-10 10:02 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe</div><div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033923 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.23</div><div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033923 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.22</div><div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033922 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.24</div><div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033916 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.25</div><div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033824 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.21</div><div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033815 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.20</div><div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033776 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.19</div><div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033774 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.11</div><div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033769 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.16</div><div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033765 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.18</div><div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033765 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.17</div><div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033762 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.12</div><div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033752 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.9</div><div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033752 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.15</div><div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033749 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.13</div><div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033741 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.6</div><div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033741 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.14</div><div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033736 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.10</div><div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033726 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.7</div><div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033724 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.8</div><div>2012-08-27 02:10 - 2012-08-27 02:11 - 00033837 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.5</div><div>2012-08-27 02:10 - 2012-08-27 02:10 - 00053472 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.4</div><div>2012-08-27 02:10 - 2012-08-27 02:10 - 00053472 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.0</div><div>2012-08-27 02:10 - 2012-08-27 02:10 - 00034034 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.3</div><div>2012-08-27 02:10 - 2012-08-27 02:10 - 00033387 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.1</div><div>2012-08-27 02:10 - 2012-08-27 02:10 - 00033106 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.2</div><div>2012-08-27 02:06 - 2012-08-27 02:06 - 01001264 ____A (Solid State Networks) C:\Users\Cassovel\Downloads\install_flashplayer11x32ax_mssa_au_aih.exe</div><div>2012-08-27 02:05 - 2012-08-27 02:05 - 00001705 ____A C:\Users\Cassovel\Desktop\Google Drive.lnk</div><div>2012-08-27 00:45 - 2012-08-27 00:45 - 00001915 ____A C:\Users\Public\Desktop\Samsung Kies.lnk</div><div>2012-08-27 00:15 - 2011-04-25 14:26 - 00001136 ____A C:\Users\Public\Desktop\Samsung Kies mini.lnk</div><div>2012-08-25 14:56 - 2012-01-25 06:38 - 00001976 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk</div><div>2012-08-24 10:05 - 2012-10-10 10:01 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll</div><div>2012-08-24 08:57 - 2012-10-10 10:01 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll</div><div>2012-08-24 03:15 - 2012-09-23 05:00 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll</div><div>2012-08-24 02:39 - 2012-09-23 05:00 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll</div><div>2012-08-24 02:31 - 2012-09-23 05:00 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll</div><div>2012-08-24 02:22 - 2012-09-23 05:00 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll</div><div>2012-08-24 02:21 - 2012-09-23 05:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll</div><div>2012-08-24 02:20 - 2012-09-23 05:00 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl</div><div>2012-08-24 02:18 - 2012-09-23 05:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll</div><div>2012-08-24 02:17 - 2012-09-23 05:00 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll</div><div>2012-08-24 02:14 - 2012-09-23 05:00 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll</div><div>2012-08-24 02:14 - 2012-09-23 05:00 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe</div><div>2012-08-24 02:13 - 2012-09-23 05:00 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll</div><div>2012-08-24 02:12 - 2012-09-23 05:00 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll</div><div>2012-08-24 02:11 - 2012-09-23 05:00 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll</div><div>2012-08-24 02:10 - 2012-09-23 05:00 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll</div><div>2012-08-24 02:09 - 2012-09-23 05:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb</div><div>2012-08-24 02:04 - 2012-09-23 05:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll</div><div>2012-08-24 00:09 - 2012-08-24 00:08 - 00265600 ____A C:\Windows\Minidump\082312-123412-01.dmp</div><div>2012-08-23 23:27 - 2012-09-23 05:00 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll</div><div>2012-08-23 23:03 - 2012-09-23 05:00 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll</div><div>2012-08-23 22:59 - 2012-09-23 05:00 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll</div><div>2012-08-23 22:51 - 2012-09-23 05:00 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl</div><div>2012-08-23 22:51 - 2012-09-23 05:00 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll</div><div>2012-08-23 22:51 - 2012-09-23 05:00 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll</div><div>2012-08-23 22:49 - 2012-09-23 05:00 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll</div><div>2012-08-23 22:48 - 2012-09-23 05:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll</div><div>2012-08-23 22:47 - 2012-09-23 05:00 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll</div><div>2012-08-23 22:47 - 2012-09-23 05:00 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll</div><div>2012-08-23 22:47 - 2012-09-23 05:00 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe</div><div>2012-08-23 22:45 - 2012-09-23 05:00 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll</div><div>2012-08-23 22:44 - 2012-09-23 05:00 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll</div><div>2012-08-23 22:44 - 2012-09-23 05:00 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll</div><div>2012-08-23 22:43 - 2012-09-23 05:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb</div><div>2012-08-23 22:40 - 2012-09-23 05:00 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll</div><div>2012-08-23 05:18 - 2009-07-13 20:45 - 00431064 ____A C:\Windows\System32\FNTCACHE.DAT</div><div>2012-08-22 10:12 - 2012-09-15 15:51 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys</div><div>2012-08-22 10:12 - 2012-09-15 15:51 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys</div><div>2012-08-22 10:12 - 2012-09-15 15:51 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys</div><div>2012-08-22 10:12 - 2012-09-15 15:51 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS</div><div>2012-08-21 13:01 - 2012-09-25 13:40 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe</div><div>2012-08-20 23:06 - 2010-11-17 20:35 - 00116896 ____A C:\Users\Cassovel\AppData\Local\GDIPFONTCACHEV1.DAT</div><div>2012-08-20 10:48 - 2012-10-10 10:02 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll</div><div>2012-08-20 10:48 - 2012-10-10 10:02 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll</div><div>2012-08-20 10:48 - 2012-10-10 10:02 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll</div><div>2012-08-20 10:48 - 2012-10-10 10:02 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll</div><div>2012-08-20 10:48 - 2012-10-10 10:02 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll</div><div>2012-08-20 10:48 - 2012-10-10 10:02 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll</div><div>2012-08-20 10:48 - 2012-10-10 10:02 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll</div><div>2012-08-20 10:46 - 2012-10-10 10:02 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe</div><div>2012-08-20 10:38 - 2012-10-10 10:02 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll</div><div>2012-08-20 10:38 - 2012-10-10 10:02 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll</div><div>2012-08-20 10:38 - 2012-10-10 10:02 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll</div><div>2012-08-20 10:38 - 2012-10-10 10:02 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll</div><div>2012-08-20 10:38 - 2012-10-10 10:02 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll</div><div>2012-08-20 10:38 - 2012-10-10 10:02 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll</div><div>2012-08-20 10:38 - 2012-10-10 10:02 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll</div><div>2012-08-20 10:38 - 2012-10-10 10:02 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll</div><div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll</div><div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll</div><div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll</div><div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll</div><div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll</div><div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll</div><div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll</div><div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll</div><div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll</div><div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll</div><div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll</div><div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll</div><div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll</div><div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll</div><div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll</div><div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll</div><div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll</div><div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll</div><div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll</div><div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll</div><div>2012-08-20 09:40 - 2012-10-10 10:02 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll</div><div>2012-08-20 09:38 - 2012-10-10 10:02 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe</div><div>2012-08-20 09:37 - 2012-10-10 10:02 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll</div><div>2012-08-20 09:37 - 2012-10-10 10:02 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll</div><div>2012-08-20 09:37 - 2012-10-10 10:02 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll</div><div>2012-08-20 09:32 - 2012-10-10 10:02 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll</div><div>2012-08-20 09:32 - 2012-10-10 10:02 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll</div><div>2012-08-20 09:32 - 2012-10-10 10:02 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll</div><div>2012-08-20 09:32 - 2012-10-10 10:02 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll</div><div>2012-08-20 09:32 - 2012-10-10 10:02 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll</div><div>2012-08-20 09:32 - 2012-10-10 10:02 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll</div><div>2012-08-20 09:32 - 2012-10-10 10:02 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll</div><div>2012-08-20 09:32 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll</div><div>2012-08-20 09:32 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll</div><div>2012-08-20 09:32 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll</div><div>2012-08-20 09:32 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll</div><div>2012-08-20 09:32 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll</div><div>2012-08-20 09:32 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll</div><div>2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll</div><div>2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll</div><div>2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll</div><div>2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll</div><div>2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll</div><div>2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll</div><div>2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll</div><div>2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll</div><div>2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll</div><div>2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll</div><div>2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll</div><div>2012-08-20 07:38 - 2012-10-10 10:02 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe</div><div>2012-08-20 07:38 - 2012-10-10 10:02 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe</div><div>2012-08-20 07:33 - 2012-10-10 10:02 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll</div><div>2012-08-20 07:33 - 2012-10-10 10:02 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll</div><div>2012-08-20 07:33 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll</div><div>2012-08-20 07:33 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll</div><div>2012-08-20 03:37 - 2012-08-20 03:37 - 00001859 ____A C:\Users\Cassovel\Desktop\Install ApproveIt Desktop.lnk</div><div>2012-08-20 02:47 - 2012-08-20 02:44 - 40046905 ____A C:\Users\Cassovel\Documents\AC62_AFR_Home_Use.zip</div><div>2012-08-20 02:04 - 2012-08-20 01:59 - 71935640 ____A (IBM ) C:\Users\Cassovel\Documents\Viewer_DSig_3.5.1.333.exe</div><div>2012-08-20 01:57 - 2012-08-20 01:55 - 27386256 ____A ( ) C:\Users\Cassovel\Documents\AdbeRdr930_en_US.exe</div><div>2012-08-19 22:01 - 2012-08-19 21:58 - 32886524 ____A C:\Users\Cassovel\Downloads\ActivClient62.zip</div><div>2012-08-19 21:56 - 2012-08-19 21:56 - 00138403 ____A C:\Users\Cassovel\Downloads\InstallRoot_v3.15A.zip</div><div>2012-08-19 21:55 - 2012-08-19 21:55 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf</div><div>2012-08-10 16:56 - 2012-10-10 10:01 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll</div><div>2012-08-10 15:56 - 2012-10-10 10:01 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll</div><div> </div><div>==================== Known DLLs (Whitelisted) =================</div><div> </div><div> </div><div>==================== Bamital & volsnap Check =================</div><div> </div><div>C:\Windows\System32\winlogon.exe => MD5 is legit</div><div>C:\Windows\System32\wininit.exe => MD5 is legit</div><div>C:\Windows\SysWOW64\wininit.exe => MD5 is legit</div><div>C:\Windows\explorer.exe => MD5 is legit</div><div>C:\Windows\SysWOW64\explorer.exe => MD5 is legit</div><div>C:\Windows\System32\svchost.exe => MD5 is legit</div><div>C:\Windows\SysWOW64\svchost.exe => MD5 is legit</div><div>C:\Windows\System32\services.exe => MD5 is legit</div><div>C:\Windows\System32\User32.dll => MD5 is legit</div><div>C:\Windows\SysWOW64\User32.dll => MD5 is legit</div><div>C:\Windows\System32\userinit.exe => MD5 is legit</div><div>C:\Windows\SysWOW64\userinit.exe => MD5 is legit</div><div>C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit</div><div> </div><div>TDL4: custom:26000022 <===== ATTENTION!</div><div> </div><div>==================== EXE ASSOCIATION =====================</div><div> </div><div>HKLM\...\.exe: exefile => OK</div><div>HKLM\...\exefile\DefaultIcon: %1 => OK</div><div>HKLM\...\exefile\open\command: "%1" %* => OK</div><div> </div><div>==================== Restore Points =========================</div><div> </div><div>Restore point made on: 2012-10-21 21:07:42</div><div>Restore point made on: 2012-10-26 15:44:18</div><div>Restore point made on: 2012-10-26 20:16:02</div><div>Restore point made on: 2012-10-26 20:45:39</div><div> </div><div>==================== Memory info =========================== </div><div> </div><div>Percentage of memory in use: 11%</div><div>Total physical RAM: 8151.08 MB</div><div>Available physical RAM: 7173.25 MB</div><div>Total Pagefile: 8149.23 MB</div><div>Available Pagefile: 7166.5 MB</div><div>Total Virtual: 8192 MB</div><div>Available Virtual: 8191.91 MB</div><div> </div><div>==================== Partitions =============================</div><div> </div><div>1 Drive c: (HP) (Fixed) (Total:920.36 GB) (Free:778.93 GB) NTFS</div><div>2 Drive e: (FACTORY_IMAGE) (Fixed) (Total:11.06 GB) (Free:1.59 GB) NTFS ==>[system with boot components (obtained from reading drive)]</div><div>4 Drive g: (WDO_MEDIA64) (Removable) (Total:3.77 GB) (Free:3.76 GB) FAT32</div><div>9 Drive x: (Boot) (Fixed) (Total:0.08 GB) (Free:0.07 GB) NTFS</div><div>10 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]</div><div>ATTENTION: Malware custom entry on BCD on drive y: detected. Check for MBR/Partition infection.</div><div> </div><div> Disk ### Status Size Free Dyn Gpt</div><div> -------- ------------- ------- ------- --- ---</div><div> Disk 0 Online 931 GB 0 B </div><div> Disk 1 Online 3864 MB 0 B </div><div> Disk 2 No Media 0 B 0 B </div><div> Disk 3 No Media 0 B 0 B </div><div> Disk 4 No Media 0 B 0 B </div><div> Disk 5 No Media 0 B 0 B </div><div> </div><div>Partitions of Disk 0:</div><div>===============</div><div> </div><div> Partition ### Type Size Offset</div><div> ------------- ---------------- ------- -------</div><div> Partition 1 Primary 100 MB 1024 KB</div><div> Partition 2 Primary 920 GB 101 MB</div><div> Partition 3 Primary 11 GB 920 GB</div><div> </div><div>==================================================================================</div><div> </div><div>Disk: 0</div><div>Partition 1</div><div>Type : 07</div><div>Hidden: No</div><div>Active: Yes</div><div> </div><div> Volume ### Ltr Label Fs Type Size Status Info</div><div> ---------- --- ----------- ----- ---------- ------- --------- --------</div><div>* Volume 1 Y SYSTEM NTFS Partition 100 MB Healthy </div><div> </div><div>=========================================================</div><div> </div><div>Disk: 0</div><div>Partition 2</div><div>Type : 07</div><div>Hidden: No</div><div>Active: No</div><div> </div><div> Volume ### Ltr Label Fs Type Size Status Info</div><div> ---------- --- ----------- ----- ---------- ------- --------- --------</div><div>* Volume 2 C HP NTFS Partition 920 GB Healthy </div><div> </div><div>=========================================================</div><div> </div><div>Disk: 0</div><div>Partition 3</div><div>Type : 07</div><div>Hidden: No</div><div>Active: No</div><div> </div><div> Volume ### Ltr Label Fs Type Size Status Info</div><div> ---------- --- ----------- ----- ---------- ------- --------- --------</div><div>* Volume 3 E FACTORY_IMA NTFS Partition 11 GB Healthy </div><div> </div><div>=========================================================</div><div> </div><div>Partitions of Disk 1:</div><div>===============</div><div> </div><div> Partition ### Type Size Offset</div><div> ------------- ---------------- ------- -------</div><div> Partition 1 Primary 3863 MB 31 KB</div><div> </div><div>==================================================================================</div><div> </div><div>Disk: 1</div><div>Partition 1</div><div>Type : 0B</div><div>Hidden: No</div><div>Active: Yes</div><div> </div><div> Volume ### Ltr Label Fs Type Size Status Info</div><div> ---------- --- ----------- ----- ---------- ------- --------- --------</div><div>* Volume 4 G WDO_MEDIA64 FAT32 Removable 3863 MB Healthy </div><div> </div><div>=========================================================</div><div> </div><div>Last Boot: 2012-11-02 19:18</div><div> </div><div>==================== End Of Log =============================</div> Link to post Share on other sites More sharing options...
cassovel Posted November 6, 2012 Author ID:610141 Share Posted November 6, 2012 <p>HTML thing again...</p><p> </p><p> </p><div>Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-10-2012 (ATTENTION: FRST version is 7 days old)</div><div>Ran by SYSTEM at 06-11-2012 11:02:18</div><div>Running from G:\</div><div>Windows 7 Home Premium (X64) OS Language: English(US) </div><div>The current controlset is ControlSet001</div><div> </div><div>==================== Registry (Whitelisted) ===================</div><div> </div><div>HKLM\...\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-16] (PC-Doctor, Inc.)</div><div>HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1289704 2012-09-12] (Microsoft Corporation)</div><div>HKLM\...\Run: [acevents] "C:\Program Files\ActivIdentity\ActivClient\acevents.exe" [197272 2012-06-21] (ActivIdentity)</div><div>HKLM\...\Run: [] [x]</div><div>HKLM\...\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe" [491160 2012-06-21] (ActivIdentity)</div><div>HKLM-x32\...\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)</div><div>HKLM-x32\...\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [x]</div><div>HKLM-x32\...\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)</div><div>HKLM-x32\...\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)</div><div>HKLM-x32\...\Run: [] [x]</div><div>HKLM-x32\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED [600936 2009-06-29] (Symantec Corporation)</div><div>HKLM-x32\...\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)</div><div>HKLM-x32\...\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [165208 2010-05-07] (Logitech Inc.)</div><div>HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-10-01] (Advanced Micro Devices, Inc.)</div><div>HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)</div><div>HKLM-x32\...\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)</div><div>HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)</div><div>HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)</div><div>HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)</div><div>HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated)</div><div>HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated)</div><div>HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)</div><div>HKLM-x32\...\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [309688 2012-10-10] (Samsung Electronics Co., Ltd.)</div><div>HKU\Cassovel\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-08-16] (Google Inc.)</div><div>HKU\Cassovel\...\Run: [Google Update] "C:\Users\Cassovel\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-08-05] (Google Inc.)</div><div>HKU\Cassovel\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)</div><div>HKU\Cassovel\...\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload [966072 2012-10-10] (Samsung)</div><div>HKU\Cassovel\...\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup [580096 2012-10-08] (Samsung Electronics)</div><div>HKU\Cassovel\...\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [842680 2012-10-10] (Samsung)</div><div>HKU\Cassovel\...\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart [15668432 2012-09-06] (Google)</div><div>HKU\Cassovel\...\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [842680 2012-10-10] (Samsung)</div><div>HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1685048 2009-09-29] (Hewlett-Packard)</div><div>HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1685048 2009-09-29] (Hewlett-Packard)</div><div>HKLM\...\Runonce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [x]</div><div>HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)</div><div>Tcpip\Parameters: [DhcpNameServer] 192.168.0.1</div><div>Startup: C:\Users\All Users\Start Menu\Programs\Startup\ActivClient Agent.lnk</div><div>ShortcutTarget: ActivClient Agent.lnk -> C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)</div><div>Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk</div><div>ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)</div><div>Startup: C:\Users\All Users\Start Menu\Programs\Startup\PictureMover.lnk</div><div>ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)</div><div> </div><div>==================== Services (Whitelisted) ===================</div><div> </div><div>2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277656 2012-06-21] (ActivIdentity)</div><div>4 D-Link SharePort Helper; "C:\Program Files\D-Link\SharePort Utility\Spnuhelper.exe" /service [49152 2011-04-12] ()</div><div>2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22072 2012-09-12] (Microsoft Corporation)</div><div>2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\diMaster.dll" /prefetch:1 [135032 2010-04-29] (Symantec Corporation)</div><div>3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [368896 2012-09-12] (Microsoft Corporation)</div><div> </div><div>==================== Drivers (Whitelisted) =====================</div><div> </div><div>1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20120928.001\BHDrvx64.sys [1385120 2012-08-31] (Symantec Corporation)</div><div>1 ccHP; C:\Windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys [593544 2011-08-03] (Symantec Corporation)</div><div>3 dgderdrv; C:\Windows\System32\Drivers\dgderdrv.sys [20552 2010-09-15] (Devguru Co., Ltd)</div><div>3 dgderdrv; C:\Windows\SysWow64\Drivers\dgderdrv.sys [20032 2011-03-29] (Devguru Co., Ltd)</div><div>1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-19] (Symantec Corporation)</div><div>3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-19] (Symantec Corporation)</div><div>1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20121017.001\IDSvia64.sys [513184 2012-08-31] (Symantec Corporation)</div><div>3 LVPr2M64; C:\Windows\System32\Drivers\LVPr2M64.sys [30304 2010-05-07] ()</div><div>3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()</div><div>0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [228768 2012-08-31] (Microsoft Corporation)</div><div>2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-31] (Microsoft Corporation)</div><div>1 SRTSP; C:\Windows\System32\Drivers\NISx64\1109000.00C\SRTSP64.SYS [505392 2010-04-21] (Symantec Corporation)</div><div>1 SRTSPX; C:\Windows\system32\drivers\NISx64\1109000.00C\SRTSPX64.SYS [32304 2010-04-21] (Symantec Corporation)</div><div>2 sxuptp; C:\Windows\System32\Drivers\sxuptp.sys [291336 2011-04-12] (silex technology, Inc.)</div><div>0 SymDS; C:\Windows\System32\drivers\NISx64\1109000.00C\SYMDS64.SYS [433200 2009-08-29] (Symantec Corporation)</div><div>0 SymEFA; C:\Windows\System32\drivers\NISx64\1109000.00C\SYMEFA64.SYS [221304 2011-08-21] (Symantec Corporation)</div><div>3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [173104 2010-08-15] (Symantec Corporation)</div><div>1 SymIRON; C:\Windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS [150064 2010-04-28] (Symantec Corporation)</div><div>1 SYMTDIv; C:\Windows\System32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS [451704 2011-08-21] (Symantec Corporation)</div><div>2 {55662437-DA8C-40c0-AADA-2C816A897A49}; \??\c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2009-09-17] (CyberLink Corp.)</div><div>3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20121020.007\ENG64.SYS [x]</div><div>3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20121020.007\EX64.SYS [x]</div><div> </div><div>==================== NetSvcs (Whitelisted) ====================</div><div> </div><div> </div><div>==================== One Month Created Files and Folders ========</div><div> </div><div>2012-11-04 11:34 - 2012-11-04 11:34 - 00000000 ____D C:\Windows\Microsoft Antimalware</div><div>2012-11-03 01:17 - 2012-11-03 01:18 - 00002951 ____A C:\Users\Cassovel\Desktop\Result.txt</div><div>2012-11-03 01:13 - 2012-11-03 01:13 - 00003043 ____A C:\Users\Cassovel\Desktop\RKreport[1].txt</div><div>2012-11-03 01:12 - 2012-11-03 01:13 - 00000000 ____D C:\Users\Cassovel\Desktop\RK_Quarantine</div><div>2012-11-03 00:53 - 2012-11-03 00:54 - 00031950 ____A C:\Users\Cassovel\Desktop\dds.txt</div><div>2012-11-03 00:53 - 2012-11-03 00:54 - 00019199 ____A C:\Users\Cassovel\Desktop\attach.txt</div><div>2012-10-29 13:41 - 2012-10-29 13:41 - 00000000 ____D C:\Users\All Users\Windows Genuine Advantage</div><div>2012-10-28 23:43 - 2012-11-03 09:45 - 00000000 ____D C:\Users\Cassovel\Desktop\Entry.aspx_files</div><div>2012-10-28 23:43 - 2012-10-28 23:43 - 00090790 ____A C:\Users\Cassovel\Desktop\Entry.aspx.htm</div><div>2012-10-26 20:52 - 2012-10-26 20:52 - 00000000 ____D C:\Users\Cassovel\AppData\Roaming\Malwarebytes</div><div>2012-10-26 20:51 - 2012-11-03 09:45 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware</div><div>2012-10-26 20:51 - 2012-10-26 20:51 - 00000000 ____D C:\Users\All Users\Malwarebytes</div><div>2012-10-26 20:19 - 2012-10-26 20:19 - 00000000 ____D C:\Windows\Sun</div><div>2012-10-26 20:15 - 2012-10-26 20:15 - 00275336 ____A C:\Windows\Minidump\102612-36987-01.dmp</div><div>2012-10-26 19:49 - 2012-10-26 19:49 - 00275336 ____A C:\Windows\Minidump\102612-39234-01.dmp</div><div>2012-10-22 04:25 - 2012-10-22 04:25 - 00000000 ____D C:\Users\Cassovel\AppData\Roaming\Tific</div><div>2012-10-22 04:25 - 2012-10-22 04:25 - 00000000 ____D C:\Users\Cassovel\AppData\Local\Symantec</div><div>2012-10-21 20:53 - 2012-10-21 20:53 - 01115152 ____A C:\Windows\Minidump\102112-45957-01.dmp</div><div>2012-10-18 16:39 - 2012-10-18 16:39 - 00000000 ____D C:\Users\Public\Documents\CrashDump</div><div>2012-10-18 16:01 - 2012-10-18 16:01 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log</div><div>2012-10-18 16:00 - 2012-09-19 20:35 - 00203104 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys</div><div>2012-10-18 16:00 - 2012-09-19 20:35 - 00102368 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys</div><div>2012-10-10 10:02 - 2012-08-31 10:19 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys</div><div>2012-10-10 10:02 - 2012-08-30 10:03 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe</div><div>2012-10-10 10:02 - 2012-08-30 09:12 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe</div><div>2012-10-10 10:02 - 2012-08-30 09:12 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe</div><div>2012-10-10 10:02 - 2012-08-20 10:48 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll</div><div>2012-10-10 10:02 - 2012-08-20 10:48 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll</div><div>2012-10-10 10:02 - 2012-08-20 10:48 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll</div><div>2012-10-10 10:02 - 2012-08-20 10:48 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll</div><div>2012-10-10 10:02 - 2012-08-20 10:48 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll</div><div>2012-10-10 10:02 - 2012-08-20 10:48 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll</div><div>2012-10-10 10:02 - 2012-08-20 10:48 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll</div><div>2012-10-10 10:02 - 2012-08-20 10:46 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe</div><div>2012-10-10 10:02 - 2012-08-20 10:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 10:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 09:40 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll</div><div>2012-10-10 10:02 - 2012-08-20 09:38 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe</div><div>2012-10-10 10:02 - 2012-08-20 09:37 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll</div><div>2012-10-10 10:02 - 2012-08-20 09:37 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll</div><div>2012-10-10 10:02 - 2012-08-20 09:37 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll</div><div>2012-10-10 10:02 - 2012-08-20 09:32 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 09:32 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 07:38 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe</div><div>2012-10-10 10:02 - 2012-08-20 07:38 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe</div><div>2012-10-10 10:02 - 2012-08-20 07:33 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 07:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 07:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll</div><div>2012-10-10 10:02 - 2012-08-20 07:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll</div><div>2012-10-10 10:01 - 2012-09-14 11:19 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll</div><div>2012-10-10 10:01 - 2012-09-14 10:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll</div><div>2012-10-10 10:01 - 2012-08-24 10:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll</div><div>2012-10-10 10:01 - 2012-08-24 08:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll</div><div>2012-10-10 10:01 - 2012-08-10 16:56 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll</div><div>2012-10-10 10:01 - 2012-08-10 15:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll</div><div>2012-10-10 10:01 - 2012-06-01 21:41 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll</div><div>2012-10-10 10:01 - 2012-06-01 21:41 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll</div><div>2012-10-10 10:01 - 2012-06-01 21:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll</div><div>2012-10-10 10:01 - 2012-06-01 20:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll</div><div>2012-10-10 10:01 - 2012-06-01 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll</div><div>2012-10-10 10:01 - 2012-06-01 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll</div><div> </div><div> </div><div>==================== 3 Months Modified Files ==================</div><div> </div><div>2012-11-03 01:18 - 2012-11-03 01:17 - 00002951 ____A C:\Users\Cassovel\Desktop\Result.txt</div><div>2012-11-03 01:13 - 2012-11-03 01:13 - 00003043 ____A C:\Users\Cassovel\Desktop\RKreport[1].txt</div><div>2012-11-03 00:54 - 2012-11-03 00:53 - 00031950 ____A C:\Users\Cassovel\Desktop\dds.txt</div><div>2012-11-03 00:54 - 2012-11-03 00:53 - 00019199 ____A C:\Users\Cassovel\Desktop\attach.txt</div><div>2012-10-28 23:43 - 2012-10-28 23:43 - 00090790 ____A C:\Users\Cassovel\Desktop\Entry.aspx.htm</div><div>2012-10-26 20:15 - 2012-10-26 20:15 - 00275336 ____A C:\Windows\Minidump\102612-36987-01.dmp</div><div>2012-10-26 20:15 - 2010-06-24 09:29 - 01311227 ____A C:\Windows\WindowsUpdate.log</div><div>2012-10-26 20:15 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT</div><div>2012-10-26 20:15 - 2009-07-13 20:51 - 00065163 ____A C:\Windows\setupact.log</div><div>2012-10-26 20:14 - 2011-07-17 23:17 - 594894212 ____A C:\Windows\MEMORY.DMP</div><div>2012-10-26 20:14 - 2010-08-17 05:22 - 00126562 ____A C:\Windows\PFRO.log</div><div>2012-10-26 19:49 - 2012-10-26 19:49 - 00275336 ____A C:\Windows\Minidump\102612-39234-01.dmp</div><div>2012-10-26 19:49 - 2010-08-16 17:30 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job</div><div>2012-10-21 21:05 - 2011-08-26 10:43 - 00000920 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-411804229-1992954851-3435353238-1001UA.job</div><div>2012-10-21 21:01 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</div><div>2012-10-21 21:01 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</div><div>2012-10-21 21:00 - 2009-07-13 21:13 - 00730512 ____A C:\Windows\System32\PerfStringBackup.INI</div><div>2012-10-21 20:58 - 2010-08-16 17:30 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job</div><div>2012-10-21 20:53 - 2012-10-21 20:53 - 01115152 ____A C:\Windows\Minidump\102112-45957-01.dmp</div><div>2012-10-18 16:27 - 2012-08-20 01:30 - 00000344 ____A C:\Windows\Tasks\HPCeeScheduleForCassovel.job</div><div>2012-10-18 15:30 - 2011-08-26 10:43 - 00000868 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-411804229-1992954851-3435353238-1001Core.job</div><div>2012-10-18 15:26 - 2012-04-29 11:51 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job</div><div>2012-10-12 21:06 - 2010-11-13 22:10 - 00000408 ___AH C:\Windows\Tasks\Norton Security Scan for Cassovel.job</div><div>2012-10-11 05:06 - 2010-08-21 14:09 - 65309168 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe</div><div>2012-10-11 05:05 - 2011-04-11 09:55 - 00002376 ____A C:\Users\Public\Desktop\Google Chrome.lnk</div><div>2012-10-08 17:26 - 2012-04-29 11:51 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe</div><div>2012-10-08 17:26 - 2011-05-23 17:26 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl</div><div>2012-10-03 05:01 - 2011-05-22 19:38 - 00001945 ____A C:\Windows\epplauncher.mif</div><div>2012-10-02 16:54 - 2010-08-15 15:32 - 00000544 ____A C:\Windows\Tasks\PCDRScheduledMaintenance.job</div><div>2012-10-02 15:49 - 2010-11-07 15:29 - 00023541 ____A C:\Windows\System32\lvcoinst.log</div><div>2012-09-27 12:29 - 2011-05-21 10:23 - 00174080 __ASH C:\Users\Cassovel\Desktop\Thumbs.db</div><div>2012-09-26 03:57 - 2011-03-18 01:06 - 00172032 ____A (Musiccity Co.Ltd.) C:\Windows\SysWOW64\muzapp.exe</div><div>2012-09-26 03:57 - 2011-03-18 01:06 - 00024576 ____A ((?)????) C:\Windows\SysWOW64\MASetupCleaner.exe</div><div>2012-09-19 20:35 - 2012-10-18 16:00 - 00203104 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys</div><div>2012-09-19 20:35 - 2012-10-18 16:00 - 00102368 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys</div><div>2012-09-18 12:47 - 2012-09-18 11:38 - 941387776 ____A C:\Users\Cassovel\Desktop\Food.Inc.XviD.AC3.MVGroup.org.avi</div><div>2012-09-14 11:19 - 2012-10-10 10:01 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll</div><div>2012-09-14 10:28 - 2012-10-10 10:01 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll</div><div>2012-08-31 10:19 - 2012-10-10 10:02 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys</div><div>2012-08-31 00:03 - 2012-08-31 00:03 - 00228768 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys</div><div>2012-08-31 00:03 - 2010-10-24 23:25 - 00128456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys</div><div>2012-08-30 10:03 - 2012-10-10 10:02 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe</div><div>2012-08-30 09:12 - 2012-10-10 10:02 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe</div><div>2012-08-30 09:12 - 2012-10-10 10:02 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe</div><div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033923 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.23</div><div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033923 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.22</div><div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033922 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.24</div><div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033916 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.25</div><div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033824 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.21</div><div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033815 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.20</div><div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033776 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.19</div><div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033774 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.11</div><div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033769 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.16</div><div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033765 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.18</div><div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033765 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.17</div><div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033762 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.12</div><div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033752 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.9</div><div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033752 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.15</div><div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033749 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.13</div><div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033741 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.6</div><div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033741 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.14</div><div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033736 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.10</div><div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033726 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.7</div><div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033724 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.8</div><div>2012-08-27 02:10 - 2012-08-27 02:11 - 00033837 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.5</div><div>2012-08-27 02:10 - 2012-08-27 02:10 - 00053472 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.4</div><div>2012-08-27 02:10 - 2012-08-27 02:10 - 00053472 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.0</div><div>2012-08-27 02:10 - 2012-08-27 02:10 - 00034034 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.3</div><div>2012-08-27 02:10 - 2012-08-27 02:10 - 00033387 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.1</div><div>2012-08-27 02:10 - 2012-08-27 02:10 - 00033106 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.2</div><div>2012-08-27 02:06 - 2012-08-27 02:06 - 01001264 ____A (Solid State Networks) C:\Users\Cassovel\Downloads\install_flashplayer11x32ax_mssa_au_aih.exe</div><div>2012-08-27 02:05 - 2012-08-27 02:05 - 00001705 ____A C:\Users\Cassovel\Desktop\Google Drive.lnk</div><div>2012-08-27 00:45 - 2012-08-27 00:45 - 00001915 ____A C:\Users\Public\Desktop\Samsung Kies.lnk</div><div>2012-08-27 00:15 - 2011-04-25 14:26 - 00001136 ____A C:\Users\Public\Desktop\Samsung Kies mini.lnk</div><div>2012-08-25 14:56 - 2012-01-25 06:38 - 00001976 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk</div><div>2012-08-24 10:05 - 2012-10-10 10:01 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll</div><div>2012-08-24 08:57 - 2012-10-10 10:01 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll</div><div>2012-08-24 03:15 - 2012-09-23 05:00 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll</div><div>2012-08-24 02:39 - 2012-09-23 05:00 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll</div><div>2012-08-24 02:31 - 2012-09-23 05:00 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll</div><div>2012-08-24 02:22 - 2012-09-23 05:00 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll</div><div>2012-08-24 02:21 - 2012-09-23 05:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll</div><div>2012-08-24 02:20 - 2012-09-23 05:00 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl</div><div>2012-08-24 02:18 - 2012-09-23 05:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll</div><div>2012-08-24 02:17 - 2012-09-23 05:00 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll</div><div>2012-08-24 02:14 - 2012-09-23 05:00 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll</div><div>2012-08-24 02:14 - 2012-09-23 05:00 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe</div><div>2012-08-24 02:13 - 2012-09-23 05:00 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll</div><div>2012-08-24 02:12 - 2012-09-23 05:00 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll</div><div>2012-08-24 02:11 - 2012-09-23 05:00 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll</div><div>2012-08-24 02:10 - 2012-09-23 05:00 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll</div><div>2012-08-24 02:09 - 2012-09-23 05:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb</div><div>2012-08-24 02:04 - 2012-09-23 05:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll</div><div>2012-08-24 00:09 - 2012-08-24 00:08 - 00265600 ____A C:\Windows\Minidump\082312-123412-01.dmp</div><div>2012-08-23 23:27 - 2012-09-23 05:00 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll</div><div>2012-08-23 23:03 - 2012-09-23 05:00 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll</div><div>2012-08-23 22:59 - 2012-09-23 05:00 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll</div><div>2012-08-23 22:51 - 2012-09-23 05:00 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl</div><div>2012-08-23 22:51 - 2012-09-23 05:00 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll</div><div>2012-08-23 22:51 - 2012-09-23 05:00 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll</div><div>2012-08-23 22:49 - 2012-09-23 05:00 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll</div><div>2012-08-23 22:48 - 2012-09-23 05:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll</div><div>2012-08-23 22:47 - 2012-09-23 05:00 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll</div><div>2012-08-23 22:47 - 2012-09-23 05:00 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll</div><div>2012-08-23 22:47 - 2012-09-23 05:00 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe</div><div>2012-08-23 22:45 - 2012-09-23 05:00 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll</div><div>2012-08-23 22:44 - 2012-09-23 05:00 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll</div><div>2012-08-23 22:44 - 2012-09-23 05:00 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll</div><div>2012-08-23 22:43 - 2012-09-23 05:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb</div><div>2012-08-23 22:40 - 2012-09-23 05:00 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll</div><div>2012-08-23 05:18 - 2009-07-13 20:45 - 00431064 ____A C:\Windows\System32\FNTCACHE.DAT</div><div>2012-08-22 10:12 - 2012-09-15 15:51 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys</div><div>2012-08-22 10:12 - 2012-09-15 15:51 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys</div><div>2012-08-22 10:12 - 2012-09-15 15:51 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys</div><div>2012-08-22 10:12 - 2012-09-15 15:51 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS</div><div>2012-08-21 13:01 - 2012-09-25 13:40 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe</div><div>2012-08-20 23:06 - 2010-11-17 20:35 - 00116896 ____A C:\Users\Cassovel\AppData\Local\GDIPFONTCACHEV1.DAT</div><div>2012-08-20 10:48 - 2012-10-10 10:02 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll</div><div>2012-08-20 10:48 - 2012-10-10 10:02 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll</div><div>2012-08-20 10:48 - 2012-10-10 10:02 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll</div><div>2012-08-20 10:48 - 2012-10-10 10:02 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll</div><div>2012-08-20 10:48 - 2012-10-10 10:02 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll</div><div>2012-08-20 10:48 - 2012-10-10 10:02 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll</div><div>2012-08-20 10:48 - 2012-10-10 10:02 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll</div><div>2012-08-20 10:46 - 2012-10-10 10:02 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe</div><div>2012-08-20 10:38 - 2012-10-10 10:02 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll</div><div>2012-08-20 10:38 - 2012-10-10 10:02 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll</div><div>2012-08-20 10:38 - 2012-10-10 10:02 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll</div><div>2012-08-20 10:38 - 2012-10-10 10:02 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll</div><div>2012-08-20 10:38 - 2012-10-10 10:02 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll</div><div>2012-08-20 10:38 - 2012-10-10 10:02 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll</div><div>2012-08-20 10:38 - 2012-10-10 10:02 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll</div><div>2012-08-20 10:38 - 2012-10-10 10:02 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll</div><div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll</div><div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll</div><div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll</div><div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll</div><div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll</div><div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll</div><div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll</div><div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll</div><div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll</div><div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll</div><div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll</div><div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll</div><div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll</div><div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll</div><div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll</div><div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll</div><div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll</div><div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll</div><div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll</div><div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll</div><div>2012-08-20 09:40 - 2012-10-10 10:02 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll</div><div>2012-08-20 09:38 - 2012-10-10 10:02 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe</div><div>2012-08-20 09:37 - 2012-10-10 10:02 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll</div><div>2012-08-20 09:37 - 2012-10-10 10:02 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll</div><div>2012-08-20 09:37 - 2012-10-10 10:02 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll</div><div>2012-08-20 09:32 - 2012-10-10 10:02 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll</div><div>2012-08-20 09:32 - 2012-10-10 10:02 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll</div><div>2012-08-20 09:32 - 2012-10-10 10:02 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll</div><div>2012-08-20 09:32 - 2012-10-10 10:02 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll</div><div>2012-08-20 09:32 - 2012-10-10 10:02 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll</div><div>2012-08-20 09:32 - 2012-10-10 10:02 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll</div><div>2012-08-20 09:32 - 2012-10-10 10:02 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll</div><div>2012-08-20 09:32 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll</div><div>2012-08-20 09:32 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll</div><div>2012-08-20 09:32 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll</div><div>2012-08-20 09:32 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll</div><div>2012-08-20 09:32 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll</div><div>2012-08-20 09:32 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll</div><div>2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll</div><div>2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll</div><div>2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll</div><div>2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll</div><div>2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll</div><div>2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll</div><div>2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll</div><div>2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll</div><div>2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll</div><div>2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll</div><div>2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll</div><div>2012-08-20 07:38 - 2012-10-10 10:02 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe</div><div>2012-08-20 07:38 - 2012-10-10 10:02 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe</div><div>2012-08-20 07:33 - 2012-10-10 10:02 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll</div><div>2012-08-20 07:33 - 2012-10-10 10:02 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll</div><div>2012-08-20 07:33 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll</div><div>2012-08-20 07:33 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll</div><div>2012-08-20 03:37 - 2012-08-20 03:37 - 00001859 ____A C:\Users\Cassovel\Desktop\Install ApproveIt Desktop.lnk</div><div>2012-08-20 02:47 - 2012-08-20 02:44 - 40046905 ____A C:\Users\Cassovel\Documents\AC62_AFR_Home_Use.zip</div><div>2012-08-20 02:04 - 2012-08-20 01:59 - 71935640 ____A (IBM ) C:\Users\Cassovel\Documents\Viewer_DSig_3.5.1.333.exe</div><div>2012-08-20 01:57 - 2012-08-20 01:55 - 27386256 ____A ( ) C:\Users\Cassovel\Documents\AdbeRdr930_en_US.exe</div><div>2012-08-19 22:01 - 2012-08-19 21:58 - 32886524 ____A C:\Users\Cassovel\Downloads\ActivClient62.zip</div><div>2012-08-19 21:56 - 2012-08-19 21:56 - 00138403 ____A C:\Users\Cassovel\Downloads\InstallRoot_v3.15A.zip</div><div>2012-08-19 21:55 - 2012-08-19 21:55 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf</div><div>2012-08-10 16:56 - 2012-10-10 10:01 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll</div><div>2012-08-10 15:56 - 2012-10-10 10:01 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll</div><div> </div><div>==================== Known DLLs (Whitelisted) =================</div><div> </div><div> </div><div>==================== Bamital & volsnap Check =================</div><div> </div><div>C:\Windows\System32\winlogon.exe => MD5 is legit</div><div>C:\Windows\System32\wininit.exe => MD5 is legit</div><div>C:\Windows\SysWOW64\wininit.exe => MD5 is legit</div><div>C:\Windows\explorer.exe => MD5 is legit</div><div>C:\Windows\SysWOW64\explorer.exe => MD5 is legit</div><div>C:\Windows\System32\svchost.exe => MD5 is legit</div><div>C:\Windows\SysWOW64\svchost.exe => MD5 is legit</div><div>C:\Windows\System32\services.exe => MD5 is legit</div><div>C:\Windows\System32\User32.dll => MD5 is legit</div><div>C:\Windows\SysWOW64\User32.dll => MD5 is legit</div><div>C:\Windows\System32\userinit.exe => MD5 is legit</div><div>C:\Windows\SysWOW64\userinit.exe => MD5 is legit</div><div>C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit</div><div> </div><div>TDL4: custom:26000022 <===== ATTENTION!</div><div> </div><div>==================== EXE ASSOCIATION =====================</div><div> </div><div>HKLM\...\.exe: exefile => OK</div><div>HKLM\...\exefile\DefaultIcon: %1 => OK</div><div>HKLM\...\exefile\open\command: "%1" %* => OK</div><div> </div><div>==================== Restore Points =========================</div><div> </div><div>Restore point made on: 2012-10-21 21:07:42</div><div>Restore point made on: 2012-10-26 15:44:18</div><div>Restore point made on: 2012-10-26 20:16:02</div><div>Restore point made on: 2012-10-26 20:45:39</div><div> </div><div>==================== Memory info =========================== </div><div> </div><div>Percentage of memory in use: 11%</div><div>Total physical RAM: 8151.08 MB</div><div>Available physical RAM: 7173.25 MB</div><div>Total Pagefile: 8149.23 MB</div><div>Available Pagefile: 7166.5 MB</div><div>Total Virtual: 8192 MB</div><div>Available Virtual: 8191.91 MB</div><div> </div><div>==================== Partitions =============================</div><div> </div><div>1 Drive c: (HP) (Fixed) (Total:920.36 GB) (Free:778.93 GB) NTFS</div><div>2 Drive e: (FACTORY_IMAGE) (Fixed) (Total:11.06 GB) (Free:1.59 GB) NTFS ==>[system with boot components (obtained from reading drive)]</div><div>4 Drive g: (WDO_MEDIA64) (Removable) (Total:3.77 GB) (Free:3.76 GB) FAT32</div><div>9 Drive x: (Boot) (Fixed) (Total:0.08 GB) (Free:0.07 GB) NTFS</div><div>10 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]</div><div>ATTENTION: Malware custom entry on BCD on drive y: detected. Check for MBR/Partition infection.</div><div> </div><div> Disk ### Status Size Free Dyn Gpt</div><div> -------- ------------- ------- ------- --- ---</div><div> Disk 0 Online 931 GB 0 B </div><div> Disk 1 Online 3864 MB 0 B </div><div> Disk 2 No Media 0 B 0 B </div><div> Disk 3 No Media 0 B 0 B </div><div> Disk 4 No Media 0 B 0 B </div><div> Disk 5 No Media 0 B 0 B </div><div> </div><div>Partitions of Disk 0:</div><div>===============</div><div> </div><div> Partition ### Type Size Offset</div><div> ------------- ---------------- ------- -------</div><div> Partition 1 Primary 100 MB 1024 KB</div><div> Partition 2 Primary 920 GB 101 MB</div><div> Partition 3 Primary 11 GB 920 GB</div><div> </div><div>==================================================================================</div><div> </div><div>Disk: 0</div><div>Partition 1</div><div>Type : 07</div><div>Hidden: No</div><div>Active: Yes</div><div> </div><div> Volume ### Ltr Label Fs Type Size Status Info</div><div> ---------- --- ----------- ----- ---------- ------- --------- --------</div><div>* Volume 1 Y SYSTEM NTFS Partition 100 MB Healthy </div><div> </div><div>=========================================================</div><div> </div><div>Disk: 0</div><div>Partition 2</div><div>Type : 07</div><div>Hidden: No</div><div>Active: No</div><div> </div><div> Volume ### Ltr Label Fs Type Size Status Info</div><div> ---------- --- ----------- ----- ---------- ------- --------- --------</div><div>* Volume 2 C HP NTFS Partition 920 GB Healthy </div><div> </div><div>=========================================================</div><div> </div><div>Disk: 0</div><div>Partition 3</div><div>Type : 07</div><div>Hidden: No</div><div>Active: No</div><div> </div><div> Volume ### Ltr Label Fs Type Size Status Info</div><div> ---------- --- ----------- ----- ---------- ------- --------- --------</div><div>* Volume 3 E FACTORY_IMA NTFS Partition 11 GB Healthy </div><div> </div><div>=========================================================</div><div> </div><div>Partitions of Disk 1:</div><div>===============</div><div> </div><div> Partition ### Type Size Offset</div><div> ------------- ---------------- ------- -------</div><div> Partition 1 Primary 3863 MB 31 KB</div><div> </div><div>==================================================================================</div><div> </div><div>Disk: 1</div><div>Partition 1</div><div>Type : 0B</div><div>Hidden: No</div><div>Active: Yes</div><div> </div><div> Volume ### Ltr Label Fs Type Size Status Info</div><div> ---------- --- ----------- ----- ---------- ------- --------- --------</div><div>* Volume 4 G WDO_MEDIA64 FAT32 Removable 3863 MB Healthy </div><div> </div><div>=========================================================</div><div> </div><div>Last Boot: 2012-11-02 19:18</div><div> </div><div>==================== End Of Log =============================</div> Link to post Share on other sites More sharing options...
cassovel Posted November 6, 2012 Author ID:610142 Share Posted November 6, 2012 Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-10-2012 (ATTENTION: FRST version is 7 days old)Ran by SYSTEM at 06-11-2012 11:02:18Running from G:\Windows 7 Home Premium (X64) OS Language: English(US) The current controlset is ControlSet001==================== Registry (Whitelisted) ===================HKLM\...\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-16] (PC-Doctor, Inc.)HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1289704 2012-09-12] (Microsoft Corporation)HKLM\...\Run: [acevents] "C:\Program Files\ActivIdentity\ActivClient\acevents.exe" [197272 2012-06-21] (ActivIdentity)HKLM\...\Run: [] [x]HKLM\...\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe" [491160 2012-06-21] (ActivIdentity)HKLM-x32\...\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)HKLM-x32\...\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [x]HKLM-x32\...\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)HKLM-x32\...\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)HKLM-x32\...\Run: [] [x]HKLM-x32\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED [600936 2009-06-29] (Symantec Corporation)HKLM-x32\...\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)HKLM-x32\...\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [165208 2010-05-07] (Logitech Inc.)HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-10-01] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)HKLM-x32\...\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated)HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)HKLM-x32\...\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [309688 2012-10-10] (Samsung Electronics Co., Ltd.)HKU\Cassovel\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-08-16] (Google Inc.)HKU\Cassovel\...\Run: [Google Update] "C:\Users\Cassovel\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-08-05] (Google Inc.)HKU\Cassovel\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)HKU\Cassovel\...\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload [966072 2012-10-10] (Samsung)HKU\Cassovel\...\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup [580096 2012-10-08] (Samsung Electronics)HKU\Cassovel\...\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [842680 2012-10-10] (Samsung)HKU\Cassovel\...\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart [15668432 2012-09-06] (Google)HKU\Cassovel\...\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [842680 2012-10-10] (Samsung)HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1685048 2009-09-29] (Hewlett-Packard)HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1685048 2009-09-29] (Hewlett-Packard)HKLM\...\Runonce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [x]HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)Tcpip\Parameters: [DhcpNameServer] 192.168.0.1Startup: C:\Users\All Users\Start Menu\Programs\Startup\ActivClient Agent.lnkShortcutTarget: ActivClient Agent.lnk -> C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnkShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)Startup: C:\Users\All Users\Start Menu\Programs\Startup\PictureMover.lnkShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)==================== Services (Whitelisted) ===================2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277656 2012-06-21] (ActivIdentity)4 D-Link SharePort Helper; "C:\Program Files\D-Link\SharePort Utility\Spnuhelper.exe" /service [49152 2011-04-12] ()2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22072 2012-09-12] (Microsoft Corporation)2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\diMaster.dll" /prefetch:1 [135032 2010-04-29] (Symantec Corporation)3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [368896 2012-09-12] (Microsoft Corporation)==================== Drivers (Whitelisted) =====================1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20120928.001\BHDrvx64.sys [1385120 2012-08-31] (Symantec Corporation)1 ccHP; C:\Windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys [593544 2011-08-03] (Symantec Corporation)3 dgderdrv; C:\Windows\System32\Drivers\dgderdrv.sys [20552 2010-09-15] (Devguru Co., Ltd)3 dgderdrv; C:\Windows\SysWow64\Drivers\dgderdrv.sys [20032 2011-03-29] (Devguru Co., Ltd)1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-19] (Symantec Corporation)3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-19] (Symantec Corporation)1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20121017.001\IDSvia64.sys [513184 2012-08-31] (Symantec Corporation)3 LVPr2M64; C:\Windows\System32\Drivers\LVPr2M64.sys [30304 2010-05-07] ()3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [228768 2012-08-31] (Microsoft Corporation)2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-31] (Microsoft Corporation)1 SRTSP; C:\Windows\System32\Drivers\NISx64\1109000.00C\SRTSP64.SYS [505392 2010-04-21] (Symantec Corporation)1 SRTSPX; C:\Windows\system32\drivers\NISx64\1109000.00C\SRTSPX64.SYS [32304 2010-04-21] (Symantec Corporation)2 sxuptp; C:\Windows\System32\Drivers\sxuptp.sys [291336 2011-04-12] (silex technology, Inc.)0 SymDS; C:\Windows\System32\drivers\NISx64\1109000.00C\SYMDS64.SYS [433200 2009-08-29] (Symantec Corporation)0 SymEFA; C:\Windows\System32\drivers\NISx64\1109000.00C\SYMEFA64.SYS [221304 2011-08-21] (Symantec Corporation)3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [173104 2010-08-15] (Symantec Corporation)1 SymIRON; C:\Windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS [150064 2010-04-28] (Symantec Corporation)1 SYMTDIv; C:\Windows\System32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS [451704 2011-08-21] (Symantec Corporation)2 {55662437-DA8C-40c0-AADA-2C816A897A49}; \??\c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2009-09-17] (CyberLink Corp.)3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20121020.007\ENG64.SYS [x]3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20121020.007\EX64.SYS [x]==================== NetSvcs (Whitelisted) ======================================== One Month Created Files and Folders ========2012-11-04 11:34 - 2012-11-04 11:34 - 00000000 ____D C:\Windows\Microsoft Antimalware2012-11-03 01:17 - 2012-11-03 01:18 - 00002951 ____A C:\Users\Cassovel\Desktop\Result.txt2012-11-03 01:13 - 2012-11-03 01:13 - 00003043 ____A C:\Users\Cassovel\Desktop\RKreport[1].txt2012-11-03 01:12 - 2012-11-03 01:13 - 00000000 ____D C:\Users\Cassovel\Desktop\RK_Quarantine2012-11-03 00:53 - 2012-11-03 00:54 - 00031950 ____A C:\Users\Cassovel\Desktop\dds.txt2012-11-03 00:53 - 2012-11-03 00:54 - 00019199 ____A C:\Users\Cassovel\Desktop\attach.txt2012-10-29 13:41 - 2012-10-29 13:41 - 00000000 ____D C:\Users\All Users\Windows Genuine Advantage2012-10-28 23:43 - 2012-11-03 09:45 - 00000000 ____D C:\Users\Cassovel\Desktop\Entry.aspx_files2012-10-28 23:43 - 2012-10-28 23:43 - 00090790 ____A C:\Users\Cassovel\Desktop\Entry.aspx.htm2012-10-26 20:52 - 2012-10-26 20:52 - 00000000 ____D C:\Users\Cassovel\AppData\Roaming\Malwarebytes2012-10-26 20:51 - 2012-11-03 09:45 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware2012-10-26 20:51 - 2012-10-26 20:51 - 00000000 ____D C:\Users\All Users\Malwarebytes2012-10-26 20:19 - 2012-10-26 20:19 - 00000000 ____D C:\Windows\Sun2012-10-26 20:15 - 2012-10-26 20:15 - 00275336 ____A C:\Windows\Minidump\102612-36987-01.dmp2012-10-26 19:49 - 2012-10-26 19:49 - 00275336 ____A C:\Windows\Minidump\102612-39234-01.dmp2012-10-22 04:25 - 2012-10-22 04:25 - 00000000 ____D C:\Users\Cassovel\AppData\Roaming\Tific2012-10-22 04:25 - 2012-10-22 04:25 - 00000000 ____D C:\Users\Cassovel\AppData\Local\Symantec2012-10-21 20:53 - 2012-10-21 20:53 - 01115152 ____A C:\Windows\Minidump\102112-45957-01.dmp2012-10-18 16:39 - 2012-10-18 16:39 - 00000000 ____D C:\Users\Public\Documents\CrashDump2012-10-18 16:01 - 2012-10-18 16:01 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log2012-10-18 16:00 - 2012-09-19 20:35 - 00203104 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys2012-10-18 16:00 - 2012-09-19 20:35 - 00102368 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys2012-10-10 10:02 - 2012-08-31 10:19 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys2012-10-10 10:02 - 2012-08-30 10:03 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe2012-10-10 10:02 - 2012-08-30 09:12 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe2012-10-10 10:02 - 2012-08-30 09:12 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe2012-10-10 10:02 - 2012-08-20 10:48 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll2012-10-10 10:02 - 2012-08-20 10:48 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll2012-10-10 10:02 - 2012-08-20 10:48 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll2012-10-10 10:02 - 2012-08-20 10:48 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll2012-10-10 10:02 - 2012-08-20 10:48 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll2012-10-10 10:02 - 2012-08-20 10:48 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll2012-10-10 10:02 - 2012-08-20 10:48 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll2012-10-10 10:02 - 2012-08-20 10:46 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe2012-10-10 10:02 - 2012-08-20 10:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 10:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 09:40 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll2012-10-10 10:02 - 2012-08-20 09:38 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe2012-10-10 10:02 - 2012-08-20 09:37 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll2012-10-10 10:02 - 2012-08-20 09:37 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll2012-10-10 10:02 - 2012-08-20 09:37 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll2012-10-10 10:02 - 2012-08-20 09:32 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 09:32 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 07:38 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe2012-10-10 10:02 - 2012-08-20 07:38 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe2012-10-10 10:02 - 2012-08-20 07:33 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 07:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 07:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll2012-10-10 10:02 - 2012-08-20 07:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll2012-10-10 10:01 - 2012-09-14 11:19 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll2012-10-10 10:01 - 2012-09-14 10:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll2012-10-10 10:01 - 2012-08-24 10:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll2012-10-10 10:01 - 2012-08-24 08:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll2012-10-10 10:01 - 2012-08-10 16:56 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll2012-10-10 10:01 - 2012-08-10 15:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll2012-10-10 10:01 - 2012-06-01 21:41 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll2012-10-10 10:01 - 2012-06-01 21:41 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll2012-10-10 10:01 - 2012-06-01 21:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll2012-10-10 10:01 - 2012-06-01 20:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll2012-10-10 10:01 - 2012-06-01 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll2012-10-10 10:01 - 2012-06-01 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll==================== 3 Months Modified Files ==================2012-11-03 01:18 - 2012-11-03 01:17 - 00002951 ____A C:\Users\Cassovel\Desktop\Result.txt2012-11-03 01:13 - 2012-11-03 01:13 - 00003043 ____A C:\Users\Cassovel\Desktop\RKreport[1].txt2012-11-03 00:54 - 2012-11-03 00:53 - 00031950 ____A C:\Users\Cassovel\Desktop\dds.txt2012-11-03 00:54 - 2012-11-03 00:53 - 00019199 ____A C:\Users\Cassovel\Desktop\attach.txt2012-10-28 23:43 - 2012-10-28 23:43 - 00090790 ____A C:\Users\Cassovel\Desktop\Entry.aspx.htm2012-10-26 20:15 - 2012-10-26 20:15 - 00275336 ____A C:\Windows\Minidump\102612-36987-01.dmp2012-10-26 20:15 - 2010-06-24 09:29 - 01311227 ____A C:\Windows\WindowsUpdate.log2012-10-26 20:15 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT2012-10-26 20:15 - 2009-07-13 20:51 - 00065163 ____A C:\Windows\setupact.log2012-10-26 20:14 - 2011-07-17 23:17 - 594894212 ____A C:\Windows\MEMORY.DMP2012-10-26 20:14 - 2010-08-17 05:22 - 00126562 ____A C:\Windows\PFRO.log2012-10-26 19:49 - 2012-10-26 19:49 - 00275336 ____A C:\Windows\Minidump\102612-39234-01.dmp2012-10-26 19:49 - 2010-08-16 17:30 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2012-10-21 21:05 - 2011-08-26 10:43 - 00000920 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-411804229-1992954851-3435353238-1001UA.job2012-10-21 21:01 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02012-10-21 21:01 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02012-10-21 21:00 - 2009-07-13 21:13 - 00730512 ____A C:\Windows\System32\PerfStringBackup.INI2012-10-21 20:58 - 2010-08-16 17:30 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2012-10-21 20:53 - 2012-10-21 20:53 - 01115152 ____A C:\Windows\Minidump\102112-45957-01.dmp2012-10-18 16:27 - 2012-08-20 01:30 - 00000344 ____A C:\Windows\Tasks\HPCeeScheduleForCassovel.job2012-10-18 15:30 - 2011-08-26 10:43 - 00000868 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-411804229-1992954851-3435353238-1001Core.job2012-10-18 15:26 - 2012-04-29 11:51 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job2012-10-12 21:06 - 2010-11-13 22:10 - 00000408 ___AH C:\Windows\Tasks\Norton Security Scan for Cassovel.job2012-10-11 05:06 - 2010-08-21 14:09 - 65309168 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe2012-10-11 05:05 - 2011-04-11 09:55 - 00002376 ____A C:\Users\Public\Desktop\Google Chrome.lnk2012-10-08 17:26 - 2012-04-29 11:51 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2012-10-08 17:26 - 2011-05-23 17:26 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2012-10-03 05:01 - 2011-05-22 19:38 - 00001945 ____A C:\Windows\epplauncher.mif2012-10-02 16:54 - 2010-08-15 15:32 - 00000544 ____A C:\Windows\Tasks\PCDRScheduledMaintenance.job2012-10-02 15:49 - 2010-11-07 15:29 - 00023541 ____A C:\Windows\System32\lvcoinst.log2012-09-27 12:29 - 2011-05-21 10:23 - 00174080 __ASH C:\Users\Cassovel\Desktop\Thumbs.db2012-09-26 03:57 - 2011-03-18 01:06 - 00172032 ____A (Musiccity Co.Ltd.) C:\Windows\SysWOW64\muzapp.exe2012-09-26 03:57 - 2011-03-18 01:06 - 00024576 ____A ((?)????) C:\Windows\SysWOW64\MASetupCleaner.exe2012-09-19 20:35 - 2012-10-18 16:00 - 00203104 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys2012-09-19 20:35 - 2012-10-18 16:00 - 00102368 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys2012-09-18 12:47 - 2012-09-18 11:38 - 941387776 ____A C:\Users\Cassovel\Desktop\Food.Inc.XviD.AC3.MVGroup.org.avi2012-09-14 11:19 - 2012-10-10 10:01 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll2012-09-14 10:28 - 2012-10-10 10:01 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll2012-08-31 10:19 - 2012-10-10 10:02 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys2012-08-31 00:03 - 2012-08-31 00:03 - 00228768 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys2012-08-31 00:03 - 2010-10-24 23:25 - 00128456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys2012-08-30 10:03 - 2012-10-10 10:02 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe2012-08-30 09:12 - 2012-10-10 10:02 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe2012-08-30 09:12 - 2012-10-10 10:02 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe2012-08-27 02:11 - 2012-08-27 02:11 - 00033923 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.232012-08-27 02:11 - 2012-08-27 02:11 - 00033923 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.222012-08-27 02:11 - 2012-08-27 02:11 - 00033922 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.242012-08-27 02:11 - 2012-08-27 02:11 - 00033916 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.252012-08-27 02:11 - 2012-08-27 02:11 - 00033824 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.212012-08-27 02:11 - 2012-08-27 02:11 - 00033815 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.202012-08-27 02:11 - 2012-08-27 02:11 - 00033776 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.192012-08-27 02:11 - 2012-08-27 02:11 - 00033774 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.112012-08-27 02:11 - 2012-08-27 02:11 - 00033769 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.162012-08-27 02:11 - 2012-08-27 02:11 - 00033765 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.182012-08-27 02:11 - 2012-08-27 02:11 - 00033765 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.172012-08-27 02:11 - 2012-08-27 02:11 - 00033762 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.122012-08-27 02:11 - 2012-08-27 02:11 - 00033752 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.92012-08-27 02:11 - 2012-08-27 02:11 - 00033752 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.152012-08-27 02:11 - 2012-08-27 02:11 - 00033749 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.132012-08-27 02:11 - 2012-08-27 02:11 - 00033741 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.62012-08-27 02:11 - 2012-08-27 02:11 - 00033741 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.142012-08-27 02:11 - 2012-08-27 02:11 - 00033736 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.102012-08-27 02:11 - 2012-08-27 02:11 - 00033726 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.72012-08-27 02:11 - 2012-08-27 02:11 - 00033724 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.82012-08-27 02:10 - 2012-08-27 02:11 - 00033837 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.52012-08-27 02:10 - 2012-08-27 02:10 - 00053472 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.42012-08-27 02:10 - 2012-08-27 02:10 - 00053472 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.02012-08-27 02:10 - 2012-08-27 02:10 - 00034034 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.32012-08-27 02:10 - 2012-08-27 02:10 - 00033387 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.12012-08-27 02:10 - 2012-08-27 02:10 - 00033106 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.22012-08-27 02:06 - 2012-08-27 02:06 - 01001264 ____A (Solid State Networks) C:\Users\Cassovel\Downloads\install_flashplayer11x32ax_mssa_au_aih.exe2012-08-27 02:05 - 2012-08-27 02:05 - 00001705 ____A C:\Users\Cassovel\Desktop\Google Drive.lnk2012-08-27 00:45 - 2012-08-27 00:45 - 00001915 ____A C:\Users\Public\Desktop\Samsung Kies.lnk2012-08-27 00:15 - 2011-04-25 14:26 - 00001136 ____A C:\Users\Public\Desktop\Samsung Kies mini.lnk2012-08-25 14:56 - 2012-01-25 06:38 - 00001976 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk2012-08-24 10:05 - 2012-10-10 10:01 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll2012-08-24 08:57 - 2012-10-10 10:01 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll2012-08-24 03:15 - 2012-09-23 05:00 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll2012-08-24 02:39 - 2012-09-23 05:00 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll2012-08-24 02:31 - 2012-09-23 05:00 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll2012-08-24 02:22 - 2012-09-23 05:00 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll2012-08-24 02:21 - 2012-09-23 05:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll2012-08-24 02:20 - 2012-09-23 05:00 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl2012-08-24 02:18 - 2012-09-23 05:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll2012-08-24 02:17 - 2012-09-23 05:00 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll2012-08-24 02:14 - 2012-09-23 05:00 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll2012-08-24 02:14 - 2012-09-23 05:00 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe2012-08-24 02:13 - 2012-09-23 05:00 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll2012-08-24 02:12 - 2012-09-23 05:00 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll2012-08-24 02:11 - 2012-09-23 05:00 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll2012-08-24 02:10 - 2012-09-23 05:00 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll2012-08-24 02:09 - 2012-09-23 05:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb2012-08-24 02:04 - 2012-09-23 05:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll2012-08-24 00:09 - 2012-08-24 00:08 - 00265600 ____A C:\Windows\Minidump\082312-123412-01.dmp2012-08-23 23:27 - 2012-09-23 05:00 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2012-08-23 23:03 - 2012-09-23 05:00 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2012-08-23 22:59 - 2012-09-23 05:00 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2012-08-23 22:51 - 2012-09-23 05:00 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2012-08-23 22:51 - 2012-09-23 05:00 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2012-08-23 22:51 - 2012-09-23 05:00 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2012-08-23 22:49 - 2012-09-23 05:00 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll2012-08-23 22:48 - 2012-09-23 05:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2012-08-23 22:47 - 2012-09-23 05:00 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2012-08-23 22:47 - 2012-09-23 05:00 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2012-08-23 22:47 - 2012-09-23 05:00 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2012-08-23 22:45 - 2012-09-23 05:00 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2012-08-23 22:44 - 2012-09-23 05:00 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2012-08-23 22:44 - 2012-09-23 05:00 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2012-08-23 22:43 - 2012-09-23 05:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2012-08-23 22:40 - 2012-09-23 05:00 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2012-08-23 05:18 - 2009-07-13 20:45 - 00431064 ____A C:\Windows\System32\FNTCACHE.DAT2012-08-22 10:12 - 2012-09-15 15:51 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys2012-08-22 10:12 - 2012-09-15 15:51 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys2012-08-22 10:12 - 2012-09-15 15:51 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys2012-08-22 10:12 - 2012-09-15 15:51 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS2012-08-21 13:01 - 2012-09-25 13:40 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe2012-08-20 23:06 - 2010-11-17 20:35 - 00116896 ____A C:\Users\Cassovel\AppData\Local\GDIPFONTCACHEV1.DAT2012-08-20 10:48 - 2012-10-10 10:02 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll2012-08-20 10:48 - 2012-10-10 10:02 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll2012-08-20 10:48 - 2012-10-10 10:02 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll2012-08-20 10:48 - 2012-10-10 10:02 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll2012-08-20 10:48 - 2012-10-10 10:02 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll2012-08-20 10:48 - 2012-10-10 10:02 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll2012-08-20 10:48 - 2012-10-10 10:02 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll2012-08-20 10:46 - 2012-10-10 10:02 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe2012-08-20 10:38 - 2012-10-10 10:02 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll2012-08-20 10:38 - 2012-10-10 10:02 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll2012-08-20 10:38 - 2012-10-10 10:02 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll2012-08-20 10:38 - 2012-10-10 10:02 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll2012-08-20 10:38 - 2012-10-10 10:02 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll2012-08-20 10:38 - 2012-10-10 10:02 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll2012-08-20 10:38 - 2012-10-10 10:02 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll2012-08-20 10:38 - 2012-10-10 10:02 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll2012-08-20 10:38 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll2012-08-20 10:38 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll2012-08-20 10:38 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll2012-08-20 10:38 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll2012-08-20 10:38 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll2012-08-20 10:38 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll2012-08-20 10:38 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll2012-08-20 09:40 - 2012-10-10 10:02 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll2012-08-20 09:38 - 2012-10-10 10:02 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe2012-08-20 09:37 - 2012-10-10 10:02 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll2012-08-20 09:37 - 2012-10-10 10:02 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll2012-08-20 09:37 - 2012-10-10 10:02 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll2012-08-20 09:32 - 2012-10-10 10:02 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll2012-08-20 09:32 - 2012-10-10 10:02 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll2012-08-20 09:32 - 2012-10-10 10:02 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll2012-08-20 09:32 - 2012-10-10 10:02 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll2012-08-20 09:32 - 2012-10-10 10:02 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll2012-08-20 09:32 - 2012-10-10 10:02 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll2012-08-20 09:32 - 2012-10-10 10:02 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll2012-08-20 09:32 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll2012-08-20 09:32 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll2012-08-20 09:32 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll2012-08-20 09:32 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll2012-08-20 09:32 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll2012-08-20 09:32 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll2012-08-20 07:38 - 2012-10-10 10:02 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe2012-08-20 07:38 - 2012-10-10 10:02 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe2012-08-20 07:33 - 2012-10-10 10:02 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll2012-08-20 07:33 - 2012-10-10 10:02 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll2012-08-20 07:33 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll2012-08-20 07:33 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll2012-08-20 03:37 - 2012-08-20 03:37 - 00001859 ____A C:\Users\Cassovel\Desktop\Install ApproveIt Desktop.lnk2012-08-20 02:47 - 2012-08-20 02:44 - 40046905 ____A C:\Users\Cassovel\Documents\AC62_AFR_Home_Use.zip2012-08-20 02:04 - 2012-08-20 01:59 - 71935640 ____A (IBM ) C:\Users\Cassovel\Documents\Viewer_DSig_3.5.1.333.exe2012-08-20 01:57 - 2012-08-20 01:55 - 27386256 ____A ( ) C:\Users\Cassovel\Documents\AdbeRdr930_en_US.exe2012-08-19 22:01 - 2012-08-19 21:58 - 32886524 ____A C:\Users\Cassovel\Downloads\ActivClient62.zip2012-08-19 21:56 - 2012-08-19 21:56 - 00138403 ____A C:\Users\Cassovel\Downloads\InstallRoot_v3.15A.zip2012-08-19 21:55 - 2012-08-19 21:55 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf2012-08-10 16:56 - 2012-10-10 10:01 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll2012-08-10 15:56 - 2012-10-10 10:01 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll==================== Known DLLs (Whitelisted) ===================================== Bamital & volsnap Check =================C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legitTDL4: custom:26000022 <===== ATTENTION!==================== EXE ASSOCIATION =====================HKLM\...\.exe: exefile => OKHKLM\...\exefile\DefaultIcon: %1 => OKHKLM\...\exefile\open\command: "%1" %* => OK==================== Restore Points =========================Restore point made on: 2012-10-21 21:07:42Restore point made on: 2012-10-26 15:44:18Restore point made on: 2012-10-26 20:16:02Restore point made on: 2012-10-26 20:45:39==================== Memory info =========================== Percentage of memory in use: 11%Total physical RAM: 8151.08 MBAvailable physical RAM: 7173.25 MBTotal Pagefile: 8149.23 MBAvailable Pagefile: 7166.5 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.91 MB==================== Partitions =============================1 Drive c: (HP) (Fixed) (Total:920.36 GB) (Free:778.93 GB) NTFS2 Drive e: (FACTORY_IMAGE) (Fixed) (Total:11.06 GB) (Free:1.59 GB) NTFS ==>[system with boot components (obtained from reading drive)]4 Drive g: (WDO_MEDIA64) (Removable) (Total:3.77 GB) (Free:3.76 GB) FAT329 Drive x: (Boot) (Fixed) (Total:0.08 GB) (Free:0.07 GB) NTFS10 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]ATTENTION: Malware custom entry on BCD on drive y: detected. Check for MBR/Partition infection. Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 931 GB 0 B Disk 1 Online 3864 MB 0 B Disk 2 No Media 0 B 0 B Disk 3 No Media 0 B 0 B Disk 4 No Media 0 B 0 B Disk 5 No Media 0 B 0 B Partitions of Disk 0:=============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 100 MB 1024 KB Partition 2 Primary 920 GB 101 MB Partition 3 Primary 11 GB 920 GB==================================================================================Disk: 0Partition 1Type : 07Hidden: NoActive: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 1 Y SYSTEM NTFS Partition 100 MB Healthy =========================================================Disk: 0Partition 2Type : 07Hidden: NoActive: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 2 C HP NTFS Partition 920 GB Healthy =========================================================Disk: 0Partition 3Type : 07Hidden: NoActive: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 3 E FACTORY_IMA NTFS Partition 11 GB Healthy =========================================================Partitions of Disk 1:=============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 3863 MB 31 KB==================================================================================Disk: 1Partition 1Type : 0BHidden: NoActive: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 4 G WDO_MEDIA64 FAT32 Removable 3863 MB Healthy =========================================================Last Boot: 2012-11-02 19:18==================== End Of Log ============================= Link to post Share on other sites More sharing options...
Maniac Posted November 6, 2012 ID:610163 Share Posted November 6, 2012 Open Notepad (Start => All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open Notepad and select Paste). Save it on the flashdrive as fixlist.txtstartTDL4: custom:26000022 <===== ATTENTION!endNOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating systemNow please enter System Recovery Options then select Command PromptRun FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.Reboot Normally. Link to post Share on other sites More sharing options...
cassovel Posted November 7, 2012 Author ID:610274 Share Posted November 7, 2012 fixlog.txtFix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-10-2012Ran by SYSTEM at 2012-11-06 19:22:13 Run:2Running from G:\==============================================The operation completed successfully.The operation completed successfully.==== End of Fixlog ====also the computer turned on and no blue screen.. awesome what next lol Link to post Share on other sites More sharing options...
Maniac Posted November 7, 2012 ID:610317 Share Posted November 7, 2012 Generate a new fresh DDS log files. Link to post Share on other sites More sharing options...
cassovel Posted November 8, 2012 Author ID:610818 Share Posted November 8, 2012 DDS (Ver_2012-11-05.02) - NTFS_AMD64Internet Explorer: 9.0.8112.16450 BrowserJavaVersion: 10.9.2Run by Cassovel at 23:36:52 on 2012-11-06Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8151.5758 [GMT -10:00].AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\atieclxx.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\ActivIdentity\ActivClient\acevents.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Windows\SysWOW64\svchost.exe -k hpdevmgmtC:\Windows\System32\svchost.exe -k HPZ12C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\svchost.exe -k HPServiceC:\Windows\system32\WUDFHost.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\SearchIndexer.exeC:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler64.exeC:\Windows\system32\taskhost.exeC:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exec:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exeC:\Program Files\ActivIdentity\ActivClient\acevents.exeC:\Program Files\ActivIdentity\ActivClient\accrdsub.exeC:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exeC:\Program Files (x86)\Samsung\Kies\Kies.exeC:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exeC:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exeC:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exeC:\Program Files (x86)\Google\Drive\googledrivesync.exeC:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exeC:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exeC:\Program Files\ActivIdentity\ActivClient\acsagent.exeC:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exeC:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exeC:\Program Files (x86)\Google\Drive\googledrivesync.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exeC:\Program Files\iPod\bin\iPodService.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.google.com/mWinlogon: Userinit = userinit.exe,BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\hp\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dllBHO: PE_IE_Helper Class: {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files (x86)\IBM\Lotus Forms\Viewer\3.5\PEhelper.dllBHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\CoIEPlg.dllBHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\IPS\IPSBHO.dllBHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLLBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllBHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllBHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLLBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllBHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dllTB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllTB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllTB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\CoIEPlg.dllEB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\hp\Digital Imaging\Smart Web Printing\hpswp_bho.dllEB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\hp\Digital Imaging\Smart Web Printing\hpswp_bho.dlluRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"uRun: [Google Update] "C:\Users\Cassovel\AppData\Local\Google\Update\GoogleUpdate.exe" /cuRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exeuRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preloaduRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startupuRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exeuRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostartuRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exemRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exemRun: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exemRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exemRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exemRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDEDmRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServicesmRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunmRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exemRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exemRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exemRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silentStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ACTIVC~1.LNK - C:\Program Files\ActivIdentity\ActivClient\acsagent.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exemPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllIE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dllDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cabDPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabTCP: NameServer = 192.168.0.1TCP: Interfaces\{F46FA383-ABBB-4A7D-954C-E3A36BCFBB5B} : DHCPNameServer = 192.168.0.1TCP: Interfaces\{F46FA383-ABBB-4A7D-954C-E3A36BCFBB5B}\36163737F66756C6 : DHCPNameServer = 24.25.227.55 209.18.47.61 24.25.227.53Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllSSODL: WebCheck - <orphaned>SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLLx64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLLx64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLLx64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exex64-Run: [acevents] "C:\Program Files\ActivIdentity\ActivClient\acevents.exe"x64-Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllx64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLx64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-SSODL: WebCheck - <orphaned>x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Cassovel\AppData\Roaming\Mozilla\Firefox\Profiles\ruvvtxuz.default\FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/FF - prefs.js: keyword.URL - hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=sf&tbid=80001&language=en&qkw=FF - prefs.js: network.proxy.type - 0FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dllFF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\components\coFFPlgn.dllFF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dllFF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLLFF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLLFF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dllFF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dllFF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npclntax_HBLiteSA.dllFF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dllFF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npmfv.dllFF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dllFF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - plugin: C:\Users\Cassovel\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dllFF - plugin: C:\Users\Cassovel\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dllFF - plugin: C:\Users\Cassovel\AppData\Roaming\Mozilla\plugins\npgoogletalk.dllFF - plugin: C:\Users\Cassovel\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dllFF - plugin: C:\Windows\SysWOW64\npDeployJava1.dllFF - plugin: C:\Windows\SysWOW64\npmproxy.dllFF - ExtSQL: 2012-10-21 16:51; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}FF - ExtSQL: !HIDDEN! 2011-07-22 17:01; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3.---- FIREFOX POLICIES ----FF - user.js: yahoo.ytff.general.dontshowhpoffer - true.============= SERVICES / DRIVERS ===============.R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1402000.013\SymDS64.sys [2012-11-6 493216]R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1402000.013\SymEFA64.sys [2012-11-6 1133216]R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20121030.002\BHDrvx64.sys [2012-10-24 1385632]R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1402000.013\ccSetx64.sys [2012-11-6 168096]R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20121106.002\IDSviA64.sys [2012-11-6 513184]R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1402000.013\Ironx64.sys [2012-11-6 224416]R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1402000.013\symnets.sys [2012-11-6 432800]R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/03/19 09:30:21];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2010-3-19 146928]R2 ac.sharedstore;ActivIdentity Shared Store Service;C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [2012-6-20 277656]R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-9-8 203776]R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-3-19 13336]R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe [2012-11-6 143928]R2 sxuptp;SXUPTP Driver;C:\Windows\System32\drivers\sxuptp.sys [2009-7-3 291336]R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-3-19 56344]R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]R3 LVUVC64;Logitech Webcam C210(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2010-3-19 763904]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-3-19 239616]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-10-18 102368]S3 dgderdrv;dgderdrv;C:\Windows\System32\drivers\dgderdrv.sys [2010-9-14 20552]S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-23 138912]S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-11-21 48488]S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-10-26 32768]S3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\System32\drivers\lvpopf64.sys [2010-7-27 271712]S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2012-10-18 203104]S3 TFsExDisk;TFsExDisk;C:\Windows\System32\drivers\TFsExDisk.sys [2010-10-7 16392]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-20 59392]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-17 1255736]S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2009-2-13 14464]S4 D-Link SharePort Helper;D-Link SharePort Helper;C:\Program Files\D-Link\SharePort Utility\Spnuhelper.exe [2011-4-12 49152]S4 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184].=============== Created Last 30 ================.2012-11-07 09:27:37 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys2012-11-07 07:55:39 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll2012-11-07 07:55:27 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll2012-11-07 07:36:07 776864 ----a-r- C:\Windows\System32\drivers\NISx64\1402000.013\srtsp64.sys2012-11-07 07:36:07 493216 ----a-r- C:\Windows\System32\drivers\NISx64\1402000.013\SymDS64.sys2012-11-07 07:36:07 432800 ----a-r- C:\Windows\System32\drivers\NISx64\1402000.013\symnets.sys2012-11-07 07:36:07 37496 ----a-r- C:\Windows\System32\drivers\NISx64\1402000.013\srtspx64.sys2012-11-07 07:36:07 23448 ----a-r- C:\Windows\System32\drivers\NISx64\1402000.013\SymELAM.sys2012-11-07 07:36:07 224416 ----a-r- C:\Windows\System32\drivers\NISx64\1402000.013\Ironx64.sys2012-11-07 07:36:07 168096 ----a-r- C:\Windows\System32\drivers\NISx64\1402000.013\ccSetx64.sys2012-11-07 07:36:07 1133216 ----a-r- C:\Windows\System32\drivers\NISx64\1402000.013\SymEFA64.sys2012-11-07 07:35:57 -------- d-----w- C:\Windows\System32\drivers\NISx64\1402000.0132012-11-04 23:45:27 -------- d-----w- C:\FRST2012-11-04 19:34:41 -------- d-----w- C:\Windows\Microsoft Antimalware2012-10-27 04:52:01 -------- d-----w- C:\Users\Cassovel\AppData\Roaming\Malwarebytes2012-10-27 04:51:53 -------- d-----w- C:\ProgramData\Malwarebytes2012-10-27 04:51:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2012-10-22 12:25:24 -------- d-----w- C:\Users\Cassovel\AppData\Roaming\Tific2012-10-22 12:25:23 -------- d-----w- C:\Users\Cassovel\AppData\Local\Symantec2012-10-19 00:00:23 203104 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys2012-10-19 00:00:23 102368 ----a-w- C:\Windows\System32\drivers\ssudbus.sys2012-10-10 18:01:53 220160 ----a-w- C:\Windows\System32\wintrust.dll2012-10-10 18:01:52 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll2012-10-10 18:01:45 2048 ----a-w- C:\Windows\SysWow64\tzres.dll2012-10-10 18:01:45 2048 ----a-w- C:\Windows\System32\tzres.dll2012-10-10 18:01:28 715776 ----a-w- C:\Windows\System32\kerberos.dll2012-10-10 18:01:28 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll2012-10-10 18:01:23 1464320 ----a-w- C:\Windows\System32\crypt32.dll2012-10-10 18:01:23 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll2012-10-10 18:01:22 184320 ----a-w- C:\Windows\System32\cryptsvc.dll2012-10-10 18:01:22 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll2012-10-10 18:01:22 140288 ----a-w- C:\Windows\System32\cryptnet.dll2012-10-10 18:01:21 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll.==================== Find3M ====================.2012-11-07 07:55:13 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll2012-11-07 07:36:47 177312 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS2012-10-09 01:26:37 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2012-10-09 01:26:37 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2012-09-26 11:57:14 24576 ----a-w- C:\Windows\SysWow64\MASetupCleaner.exe2012-09-26 11:57:14 172032 ----a-w- C:\Windows\SysWow64\muzapp.exe2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll.============= FINISH: 23:37:21.56 =============== Link to post Share on other sites More sharing options...
Maniac Posted November 8, 2012 ID:610894 Share Posted November 8, 2012 Good!Launch Malwarebytes' Anti-MalwareGo to Update tab and select Check for Updates. If an update is found, it will download and install the latest version. Go to Scanner tab and select Perform Quick Scan, then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately. Link to post Share on other sites More sharing options...
cassovel Posted November 8, 2012 Author ID:610904 Share Posted November 8, 2012 Malwarebytes Anti-Malware (Trial) 1.65.1.1000www.malwarebytes.orgDatabase version: v2012.11.08.10Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421Cassovel :: CASSOVEL-PC [administrator]Protection: Disabled11/8/2012 1:05:42 PMmbam-log-2012-11-08 (13-05-42).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 209774Time elapsed: 1 minute(s), 50 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end) Link to post Share on other sites More sharing options...
cassovel Posted November 9, 2012 Author ID:611202 Share Posted November 9, 2012 following the original post that requested the TDSSKiller log, it will be in multiple posts because of the size:07:57:52.0989 0404 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:3507:57:53.0446 0404 ============================================================07:57:53.0446 0404 Current date / time: 2012/11/09 07:57:53.044607:57:53.0446 0404 SystemInfo:07:57:53.0446 0404 07:57:53.0446 0404 OS Version: 6.1.7601 ServicePack: 1.007:57:53.0446 0404 Product type: Workstation07:57:53.0446 0404 ComputerName: CASSOVEL-PC07:57:53.0446 0404 UserName: Cassovel07:57:53.0446 0404 Windows directory: C:\Windows07:57:53.0446 0404 System windows directory: C:\Windows07:57:53.0447 0404 Running under WOW6407:57:53.0447 0404 Processor architecture: Intel x6407:57:53.0447 0404 Number of processors: 807:57:53.0447 0404 Page size: 0x100007:57:53.0447 0404 Boot type: Normal boot07:57:53.0447 0404 ============================================================07:57:53.0900 0404 BG loaded07:57:54.0334 0404 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000004007:57:54.0368 0404 ============================================================07:57:54.0368 0404 \Device\Harddisk0\DR0:07:57:54.0368 0404 MBR partitions:07:57:54.0368 0404 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3200007:57:54.0368 0404 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x730B680007:57:54.0368 0404 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x730E9000, BlocksNum 0x161D00007:57:54.0368 0404 ============================================================07:57:54.0454 0404 C: <-> \Device\Harddisk0\DR0\Partition207:57:54.0566 0404 D: <-> \Device\Harddisk0\DR0\Partition307:57:54.0567 0404 ============================================================07:57:54.0567 0404 Initialize success07:57:54.0567 0404 ============================================================07:58:09.0286 3688 ============================================================07:58:09.0286 3688 Scan started07:58:09.0286 3688 Mode: Manual; SigCheck; TDLFS; 07:58:09.0286 3688 ============================================================07:58:10.0180 3688 ================ Scan system memory ========================07:58:10.0180 3688 System memory - ok07:58:10.0181 3688 ================ Scan services =============================07:58:10.0444 3688 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys07:58:10.0553 3688 1394ohci - ok07:58:10.0660 3688 [ 9A9BFE6E4BF48E3F2F6313F42D491C90 ] ac.sharedstore C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe07:58:10.0701 3688 ac.sharedstore - ok07:58:10.0733 3688 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys07:58:10.0777 3688 ACPI - ok07:58:10.0826 3688 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys07:58:10.0870 3688 AcpiPmi - ok07:58:11.0006 3688 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe07:58:11.0044 3688 AdobeFlashPlayerUpdateSvc - ok07:58:11.0090 3688 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys07:58:11.0139 3688 adp94xx - ok07:58:11.0186 3688 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys07:58:11.0230 3688 adpahci - ok07:58:11.0264 3688 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys07:58:11.0305 3688 adpu320 - ok07:58:11.0331 3688 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll07:58:11.0412 3688 AeLookupSvc - ok07:58:11.0461 3688 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys07:58:11.0509 3688 AFD - ok07:58:11.0545 3688 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys07:58:11.0583 3688 agp440 - ok07:58:11.0599 3688 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe07:58:11.0640 3688 ALG - ok07:58:11.0682 3688 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys07:58:11.0719 3688 aliide - ok07:58:11.0760 3688 [ 998021E7C3DE3E97E441ABACE498FFB6 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe07:58:11.0802 3688 AMD External Events Utility - ok07:58:11.0818 3688 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys07:58:11.0855 3688 amdide - ok07:58:11.0875 3688 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys07:58:11.0915 3688 AmdK8 - ok07:58:12.0104 3688 [ 250D5B746FFF9B7D88591EE60B63B3E4 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys07:58:12.0295 3688 amdkmdag - ok07:58:12.0322 3688 [ 781DAEC0C3E63950CCA53D193582F2E8 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys07:58:12.0367 3688 amdkmdap - ok07:58:12.0387 3688 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys07:58:12.0427 3688 AmdPPM - ok07:58:12.0462 3688 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys07:58:12.0501 3688 amdsata - ok07:58:12.0526 3688 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys07:58:12.0566 3688 amdsbs - ok07:58:12.0583 3688 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys07:58:12.0618 3688 amdxata - ok07:58:12.0655 3688 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys07:58:12.0732 3688 AppID - ok07:58:12.0746 3688 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll07:58:12.0823 3688 AppIDSvc - ok07:58:12.0854 3688 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll07:58:12.0927 3688 Appinfo - ok07:58:13.0029 3688 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe07:58:13.0060 3688 Apple Mobile Device - ok07:58:13.0082 3688 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys07:58:13.0119 3688 arc - ok07:58:13.0129 3688 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys07:58:13.0166 3688 arcsas - ok07:58:13.0195 3688 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys07:58:13.0271 3688 AsyncMac - ok07:58:13.0309 3688 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys07:58:13.0346 3688 atapi - ok07:58:13.0382 3688 [ 77C149E6D702737B2E372DEE166FAEF8 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys07:58:13.0419 3688 AtiHdmiService - ok07:58:13.0465 3688 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll07:58:13.0556 3688 AudioEndpointBuilder - ok07:58:13.0570 3688 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll07:58:13.0655 3688 AudioSrv - ok07:58:13.0697 3688 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll07:58:13.0746 3688 AxInstSV - ok07:58:13.0774 3688 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys07:58:13.0822 3688 b06bdrv - ok07:58:13.0850 3688 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys07:58:13.0894 3688 b57nd60a - ok07:58:13.0947 3688 [ 01A24B415926BB5F772DBE12459D97DE ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE07:58:13.0989 3688 BBSvc - ok07:58:14.0035 3688 [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE07:58:14.0076 3688 BBUpdate - ok07:58:14.0106 3688 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll07:58:14.0145 3688 BDESVC - ok07:58:14.0152 3688 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys07:58:14.0231 3688 Beep - ok07:58:14.0283 3688 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll07:58:14.0372 3688 BFE - ok07:58:14.0518 3688 [ 652F4D186325B69FFE80EE18AE9ACC77 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20121030.002\BHDrvx64.sys07:58:14.0591 3688 BHDrvx64 - ok07:58:14.0618 3688 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll07:58:14.0714 3688 BITS - ok07:58:14.0731 3688 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys07:58:14.0770 3688 blbdrive - ok07:58:14.0856 3688 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe07:58:14.0898 3688 Bonjour Service - ok07:58:14.0937 3688 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys07:58:14.0975 3688 bowser - ok07:58:14.0991 3688 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys07:58:15.0032 3688 BrFiltLo - ok07:58:15.0040 3688 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys07:58:15.0081 3688 BrFiltUp - ok07:58:15.0114 3688 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll07:58:15.0153 3688 Browser - ok07:58:15.0183 3688 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys07:58:15.0226 3688 Brserid - ok07:58:15.0241 3688 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys07:58:15.0286 3688 BrSerWdm - ok07:58:15.0291 3688 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys07:58:15.0334 3688 BrUsbMdm - ok07:58:15.0339 3688 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys07:58:15.0373 3688 BrUsbSer - ok07:58:15.0388 3688 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys07:58:15.0430 3688 BTHMODEM - ok07:58:15.0453 3688 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll07:58:15.0533 3688 bthserv - ok07:58:15.0589 3688 [ 248C952C82DF1E23775432774CBB20F1 ] ccSet_NIS C:\Windows\system32\drivers\NISx64\1402000.013\ccSetx64.sys07:58:15.0624 3688 ccSet_NIS - ok07:58:15.0655 3688 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys07:58:15.0736 3688 cdfs - ok07:58:15.0790 3688 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys07:58:15.0832 3688 cdrom - ok07:58:15.0867 3688 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll07:58:15.0942 3688 CertPropSvc - ok07:58:15.0966 3688 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys07:58:16.0010 3688 circlass - ok07:58:16.0030 3688 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys07:58:16.0075 3688 CLFS - ok07:58:16.0137 3688 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe07:58:16.0169 3688 clr_optimization_v2.0.50727_32 - ok07:58:16.0207 3688 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe07:58:16.0242 3688 clr_optimization_v2.0.50727_64 - ok07:58:16.0311 3688 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe07:58:16.0346 3688 clr_optimization_v4.0.30319_32 - ok07:58:16.0377 3688 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe07:58:16.0411 3688 clr_optimization_v4.0.30319_64 - ok07:58:16.0437 3688 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys07:58:16.0476 3688 CmBatt - ok07:58:16.0513 3688 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys07:58:16.0551 3688 cmdide - ok07:58:16.0605 3688 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys07:58:16.0664 3688 CNG - ok07:58:16.0689 3688 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys07:58:16.0724 3688 Compbatt - ok07:58:16.0778 3688 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys07:58:16.0822 3688 CompositeBus - ok07:58:16.0826 3688 COMSysApp - ok07:58:16.0843 3688 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys07:58:16.0879 3688 crcdisk - ok07:58:16.0918 3688 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll07:58:16.0987 3688 CryptSvc - ok07:58:17.0031 3688 [ DE28371013ED2ECCD4FF17F9526B9F27 ] D-Link SharePort Helper C:\Program Files\D-Link\SharePort Utility\Spnuhelper.exe07:58:17.0050 3688 D-Link SharePort Helper ( UnsignedFile.Multi.Generic ) - warning07:58:17.0050 3688 D-Link SharePort Helper - detected UnsignedFile.Multi.Generic (1)07:58:17.0105 3688 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll07:58:17.0188 3688 DcomLaunch - ok07:58:17.0207 3688 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll07:58:17.0287 3688 defragsvc - ok07:58:17.0318 3688 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys07:58:17.0392 3688 DfsC - ok07:58:17.0429 3688 [ DEF365F0F6E017888C4B869D3BA4B8E0 ] dgderdrv C:\Windows\system32\drivers\dgderdrv.sys07:58:17.0459 3688 dgderdrv - ok07:58:17.0504 3688 [ B9430166FEB246F6070A62B3554932C9 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys07:58:17.0537 3688 dg_ssudbus - ok07:58:17.0586 3688 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll07:58:17.0663 3688 Dhcp - ok07:58:17.0685 3688 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys07:58:17.0760 3688 discache - ok07:58:17.0799 3688 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys07:58:17.0835 3688 Disk - ok07:58:17.0870 3688 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll07:58:17.0909 3688 Dnscache - ok07:58:17.0943 3688 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll07:58:18.0025 3688 dot3svc - ok07:58:18.0066 3688 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll07:58:18.0144 3688 DPS - ok07:58:18.0168 3688 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys07:58:18.0211 3688 drmkaud - ok07:58:18.0258 3688 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys07:58:18.0323 3688 DXGKrnl - ok07:58:18.0344 3688 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll07:58:18.0424 3688 EapHost - ok07:58:18.0500 3688 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys07:58:18.0608 3688 ebdrv - ok07:58:18.0650 3688 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys07:58:18.0691 3688 eeCtrl - ok07:58:18.0726 3688 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe07:58:18.0764 3688 EFS - ok07:58:18.0828 3688 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe07:58:18.0878 3688 ehRecvr - ok07:58:18.0898 3688 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe07:58:18.0937 3688 ehSched - ok07:58:18.0962 3688 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys07:58:19.0011 3688 elxstor - ok07:58:19.0073 3688 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilDrv11220 C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys07:58:19.0104 3688 EraserUtilDrv11220 - ok07:58:19.0145 3688 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys07:58:19.0176 3688 EraserUtilRebootDrv - ok07:58:19.0205 3688 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys07:58:19.0242 3688 ErrDev - ok07:58:19.0265 3688 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll07:58:19.0346 3688 EventSystem - ok07:58:19.0372 3688 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys07:58:19.0450 3688 exfat - ok07:58:19.0458 3688 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys07:58:19.0536 3688 fastfat - ok07:58:19.0585 3688 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe07:58:19.0636 3688 Fax - ok07:58:19.0650 3688 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys07:58:19.0688 3688 fdc - ok07:58:19.0710 3688 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll07:58:19.0785 3688 fdPHost - ok07:58:19.0793 3688 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll07:58:19.0868 3688 FDResPub - ok07:58:19.0880 3688 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys07:58:19.0917 3688 FileInfo - ok07:58:19.0928 3688 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys07:58:20.0004 3688 Filetrace - ok07:58:20.0013 3688 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys07:58:20.0051 3688 flpydisk - ok07:58:20.0089 3688 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys07:58:20.0132 3688 FltMgr - ok07:58:20.0183 3688 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll07:58:20.0245 3688 FontCache - ok07:58:20.0312 3688 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe07:58:20.0344 3688 FontCache3.0.0.0 - ok07:58:20.0360 3688 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys07:58:20.0396 3688 FsDepends - ok07:58:20.0437 3688 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys07:58:20.0466 3688 fssfltr - ok07:58:20.0553 3688 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe07:58:20.0618 3688 fsssvc - ok07:58:20.0653 3688 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys07:58:20.0688 3688 Fs_Rec - ok07:58:20.0735 3688 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys07:58:20.0784 3688 fvevol - ok07:58:20.0814 3688 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys07:58:20.0852 3688 gagp30kx - ok07:58:20.0910 3688 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe07:58:20.0944 3688 GamesAppService - ok07:58:20.0978 3688 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys07:58:21.0010 3688 GEARAspiWDM - ok07:58:21.0074 3688 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll07:58:21.0169 3688 gpsvc - ok07:58:21.0244 3688 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe07:58:21.0275 3688 gupdate - ok07:58:21.0288 3688 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe07:58:21.0319 3688 gupdatem - ok07:58:21.0340 3688 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe07:58:21.0373 3688 gusvc - ok07:58:21.0387 3688 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys07:58:21.0426 3688 hcw85cir - ok07:58:21.0483 3688 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys07:58:21.0528 3688 HDAudBus - ok07:58:21.0539 3688 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys07:58:21.0572 3688 HECIx64 - ok07:58:21.0596 3688 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys07:58:21.0635 3688 HidBatt - ok07:58:21.0651 3688 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys07:58:21.0693 3688 HidBth - ok07:58:21.0701 3688 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys07:58:21.0744 3688 HidIr - ok07:58:21.0763 3688 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll07:58:21.0839 3688 hidserv - ok07:58:21.0873 3688 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys07:58:21.0910 3688 HidUsb - ok07:58:21.0939 3688 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll07:58:22.0016 3688 hkmsvc - ok07:58:22.0049 3688 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll07:58:22.0090 3688 HomeGroupListener - ok07:58:22.0133 3688 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll07:58:22.0175 3688 HomeGroupProvider - ok07:58:22.0250 3688 [ BE78357FB49759B79CCC01894BCFDDDB ] HP Health Check Service C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe07:58:22.0281 3688 HP Health Check Service - ok07:58:22.0339 3688 [ 2DFB151FD34DF104DAC0ADF070EDA83C ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe07:58:22.0368 3688 HPDrvMntSvc.exe - ok07:58:22.0455 3688 [ 1DAE5C46D42B02A6D5862E1482EFB390 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll07:58:22.0478 3688 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning07:58:22.0478 3688 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)07:58:22.0491 3688 [ 99E8EEF42FE2F4AF29B08C3355DD7685 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll07:58:22.0515 3688 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning07:58:22.0515 3688 hpqddsvc - detected UnsignedFile.Multi.Generic (1)07:58:22.0550 3688 [ 184C500CB9F69585F3FE85E1D2667CD8 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe07:58:22.0598 3688 hpqwmiex - ok07:58:22.0638 3688 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys07:58:22.0676 3688 HpSAMD - ok07:58:22.0739 3688 [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL07:58:22.0783 3688 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning07:58:22.0783 3688 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)07:58:22.0812 3688 [ CF44B25AE808765D7308F412AD492DDB ] HTCAND64 C:\Windows\system32\Drivers\ANDROIDUSB.sys07:58:22.0835 3688 HTCAND64 ( UnsignedFile.Multi.Generic ) - warning07:58:22.0835 3688 HTCAND64 - detected UnsignedFile.Multi.Generic (1)07:58:22.0894 3688 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys07:58:22.0985 3688 HTTP - ok07:58:23.0018 3688 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys07:58:23.0054 3688 hwpolicy - ok07:58:23.0098 3688 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys07:58:23.0140 3688 i8042prt - ok07:58:23.0158 3688 [ 631FA8935163B01FC0C02966CB3ADB92 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys07:58:23.0201 3688 iaStor - ok07:58:23.0239 3688 [ 7493EA4DE41348F7D3EDBF9DB298F56A ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe07:58:23.0269 3688 IAStorDataMgrSvc - ok07:58:23.0311 3688 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys07:58:23.0360 3688 iaStorV - ok07:58:23.0416 3688 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe07:58:23.0469 3688 idsvc - ok07:58:23.0525 3688 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20121108.001\IDSvia64.sys07:58:23.0568 3688 IDSVia64 - ok07:58:23.0590 3688 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys07:58:23.0626 3688 iirsp - ok07:58:23.0667 3688 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll07:58:23.0753 3688 IKEEXT - ok07:58:23.0833 3688 [ 3C4B4EE54FEBB09F7E9F58776DE96DCA ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys07:58:23.0933 3688 IntcAzAudAddService - ok07:58:23.0950 3688 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys07:58:23.0985 3688 intelide - ok07:58:24.0006 3688 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys07:58:24.0044 3688 intelppm - ok07:58:24.0072 3688 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll07:58:24.0149 3688 IPBusEnum - ok07:58:24.0184 3688 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys07:58:24.0262 3688 IpFilterDriver - ok07:58:24.0310 3688 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll07:58:24.0399 3688 iphlpsvc - ok07:58:24.0428 3688 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys07:58:24.0468 3688 IPMIDRV - ok07:58:24.0493 3688 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys07:58:24.0573 3688 IPNAT - ok07:58:24.0634 3688 [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe07:58:24.0687 3688 iPod Service - ok07:58:24.0712 3688 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys07:58:24.0759 3688 IRENUM - ok07:58:24.0803 3688 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys07:58:24.0840 3688 isapnp - ok07:58:24.0877 3688 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys07:58:24.0921 3688 iScsiPrt - ok07:58:24.0947 3688 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys07:58:24.0982 3688 kbdclass - ok07:58:25.0013 3688 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys07:58:25.0051 3688 kbdhid - ok07:58:25.0068 3688 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe07:58:25.0105 3688 KeyIso - ok07:58:25.0138 3688 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys07:58:25.0175 3688 KSecDD - ok07:58:25.0192 3688 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys07:58:25.0230 3688 KSecPkg - ok07:58:25.0240 3688 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys07:58:25.0318 3688 ksthunk - ok07:58:25.0345 3688 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll07:58:25.0427 3688 KtmRm - ok07:58:25.0468 3688 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll07:58:25.0547 3688 LanmanServer - ok07:58:25.0574 3688 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll07:58:25.0653 3688 LanmanWorkstation - ok07:58:25.0693 3688 [ 2238B91AC1A12CC6CC4C4FED41258B2A ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe07:58:25.0716 3688 LightScribeService ( UnsignedFile.Multi.Generic ) - warning07:58:25.0716 3688 LightScribeService - detected UnsignedFile.Multi.Generic (1)07:58:25.0736 3688 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys07:58:25.0815 3688 lltdio - ok07:58:25.0834 3688 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll07:58:25.0918 3688 lltdsvc - ok07:58:25.0944 3688 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll07:58:26.0021 3688 lmhosts - ok07:58:26.0054 3688 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys07:58:26.0091 3688 LSI_FC - ok07:58:26.0106 3688 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys07:58:26.0145 3688 LSI_SAS - ok07:58:26.0159 3688 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys07:58:26.0198 3688 LSI_SAS2 - ok07:58:26.0215 3688 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys07:58:26.0255 3688 LSI_SCSI - ok07:58:26.0272 3688 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys07:58:26.0353 3688 luafv - ok07:58:26.0398 3688 [ C586CC39820B6E7FE3657FED8329D300 ] lvpopf64 C:\Windows\system32\DRIVERS\lvpopf64.sys07:58:26.0437 3688 lvpopf64 - ok07:58:26.0441 3688 LVPr2M64 - ok07:58:26.0485 3688 [ 0C85B2B6FB74B36A251792D45E0EF860 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys07:58:26.0528 3688 LVRS64 - ok07:58:26.0648 3688 [ FF3A488924B0032B1A9CA6948C1FA9E8 ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys07:58:26.0827 3688 LVUVC64 - ok07:58:26.0850 3688 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll07:58:26.0891 3688 Mcx2Svc - ok07:58:26.0913 3688 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys07:58:26.0948 3688 megasas - ok07:58:26.0979 3688 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys07:58:27.0021 3688 MegaSR - ok07:58:27.0089 3688 Microsoft SharePoint Workspace Audit Service - ok07:58:27.0113 3688 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll07:58:27.0193 3688 MMCSS - ok07:58:27.0217 3688 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys07:58:27.0296 3688 Modem - ok07:58:27.0322 3688 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys07:58:27.0365 3688 monitor - ok07:58:27.0404 3688 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys07:58:27.0441 3688 mouclass - ok07:58:27.0467 3688 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys07:58:27.0506 3688 mouhid - ok07:58:27.0540 3688 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys07:58:27.0577 3688 mountmgr - ok07:58:27.0656 3688 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe07:58:27.0688 3688 MozillaMaintenance - ok07:58:27.0721 3688 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys07:58:27.0760 3688 mpio - ok07:58:27.0778 3688 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys07:58:27.0858 3688 mpsdrv - ok07:58:27.0906 3688 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll07:58:28.0002 3688 MpsSvc - ok07:58:28.0039 3688 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys07:58:28.0087 3688 MRxDAV - ok07:58:28.0121 3688 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys07:58:28.0160 3688 mrxsmb - ok07:58:28.0199 3688 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys07:58:28.0241 3688 mrxsmb10 - ok07:58:28.0253 3688 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys07:58:28.0293 3688 mrxsmb20 - ok07:58:28.0323 3688 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys07:58:28.0360 3688 msahci - ok07:58:28.0394 3688 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys07:58:28.0434 3688 msdsm - ok07:58:28.0448 3688 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe07:58:28.0492 3688 MSDTC - ok07:58:28.0521 3688 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys07:58:28.0597 3688 Msfs - ok07:58:28.0618 3688 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys07:58:28.0694 3688 mshidkmdf - ok07:58:28.0737 3688 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys07:58:28.0780 3688 msisadrv - ok07:58:28.0811 3688 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll07:58:28.0889 3688 MSiSCSI - ok07:58:28.0894 3688 msiserver - ok07:58:28.0913 3688 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys07:58:28.0993 3688 MSKSSRV - ok07:58:29.0000 3688 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys07:58:29.0078 3688 MSPCLOCK - ok07:58:29.0083 3688 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys07:58:29.0160 3688 MSPQM - ok07:58:29.0197 3688 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys07:58:29.0244 3688 MsRPC - ok07:58:29.0262 3688 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys07:58:29.0299 3688 mssmbios - ok07:58:29.0315 3688 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys07:58:29.0394 3688 MSTEE - ok07:58:29.0412 3688 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys07:58:29.0451 3688 MTConfig - ok07:58:29.0465 3688 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys07:58:29.0503 3688 Mup - ok07:58:29.0545 3688 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll07:58:29.0632 3688 napagent - ok07:58:29.0662 3688 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys07:58:29.0715 3688 NativeWifiP - ok07:58:29.0777 3688 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20121108.008\ENG64.SYS07:58:29.0810 3688 NAVENG - ok07:58:29.0866 3688 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20121108.008\EX64.SYS07:58:29.0949 3688 NAVEX15 - ok07:58:29.0993 3688 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys07:58:30.0057 3688 NDIS - ok07:58:30.0080 3688 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys07:58:30.0159 3688 NdisCap - ok07:58:30.0178 3688 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys07:58:30.0257 3688 NdisTapi - ok07:58:30.0292 3688 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys07:58:30.0370 3688 Ndisuio - ok07:58:30.0411 3688 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys07:58:30.0490 3688 NdisWan - ok07:58:30.0522 3688 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys07:58:30.0600 3688 NDProxy - ok07:58:30.0650 3688 [ D5AC41AE382738483FAFFBD7E373D49A ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll07:58:30.0673 3688 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning07:58:30.0673 3688 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)07:58:30.0698 3688 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys07:58:30.0777 3688 NetBIOS - ok07:58:30.0817 3688 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys07:58:30.0897 3688 NetBT - ok07:58:30.0918 3688 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe07:58:30.0957 3688 Netlogon - ok07:58:30.0993 3688 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll07:58:31.0080 3688 Netman - ok07:58:31.0102 3688 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll07:58:31.0192 3688 netprofm - ok07:58:31.0233 3688 [ 254AF6DF67EAFA8C6E0AA0D316487673 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys07:58:31.0286 3688 netr28x - ok07:58:31.0316 3688 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe07:58:31.0350 3688 NetTcpPortSharing - ok07:58:31.0375 3688 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys07:58:31.0412 3688 nfrd960 - ok07:58:31.0475 3688 [ 4A9258B9597A31DB68EC9740F3A8A70B ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe07:58:31.0506 3688 NIS - ok07:58:31.0557 3688 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll07:58:31.0634 3688 NlaSvc - ok07:58:31.0660 3688 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys07:58:31.0736 3688 Npfs - ok07:58:31.0779 3688 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll07:58:31.0859 3688 nsi - ok07:58:31.0869 3688 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys07:58:31.0947 3688 nsiproxy - ok07:58:32.0012 3688 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys07:58:32.0101 3688 Ntfs - ok07:58:32.0116 3688 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys07:58:32.0195 3688 Null - ok07:58:32.0216 3688 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys07:58:32.0257 3688 nvraid - ok07:58:32.0291 3688 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys07:58:32.0330 3688 nvstor - ok07:58:32.0373 3688 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys07:58:32.0412 3688 nv_agp - ok07:58:32.0447 3688 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys07:58:32.0487 3688 ohci1394 - ok07:58:32.0544 3688 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE07:58:32.0577 3688 ose - ok07:58:32.0715 3688 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE07:58:32.0868 3688 osppsvc - ok07:58:32.0900 3688 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll07:58:32.0945 3688 p2pimsvc - ok07:58:32.0963 3688 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll07:58:33.0010 3688 p2psvc - ok07:58:33.0034 3688 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys07:58:33.0074 3688 Parport - ok07:58:33.0109 3688 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys07:58:33.0147 3688 partmgr - ok07:58:33.0162 3688 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll07:58:33.0212 3688 PcaSvc - ok07:58:33.0223 3688 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys07:58:33.0263 3688 pci - ok07:58:33.0303 3688 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys07:58:33.0338 3688 pciide - ok07:58:33.0361 3688 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys07:58:33.0403 3688 pcmcia - ok07:58:33.0424 3688 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys07:58:33.0462 3688 pcw - ok07:58:33.0487 3688 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys07:58:33.0580 3688 PEAUTH - ok07:58:33.0677 3688 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe07:58:33.0717 3688 PerfHost - ok07:58:33.0781 3688 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll07:58:33.0886 3688 pla - ok Link to post Share on other sites More sharing options...
Recommended Posts