Jump to content

SVCHOST.exe keeps popping up as Trojan.Loader


Recommended Posts

Hi, ive been having issues with both my laptop and my desktop. Also my wireless network in my home. I'm not sure if any are related but i will start with my desktop since it was the most expensive/recent purchase. Ive followed the instructions from the "I'm infected - What do i do now..." post so here is my DDS.txt file:

DDS (Ver_2012-10-19.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16421

Run by Cassovel at 22:52:37 on 2012-11-02

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8151.5356 [GMT -10:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\ActivIdentity\ActivClient\acevents.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

\\.\globalroot\systemroot\svchost.exe -netsvcs

C:\Windows\system32\conhost.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe

C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler64.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\splwow64.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe

C:\Windows\Explorer.EXE

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\ActivIdentity\ActivClient\acevents.exe

C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Users\Cassovel\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

C:\Program Files (x86)\Samsung\Kies\Kies.exe

C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe

C:\Program Files (x86)\Google\Drive\googledrivesync.exe

C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

C:\Program Files\ActivIdentity\ActivClient\acsagent.exe

C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe

C:\Program Files\ActivIdentity\ActivClient\acevents.exe

C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe

C:\Program Files (x86)\Google\Drive\googledrivesync.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe

C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\taskeng.exe

c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Logitech\LWS\LU\LULnchr.exe

C:\Program Files (x86)\Logitech\LWS\LU\LogitechUpdate.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\PrintIsolationHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

mWinlogon: Userinit = userinit.exe,

BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\hp\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: PE_IE_Helper Class: {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files (x86)\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coieplg.dll

BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ipsbho.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coieplg.dll

TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coieplg.dll

TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [Google Update] "C:\Users\Cassovel\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [bdfccfbdceeddct] "C:\ProgramData\bdfccfbdceeddct.exe"

uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload

uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup

uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart

uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

mRun: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ACTIVC~1.LNK - C:\Program Files\ActivIdentity\ActivClient\acsagent.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 192.168.0.1

TCP: Interfaces\{F46FA383-ABBB-4A7D-954C-E3A36BCFBB5B} : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{F46FA383-ABBB-4A7D-954C-E3A36BCFBB5B}\36163737F66756C6 : DHCPNameServer = 24.25.227.55 209.18.47.61 24.25.227.53

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp

x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe

x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

x64-Run: [acevents] "C:\Program Files\ActivIdentity\ActivClient\acevents.exe"

x64-Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Cassovel\AppData\Roaming\Mozilla\Firefox\Profiles\ruvvtxuz.default\

FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/

FF - prefs.js: keyword.URL - hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=sf&tbid=80001&language=en&qkw=

FF - prefs.js: network.proxy.type - 0

FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll

FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\components\coFFPlgn.dll

FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll

FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npclntax_HBLiteSA.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npmfv.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Cassovel\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Users\Cassovel\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll

FF - plugin: C:\Users\Cassovel\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll

FF - plugin: C:\Users\Cassovel\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\Cassovel\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll

FF - ExtSQL: 2012-10-21 16:51; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

FF - ExtSQL: !HIDDEN! 2011-07-22 17:01; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]

R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1109000.00C\symds64.sys [2011-10-11 433200]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1109000.00C\symefa64.sys [2011-10-11 221304]

R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\NISx64\1109000.00C\cchpx64.sys [2011-10-11 593544]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20121102.001\IDSviA64.sys [2012-11-2 513184]

R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1109000.00C\ironx64.sys [2011-10-11 150064]

R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\NISx64\1109000.00C\symtdiv.sys [2011-10-11 451704]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]

R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/03/19 09:30:21];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2010-3-19 146928]

R2 ac.sharedstore;ActivIdentity Shared Store Service;C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [2012-6-20 277656]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-9-8 203776]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-3-19 13336]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-26 399432]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccsvchst.exe [2011-10-11 126400]

R2 sxuptp;SXUPTP Driver;C:\Windows\System32\drivers\sxuptp.sys [2009-7-3 291336]

R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]

R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2011-6-1 9320448]

R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2011-6-1 306688]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-23 138912]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-3-19 56344]

R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]

R3 LVUVC64;Logitech Webcam C210(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-3-19 239616]

S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20120928.001\BHDrvx64.sys [2012-10-2 1385120]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-16 135664]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-26 676936]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-29 250808]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-10-18 102368]

S3 dgderdrv;dgderdrv;C:\Windows\System32\drivers\dgderdrv.sys [2010-9-14 20552]

S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-11-21 48488]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-16 135664]

S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-10-26 32768]

S3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\System32\drivers\lvpopf64.sys [2010-7-27 271712]

S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2010-5-7 30304]

S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-10-26 25928]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-8-23 114144]

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2010-3-19 763904]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 128456]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2012-10-18 203104]

S3 TFsExDisk;TFsExDisk;C:\Windows\System32\drivers\TFsExDisk.sys [2010-10-7 16392]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-20 59392]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-17 1255736]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2009-2-13 14464]

S4 D-Link SharePort Helper;D-Link SharePort Helper;C:\Program Files\D-Link\SharePort Utility\Spnuhelper.exe [2011-4-12 49152]

S4 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]

S4 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2010-5-7 197976]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-11-03 04:37:21 9291768 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{98FCBCC8-9F2F-4623-B602-DFE20828B5AE}\mpengine.dll

2012-11-03 03:52:47 20480 ------w- C:\Windows\svchost.exe

2012-10-29 07:35:01 9291768 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-10-27 04:52:01 -------- d-----w- C:\Users\Cassovel\AppData\Roaming\Malwarebytes

2012-10-27 04:51:53 -------- d-----w- C:\ProgramData\Malwarebytes

2012-10-27 04:51:52 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-10-27 04:51:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-10-27 04:20:09 972192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{605722E5-387A-46B3-88AF-41EF31239CA5}\gapaengine.dll

2012-10-22 12:25:24 -------- d-----w- C:\Users\Cassovel\AppData\Roaming\Tific

2012-10-22 12:25:23 -------- d-----w- C:\Users\Cassovel\AppData\Local\Symantec

2012-10-19 00:00:23 203104 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys

2012-10-19 00:00:23 102368 ----a-w- C:\Windows\System32\drivers\ssudbus.sys

2012-10-10 18:01:53 220160 ----a-w- C:\Windows\System32\wintrust.dll

2012-10-10 18:01:52 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-10-10 18:01:45 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-10-10 18:01:45 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-10-10 18:01:28 715776 ----a-w- C:\Windows\System32\kerberos.dll

2012-10-10 18:01:28 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll

2012-10-10 18:01:23 1464320 ----a-w- C:\Windows\System32\crypt32.dll

2012-10-10 18:01:23 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-10-10 18:01:22 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-10-10 18:01:22 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-10-10 18:01:22 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-10-10 18:01:21 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

.

==================== Find3M ====================

.

2012-10-09 01:26:37 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-09 01:26:37 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-09-26 11:57:14 24576 ----a-w- C:\Windows\SysWow64\MASetupCleaner.exe

2012-09-26 11:57:14 172032 ----a-w- C:\Windows\SysWow64\muzapp.exe

2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2012-08-31 08:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys

2012-08-31 08:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys

2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys

2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys

2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe

2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll

2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll

2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll

2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll

2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe

2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe

2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

.

============= FINISH: 22:53:18.69 ===============

Here is my Attach.txt :

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-10-19.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 8/15/2010 4:19:06 PM

System Uptime: 11/2/2012 8:58:11 PM (2 hours ago)

.

Motherboard: MSI | | IONA

Processor: Intel® Core i7 CPU 860 @ 2.80GHz | CPU 1 | 1176/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 920 GiB total, 778.726 GiB free.

D: is FIXED (NTFS) - 11 GiB total, 1.6 GiB free.

E: is CDROM ()

G: is Removable

H: is Removable

I: is Removable

J: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}

Description: Photosmart C6200 series

Device ID: ROOT\IMAGE\0000

Manufacturer: HP

Name: Photosmart C6200 series

PNP Device ID: ROOT\IMAGE\0000

Service: StillCam

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: BHDrvx64

Device ID: ROOT\LEGACY_BHDRVX64\0000

Manufacturer:

Name: BHDrvx64

PNP Device ID: ROOT\LEGACY_BHDRVX64\0000

Service: BHDrvx64

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: 802.11n Wireless LAN Card

Device ID: PCI\VEN_1814&DEV_3090&SUBSYS_760211AD&REV_00\4&2ED86587&0&00E3

Manufacturer: Ralink Technology, Corp.

Name: 802.11n Wireless LAN Card

PNP Device ID: PCI\VEN_1814&DEV_3090&SUBSYS_760211AD&REV_00\4&2ED86587&0&00E3

Service: netr28x

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Photosmart C6200 series

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Photosmart C6200 series

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

.

==== System Restore Points ===================

.

RP375: 10/21/2012 7:07:26 PM - Windows Update

RP376: 10/26/2012 1:44:04 PM - Windows Update

RP377: 10/26/2012 6:15:47 PM - Windows Update

RP378: 10/26/2012 6:45:34 PM - Installed Java 6 Update 37

.

==== Installed Programs ======================

.

µTorrent

64 Bit HP CIO Components Installer

ActivClient CAC x64

ActiveCheck component for HP Active Support Library

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.5.2

Adobe Shockwave Player 11.6

AIO_Scan

AMD Drag and Drop Transcoding

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ATI Catalyst Install Manager

ATI Catalyst Registration

Avatar: Bobble Battles

Bonjour

BufferChm

C6200

C6200_Help

CameraHelperMsi

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

ccc-core-static

ccc-utility64

CCC Help English

Compatibility Pack for the 2007 Office system

Copy

Coupon Printer for Windows

CyberLink DVD Suite Deluxe

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Destinations

DeviceDiscovery

DirectX for Managed Code Update (Summer 2004)

DivX Setup

DocProc

DVD Menu Pack for HP MediaSmart Video

erLT

FATE: The Cursed King

Fax

Google Chrome

Google Drive

Google Talk Plugin

Google Toolbar for Internet Explorer

Google Update Helper

GPBaseService2

Hardware Diagnostic Tools

Hidden World

Hobby Farm

Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)

HP Advisor

HP Customer Experience Enhancements

HP Customer Participation Program 13.0

HP Games

HP Imaging Device Functions 13.0

HP MediaSmart Demo

HP MediaSmart DVD

HP MediaSmart Music/Photo/Video

HP MediaSmart SmartMenu

HP MediaSmart/TouchSmart Netflix

HP Odometer

HP Photosmart All-In-One Driver Software 13.0 Rel. 2

HP Photosmart Essential 3.5

HP Remote Solution

HP Setup

HP Smart Web Printing 4.51

HP Solution Center 13.0

HP Support Assistant

HP Support Information

HP Update

HPAsset component for HP Active Support Library

HPPhotoGadget

HPPhotoSmartDiscLabel_PaperLabel

HPPhotoSmartDiscLabel_PrintOnDisc

HPPhotoSmartDiscLabelContent1

hpphotosmartdisclabelplugin

HPPhotosmartEssential

HPProductAssistant

HPSSupply

Hulu Desktop

HydraVision

IBM Lotus Forms Viewer 3.5.1

iCloud

Intel® Rapid Storage Technology

iTunes

Java Auto Updater

Junk Mail filter update

Kies mini

LabelPrint

LightScribe System Software

Logitech Vid HD

Logitech Webcam Software

LWS Facebook

LWS Gallery

LWS Help_main

LWS Launcher

LWS Motion Detection

LWS Pictures And Video

LWS Twitter

LWS Video Mask Maker

LWS VideoEffects

LWS Webcam Software

LWS WLM Plugin

LWS YouTube Plugin

Malwarebytes Anti-Malware version 1.65.1.1000

MarketResearch

MediaSPace

Mesh Runtime

Messenger Companion

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Live Search Toolbar

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office Home and Student 60 day trial

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

MobileMe Control Panel

Movie Theme Pack for HP MediaSmart Video

Mozilla Firefox 15.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

My Kingdom for the Princess 3

MyFreeCodec

Mystic Gallery

Network64

Norton Internet Security

Norton Online Backup

Norton Security Scan

OCR Software by I.R.I.S. 13.0

OutlookAddInNet3Setup

PictureMover

PlayReady PC Runtime amd64

Power2Go

PowerDirector

PS_AIO_02_ProductContext

PS_AIO_02_Software

PS_AIO_02_Software_Min

QuickTime

Realtek High Definition Audio Driver

Recovery Manager

Samsung Kies

SAMSUNG USB Driver for Mobile Phones

Scan

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition

SharePort Utility

Shop for HP Supplies

Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)

Skype Click to Call

Skype™ 5.10

SmartWebPrinting

SolutionCenter

Status

Steam

ThermaData Logger

ThermaData Logger Cradle (Driver Removal)

Toolbox

TrayApp

UnloadSupport

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update Installer for WildTangent Games App

VC80CRTRedist - 8.0.50727.4053

ViewSonic Monitor Drivers

VLC

VLC media player 1.1.5

WebReg

WildTangent Games

WildTangent Games App

WildTangent Games App (HP Games)

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Movie Maker 2.6

WModem Driver Installer

WMV9/VC-1 Video Playback

Yahoo! BrowserPlus 2.9.8

Yahoo! Messenger

Yahoo! Software Update

Yahoo! Toolbar

.

==== Event Viewer Messages From Past Week ========

.

11/2/2012 6:36:50 PM, Error: Service Control Manager [7022] - The Server service hung on starting.

11/2/2012 6:36:50 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: After starting, the service hung in a start-pending state.

11/2/2012 6:11:18 PM, Error: Service Control Manager [7022] - The Windows Search service hung on starting.

11/2/2012 6:09:33 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume F:.

11/2/2012 5:53:53 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64

11/2/2012 5:02:41 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.842.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x80240022 Error description: The program can't check for definition updates.

11/2/2012 5:02:41 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.842.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x80240022 Error description: The program can't check for definition updates.

11/2/2012 12:27:41 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.842.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x80240022 Error description: The program can't check for definition updates.

11/2/2012 12:27:41 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.842.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x80240022 Error description: The program can't check for definition updates.

11/2/2012 10:49:23 PM, Error: Ntfs [137] - The default transaction resource manager on volume F: encountered a non-retryable error and could not start. The data contains the error code.

11/2/2012 10:49:23 PM, Error: Microsoft-Windows-Smartcard-Server [610] - Smart Card Reader 'SCM Microsystems Inc. SCRx31 USB Smart Card Reader 0' rejected IOCTL GET_STATE: The I/O operation has been aborted because of either a thread exit or an application request. If this error persists, your smart card or reader may not be functioning correctly. Command Header: XX XX XX XX

11/2/2012 10:49:09 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.

10/29/2012 11:45:12 AM, Error: Microsoft-Windows-Smartcard-Server [610] - Smart Card Reader 'SCM Microsystems Inc. SCRx31 USB Smart Card Reader 0' rejected IOCTL GET_STATE: The device has been removed. If this error persists, your smart card or reader may not be functioning correctly. Command Header: XX XX XX XX

10/28/2012 9:26:57 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

10/28/2012 9:23:18 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000096, 0xfffff80002cc516a, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 102812-67361-01.

10/26/2012 8:31:54 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.0.193. The computer with the IP address 192.168.0.194 did not allow the name to be claimed by this computer.

10/26/2012 7:52:37 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 SRTSP

10/26/2012 7:51:51 PM, Error: SRTSP [5] - Error loading Symantec real time Anti-Virus driver.

10/26/2012 7:51:50 PM, Error: SRTSP [4] - Error loading virus definitions.

10/26/2012 6:58:49 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002f8363a, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 102612-45552-01.

10/26/2012 6:15:07 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000300000229, 0x0000000000000002, 0x0000000000000001, 0xfffff80002cda39b). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 102612-36987-01.

10/26/2012 5:49:30 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x000000000000029d, 0x0000000000000002, 0x0000000000000001, 0xfffff80002cf90c5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 102612-39234-01.

10/26/2012 5:44:53 PM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 1.139.43.0;1.139.43.0 Engine version: 1.1.8800.0

10/26/2012 1:36:23 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SRTSP

10/26/2012 1:35:55 PM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 1.139.43.0;1.139.43.0 Engine version: 1.1.8800.0

.

==== End Of File ===========================

I just want to thank everyone ahead of time for the help.. I thought i was somewhat computer saavy but i guess im not :(

Link to post
Share on other sites

Also here is a copy of the roguekiller report:

RogueKiller V8.2.1 [10/29/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website: http://tigzy.geekstogo.com/roguekiller.php

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Cassovel [Admin rights]

Mode : Scan -- Date : 11/02/2012 23:13:25

¤¤¤ Bad processes : 1 ¤¤¤

[sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 7 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : bdfccfbdceeddct ("C:\ProgramData\bdfccfbdceeddct.exe") -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-411804229-1992954851-3435353238-1001[...]\Run : bdfccfbdceeddct ("C:\ProgramData\bdfccfbdceeddct.exe") -> FOUND

[services][ROGUE ST] HKLM\[...]\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49} (\??\c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl) -> FOUND

[services][ROGUE ST] HKLM\[...]\ControlSet002\Services\{55662437-DA8C-40c0-AADA-2C816A897A49} (\??\c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl) -> FOUND

[TASK][sUSP PATH] {9AF2DD5C-8BE8-4D70-8713-F8F30F9FE0DF} : C:\Windows\system32\pcalua.exe -a "C:\Users\Cassovel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6E17WYBV\AdobeAIRInstaller[1].exe" -d C:\Users\Cassovel\Desktop -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDS721010CLA332 +++++

--- User ---

[MBR] 3f80fc3defdb5ceb3f4b5c4332c99d6e

[bSP] 9006b614b814c894c5bb1128e5f21743 : Windows Vista/7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 942445 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1930334208 | Size: 11322 Mo

User != LL1 ... KO!

--- LL1 ---

[MBR] a7e89396e6d4b3e302b34cf3b51570ed

[bSP] 9006b614b814c894c5bb1128e5f21743 : Windows Vista/7 MBR Code

Partition table:

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 942445 Mo

3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1930334208 | Size: 11322 Mo

User != LL2 ... KO!

--- LL2 ---

[MBR] a7e89396e6d4b3e302b34cf3b51570ed

[bSP] 9006b614b814c894c5bb1128e5f21743 : Windows Vista/7 MBR Code

Partition table:

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 942445 Mo

3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1930334208 | Size: 11322 Mo

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

Hello cassovel and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Step 1

Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. My suggestion is to uninstall Microsoft Security Essentials, but only if you have license for Norton Internet Security, but if not do the opposite.

Also, uninstall µTorrent.

Finally, restart your computer.

Step 2

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    image000q.png
  • Put a checkmark beside loaded modules.
    2012081514h0118.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    2012081517h0349.png
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 3

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • TDSSKiller log
  • Malwarebytes' Anti-Malware log
  • a new fresh DDS log

Link to post
Share on other sites

Ok quick question while im waiting on my computer to restart(typing this from my laptop which may or may not be infected) is there a better alternative to Microsoft Security Essentials or Norton Internet Security? Such as Avast! or AVG? Just curious. thank you so much for the help. My desktop crashed again when i reconnected back to the internet to download TDSSKiller. Another question, is it possible to download TDSSKiller onto my laptop(not crashing when connected to interwebs) and then transfer via USB to desktop? <--- probably a dumb question lol

Link to post
Share on other sites

They are very good solutions, but need to be updated program and database versions to be better at their protection. Good free solutions are avast! Anti-Virus or Avira AntiVir. You could find a lot of results from AV test organisation named Av-Comparatives:

http://www.av-comparatives.org/

You could transfer them, but first prevent this USB from infection.

http://www.pandasecurity.com/homeusers/downloads/usbvaccine/

Then use it on what you need.

Link to post
Share on other sites

Hi Maniac thanks for the response. as of my last reply i have not been able to restart my desktop computer. It starts, shows the black Microsoft Windows loader screen then flashes a blue screen the restarts. It then asks if i want to start computer normally or via "startup repair"(i think this is what it is called) upon startup repair it then does a quick load then automatically goes to the HP "system repair"(i really can't remember what the screen is called) it has the system checkup option, then it offers system restore, startup repair, and something else lol i can't remember. Is there anything i can try before reformating the computer?? I was looking at the Windows Defender Offline to see if that works, I will let you know if that allows me to actually start the computer and then i will reaccomplish the above task with TDSSKiller. If this is not a good a idea please let me know lol.. As always thank you for your help.

Link to post
Share on other sites

We have other options too. After you already immunize your USB flash drive:

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:


    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Link to post
Share on other sites

FRST.txt as follows:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-10-2012

Ran by SYSTEM at 04-11-2012 15:45:41

Running from G:\

Windows 7 Home Premium (X64) OS Language: English(US)

The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-16] (PC-Doctor, Inc.)

HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1289704 2012-09-12] (Microsoft Corporation)

HKLM\...\Run: [acevents] "C:\Program Files\ActivIdentity\ActivClient\acevents.exe" [197272 2012-06-21] (ActivIdentity)

HKLM\...\Run: [] [x]

HKLM\...\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe" [491160 2012-06-21] (ActivIdentity)

HKLM-x32\...\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)

HKLM-x32\...\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [x]

HKLM-x32\...\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)

HKLM-x32\...\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)

HKLM-x32\...\Run: [] [x]

HKLM-x32\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED [600936 2009-06-29] (Symantec Corporation)

HKLM-x32\...\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)

HKLM-x32\...\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [165208 2010-05-07] (Logitech Inc.)

HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-10-01] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)

HKLM-x32\...\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)

HKLM-x32\...\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [309688 2012-10-10] (Samsung Electronics Co., Ltd.)

HKU\Cassovel\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-08-16] (Google Inc.)

HKU\Cassovel\...\Run: [Google Update] "C:\Users\Cassovel\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-08-05] (Google Inc.)

HKU\Cassovel\...\Run: [bdfccfbdceeddct] "C:\ProgramData\bdfccfbdceeddct.exe" [x]

HKU\Cassovel\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)

HKU\Cassovel\...\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload [966072 2012-10-10] (Samsung)

HKU\Cassovel\...\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup [580096 2012-10-08] (Samsung Electronics)

HKU\Cassovel\...\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [842680 2012-10-10] (Samsung)

HKU\Cassovel\...\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart [15668432 2012-09-06] (Google)

HKU\Cassovel\...\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [842680 2012-10-10] (Samsung)

HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1685048 2009-09-29] (Hewlett-Packard)

HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1685048 2009-09-29] (Hewlett-Packard)

HKLM\...\Runonce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [x]

HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Startup: C:\Users\All Users\Start Menu\Programs\Startup\ActivClient Agent.lnk

ShortcutTarget: ActivClient Agent.lnk -> C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)

Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

Startup: C:\Users\All Users\Start Menu\Programs\Startup\PictureMover.lnk

ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)

==================== Services (Whitelisted) ===================

2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277656 2012-06-21] (ActivIdentity)

4 D-Link SharePort Helper; "C:\Program Files\D-Link\SharePort Utility\Spnuhelper.exe" /service [49152 2011-04-12] ()

2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22072 2012-09-12] (Microsoft Corporation)

2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\diMaster.dll" /prefetch:1 [135032 2010-04-29] (Symantec Corporation)

3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [368896 2012-09-12] (Microsoft Corporation)

==================== Drivers (Whitelisted) =====================

1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20120928.001\BHDrvx64.sys [1385120 2012-08-31] (Symantec Corporation)

1 ccHP; C:\Windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys [593544 2011-08-03] (Symantec Corporation)

3 dgderdrv; C:\Windows\System32\Drivers\dgderdrv.sys [20552 2010-09-15] (Devguru Co., Ltd)

3 dgderdrv; C:\Windows\SysWow64\Drivers\dgderdrv.sys [20032 2011-03-29] (Devguru Co., Ltd)

1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-19] (Symantec Corporation)

3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-19] (Symantec Corporation)

1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20121017.001\IDSvia64.sys [513184 2012-08-31] (Symantec Corporation)

3 LVPr2M64; C:\Windows\System32\Drivers\LVPr2M64.sys [30304 2010-05-07] ()

3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()

0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [228768 2012-08-31] (Microsoft Corporation)

2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-31] (Microsoft Corporation)

1 SRTSP; C:\Windows\System32\Drivers\NISx64\1109000.00C\SRTSP64.SYS [505392 2010-04-21] (Symantec Corporation)

1 SRTSPX; C:\Windows\system32\drivers\NISx64\1109000.00C\SRTSPX64.SYS [32304 2010-04-21] (Symantec Corporation)

2 sxuptp; C:\Windows\System32\Drivers\sxuptp.sys [291336 2011-04-12] (silex technology, Inc.)

0 SymDS; C:\Windows\System32\drivers\NISx64\1109000.00C\SYMDS64.SYS [433200 2009-08-29] (Symantec Corporation)

0 SymEFA; C:\Windows\System32\drivers\NISx64\1109000.00C\SYMEFA64.SYS [221304 2011-08-21] (Symantec Corporation)

3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [173104 2010-08-15] (Symantec Corporation)

1 SymIRON; C:\Windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS [150064 2010-04-28] (Symantec Corporation)

1 SYMTDIv; C:\Windows\System32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS [451704 2011-08-21] (Symantec Corporation)

2 {55662437-DA8C-40c0-AADA-2C816A897A49}; \??\c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2009-09-17] (CyberLink Corp.)

3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20121020.007\ENG64.SYS [x]

3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20121020.007\EX64.SYS [x]

==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========

2012-11-04 11:34 - 2012-11-04 11:34 - 00000000 ____D C:\Windows\Microsoft Antimalware

2012-11-03 01:17 - 2012-11-03 01:18 - 00002951 ____A C:\Users\Cassovel\Desktop\Result.txt

2012-11-03 01:13 - 2012-11-03 01:13 - 00003043 ____A C:\Users\Cassovel\Desktop\RKreport[1].txt

2012-11-03 01:12 - 2012-11-03 01:13 - 00000000 ____D C:\Users\Cassovel\Desktop\RK_Quarantine

2012-11-03 00:53 - 2012-11-03 00:54 - 00031950 ____A C:\Users\Cassovel\Desktop\dds.txt

2012-11-03 00:53 - 2012-11-03 00:54 - 00019199 ____A C:\Users\Cassovel\Desktop\attach.txt

2012-10-29 13:41 - 2012-10-29 13:41 - 00000000 ____D C:\Users\All Users\Windows Genuine Advantage

2012-10-28 23:43 - 2012-11-03 09:45 - 00000000 ____D C:\Users\Cassovel\Desktop\Entry.aspx_files

2012-10-28 23:43 - 2012-10-28 23:43 - 00090790 ____A C:\Users\Cassovel\Desktop\Entry.aspx.htm

2012-10-26 20:52 - 2012-10-26 20:52 - 00000000 ____D C:\Users\Cassovel\AppData\Roaming\Malwarebytes

2012-10-26 20:51 - 2012-11-03 09:45 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-10-26 20:51 - 2012-10-26 20:51 - 00000000 ____D C:\Users\All Users\Malwarebytes

2012-10-26 20:19 - 2012-10-26 20:19 - 00000000 ____D C:\Windows\Sun

2012-10-26 20:15 - 2012-10-26 20:15 - 00275336 ____A C:\Windows\Minidump\102612-36987-01.dmp

2012-10-26 19:49 - 2012-10-26 19:49 - 00275336 ____A C:\Windows\Minidump\102612-39234-01.dmp

2012-10-22 04:25 - 2012-10-22 04:25 - 00000000 ____D C:\Users\Cassovel\AppData\Roaming\Tific

2012-10-22 04:25 - 2012-10-22 04:25 - 00000000 ____D C:\Users\Cassovel\AppData\Local\Symantec

2012-10-21 20:53 - 2012-10-21 20:53 - 01115152 ____A C:\Windows\Minidump\102112-45957-01.dmp

2012-10-18 16:39 - 2012-10-18 16:39 - 00000000 ____D C:\Users\Public\Documents\CrashDump

2012-10-18 16:28 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe

2012-10-18 16:01 - 2012-10-18 16:01 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log

2012-10-18 16:00 - 2012-09-19 20:35 - 00203104 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys

2012-10-18 16:00 - 2012-09-19 20:35 - 00102368 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys

2012-10-10 10:02 - 2012-08-31 10:19 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys

2012-10-10 10:02 - 2012-08-30 10:03 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

2012-10-10 10:02 - 2012-08-30 09:12 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2012-10-10 10:02 - 2012-08-30 09:12 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2012-10-10 10:02 - 2012-08-20 10:48 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll

2012-10-10 10:02 - 2012-08-20 10:48 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll

2012-10-10 10:02 - 2012-08-20 10:48 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll

2012-10-10 10:02 - 2012-08-20 10:48 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll

2012-10-10 10:02 - 2012-08-20 10:48 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll

2012-10-10 10:02 - 2012-08-20 10:48 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll

2012-10-10 10:02 - 2012-08-20 10:48 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll

2012-10-10 10:02 - 2012-08-20 10:46 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe

2012-10-10 10:02 - 2012-08-20 10:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 10:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 09:40 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2012-10-10 10:02 - 2012-08-20 09:38 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2012-10-10 10:02 - 2012-08-20 09:37 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2012-10-10 10:02 - 2012-08-20 09:37 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2012-10-10 10:02 - 2012-08-20 09:37 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2012-10-10 10:02 - 2012-08-20 09:32 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 09:32 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 07:38 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2012-10-10 10:02 - 2012-08-20 07:38 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2012-10-10 10:02 - 2012-08-20 07:33 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 07:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 07:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 07:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2012-10-10 10:01 - 2012-09-14 11:19 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll

2012-10-10 10:01 - 2012-09-14 10:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2012-10-10 10:01 - 2012-08-24 10:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll

2012-10-10 10:01 - 2012-08-24 08:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll

2012-10-10 10:01 - 2012-08-10 16:56 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll

2012-10-10 10:01 - 2012-08-10 15:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2012-10-10 10:01 - 2012-06-01 21:41 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll

2012-10-10 10:01 - 2012-06-01 21:41 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll

2012-10-10 10:01 - 2012-06-01 21:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll

2012-10-10 10:01 - 2012-06-01 20:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2012-10-10 10:01 - 2012-06-01 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll

2012-10-10 10:01 - 2012-06-01 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

==================== 3 Months Modified Files ==================

2012-11-03 01:18 - 2012-11-03 01:17 - 00002951 ____A C:\Users\Cassovel\Desktop\Result.txt

2012-11-03 01:13 - 2012-11-03 01:13 - 00003043 ____A C:\Users\Cassovel\Desktop\RKreport[1].txt

2012-11-03 00:54 - 2012-11-03 00:53 - 00031950 ____A C:\Users\Cassovel\Desktop\dds.txt

2012-11-03 00:54 - 2012-11-03 00:53 - 00019199 ____A C:\Users\Cassovel\Desktop\attach.txt

2012-10-28 23:43 - 2012-10-28 23:43 - 00090790 ____A C:\Users\Cassovel\Desktop\Entry.aspx.htm

2012-10-26 20:15 - 2012-10-26 20:15 - 00275336 ____A C:\Windows\Minidump\102612-36987-01.dmp

2012-10-26 20:15 - 2010-06-24 09:29 - 01311227 ____A C:\Windows\WindowsUpdate.log

2012-10-26 20:15 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-10-26 20:15 - 2009-07-13 20:51 - 00065163 ____A C:\Windows\setupact.log

2012-10-26 20:14 - 2011-07-17 23:17 - 594894212 ____A C:\Windows\MEMORY.DMP

2012-10-26 20:14 - 2010-08-17 05:22 - 00126562 ____A C:\Windows\PFRO.log

2012-10-26 19:49 - 2012-10-26 19:49 - 00275336 ____A C:\Windows\Minidump\102612-39234-01.dmp

2012-10-26 19:49 - 2010-08-16 17:30 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2012-10-21 21:05 - 2011-08-26 10:43 - 00000920 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-411804229-1992954851-3435353238-1001UA.job

2012-10-21 21:01 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-10-21 21:01 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-10-21 21:00 - 2009-07-13 21:13 - 00730512 ____A C:\Windows\System32\PerfStringBackup.INI

2012-10-21 20:58 - 2010-08-16 17:30 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2012-10-21 20:53 - 2012-10-21 20:53 - 01115152 ____A C:\Windows\Minidump\102112-45957-01.dmp

2012-10-18 16:27 - 2012-08-20 01:30 - 00000344 ____A C:\Windows\Tasks\HPCeeScheduleForCassovel.job

2012-10-18 15:30 - 2011-08-26 10:43 - 00000868 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-411804229-1992954851-3435353238-1001Core.job

2012-10-18 15:26 - 2012-04-29 11:51 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-10-12 21:06 - 2010-11-13 22:10 - 00000408 ___AH C:\Windows\Tasks\Norton Security Scan for Cassovel.job

2012-10-11 05:06 - 2010-08-21 14:09 - 65309168 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-10-11 05:05 - 2011-04-11 09:55 - 00002376 ____A C:\Users\Public\Desktop\Google Chrome.lnk

2012-10-08 17:26 - 2012-04-29 11:51 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-10-08 17:26 - 2011-05-23 17:26 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-10-03 05:01 - 2011-05-22 19:38 - 00001945 ____A C:\Windows\epplauncher.mif

2012-10-02 16:54 - 2010-08-15 15:32 - 00000544 ____A C:\Windows\Tasks\PCDRScheduledMaintenance.job

2012-10-02 15:49 - 2010-11-07 15:29 - 00023541 ____A C:\Windows\System32\lvcoinst.log

2012-09-27 12:29 - 2011-05-21 10:23 - 00174080 __ASH C:\Users\Cassovel\Desktop\Thumbs.db

2012-09-26 03:57 - 2011-03-18 01:06 - 00172032 ____A (Musiccity Co.Ltd.) C:\Windows\SysWOW64\muzapp.exe

2012-09-26 03:57 - 2011-03-18 01:06 - 00024576 ____A ((?)????) C:\Windows\SysWOW64\MASetupCleaner.exe

2012-09-19 20:35 - 2012-10-18 16:00 - 00203104 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys

2012-09-19 20:35 - 2012-10-18 16:00 - 00102368 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys

2012-09-18 12:47 - 2012-09-18 11:38 - 941387776 ____A C:\Users\Cassovel\Desktop\Food.Inc.XviD.AC3.MVGroup.org.avi

2012-09-14 11:19 - 2012-10-10 10:01 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll

2012-09-14 10:28 - 2012-10-10 10:01 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2012-08-31 10:19 - 2012-10-10 10:02 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys

2012-08-31 00:03 - 2012-08-31 00:03 - 00228768 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys

2012-08-31 00:03 - 2010-10-24 23:25 - 00128456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys

2012-08-30 10:03 - 2012-10-10 10:02 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

2012-08-30 09:12 - 2012-10-10 10:02 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2012-08-30 09:12 - 2012-10-10 10:02 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2012-08-27 02:11 - 2012-08-27 02:11 - 00033923 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.23

2012-08-27 02:11 - 2012-08-27 02:11 - 00033923 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.22

2012-08-27 02:11 - 2012-08-27 02:11 - 00033922 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.24

2012-08-27 02:11 - 2012-08-27 02:11 - 00033916 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.25

2012-08-27 02:11 - 2012-08-27 02:11 - 00033824 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.21

2012-08-27 02:11 - 2012-08-27 02:11 - 00033815 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.20

2012-08-27 02:11 - 2012-08-27 02:11 - 00033776 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.19

2012-08-27 02:11 - 2012-08-27 02:11 - 00033774 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.11

2012-08-27 02:11 - 2012-08-27 02:11 - 00033769 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.16

2012-08-27 02:11 - 2012-08-27 02:11 - 00033765 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.18

2012-08-27 02:11 - 2012-08-27 02:11 - 00033765 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.17

2012-08-27 02:11 - 2012-08-27 02:11 - 00033762 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.12

2012-08-27 02:11 - 2012-08-27 02:11 - 00033752 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.9

2012-08-27 02:11 - 2012-08-27 02:11 - 00033752 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.15

2012-08-27 02:11 - 2012-08-27 02:11 - 00033749 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.13

2012-08-27 02:11 - 2012-08-27 02:11 - 00033741 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.6

2012-08-27 02:11 - 2012-08-27 02:11 - 00033741 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.14

2012-08-27 02:11 - 2012-08-27 02:11 - 00033736 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.10

2012-08-27 02:11 - 2012-08-27 02:11 - 00033726 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.7

2012-08-27 02:11 - 2012-08-27 02:11 - 00033724 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.8

2012-08-27 02:10 - 2012-08-27 02:11 - 00033837 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.5

2012-08-27 02:10 - 2012-08-27 02:10 - 00053472 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.4

2012-08-27 02:10 - 2012-08-27 02:10 - 00053472 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.0

2012-08-27 02:10 - 2012-08-27 02:10 - 00034034 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.3

2012-08-27 02:10 - 2012-08-27 02:10 - 00033387 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.1

2012-08-27 02:10 - 2012-08-27 02:10 - 00033106 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.2

2012-08-27 02:06 - 2012-08-27 02:06 - 01001264 ____A (Solid State Networks) C:\Users\Cassovel\Downloads\install_flashplayer11x32ax_mssa_au_aih.exe

2012-08-27 02:05 - 2012-08-27 02:05 - 00001705 ____A C:\Users\Cassovel\Desktop\Google Drive.lnk

2012-08-27 00:45 - 2012-08-27 00:45 - 00001915 ____A C:\Users\Public\Desktop\Samsung Kies.lnk

2012-08-27 00:15 - 2011-04-25 14:26 - 00001136 ____A C:\Users\Public\Desktop\Samsung Kies mini.lnk

2012-08-25 14:56 - 2012-01-25 06:38 - 00001976 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk

2012-08-24 10:05 - 2012-10-10 10:01 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll

2012-08-24 08:57 - 2012-10-10 10:01 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll

2012-08-24 03:15 - 2012-09-23 05:00 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-08-24 02:39 - 2012-09-23 05:00 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-08-24 02:31 - 2012-09-23 05:00 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-08-24 02:22 - 2012-09-23 05:00 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-08-24 02:21 - 2012-09-23 05:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-08-24 02:20 - 2012-09-23 05:00 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-08-24 02:18 - 2012-09-23 05:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-08-24 02:17 - 2012-09-23 05:00 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-08-24 02:14 - 2012-09-23 05:00 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-08-24 02:14 - 2012-09-23 05:00 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-08-24 02:13 - 2012-09-23 05:00 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2012-08-24 02:12 - 2012-09-23 05:00 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-08-24 02:11 - 2012-09-23 05:00 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2012-08-24 02:10 - 2012-09-23 05:00 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-08-24 02:09 - 2012-09-23 05:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-08-24 02:04 - 2012-09-23 05:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-08-24 00:09 - 2012-08-24 00:08 - 00265600 ____A C:\Windows\Minidump\082312-123412-01.dmp

2012-08-23 23:27 - 2012-09-23 05:00 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-08-23 23:03 - 2012-09-23 05:00 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-08-23 22:59 - 2012-09-23 05:00 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-08-23 22:51 - 2012-09-23 05:00 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-08-23 22:51 - 2012-09-23 05:00 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-08-23 22:51 - 2012-09-23 05:00 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-08-23 22:49 - 2012-09-23 05:00 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-08-23 22:48 - 2012-09-23 05:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-08-23 22:47 - 2012-09-23 05:00 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-08-23 22:47 - 2012-09-23 05:00 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2012-08-23 22:47 - 2012-09-23 05:00 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-08-23 22:45 - 2012-09-23 05:00 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2012-08-23 22:44 - 2012-09-23 05:00 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-08-23 22:44 - 2012-09-23 05:00 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-08-23 22:43 - 2012-09-23 05:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-08-23 22:40 - 2012-09-23 05:00 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-08-23 05:18 - 2009-07-13 20:45 - 00431064 ____A C:\Windows\System32\FNTCACHE.DAT

2012-08-22 10:12 - 2012-09-15 15:51 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

2012-08-22 10:12 - 2012-09-15 15:51 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys

2012-08-22 10:12 - 2012-09-15 15:51 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys

2012-08-22 10:12 - 2012-09-15 15:51 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS

2012-08-21 13:01 - 2012-09-25 13:40 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe

2012-08-20 23:06 - 2010-11-17 20:35 - 00116896 ____A C:\Users\Cassovel\AppData\Local\GDIPFONTCACHEV1.DAT

2012-08-20 10:48 - 2012-10-10 10:02 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll

2012-08-20 10:48 - 2012-10-10 10:02 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll

2012-08-20 10:48 - 2012-10-10 10:02 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll

2012-08-20 10:48 - 2012-10-10 10:02 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll

2012-08-20 10:48 - 2012-10-10 10:02 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll

2012-08-20 10:48 - 2012-10-10 10:02 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll

2012-08-20 10:48 - 2012-10-10 10:02 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll

2012-08-20 10:46 - 2012-10-10 10:02 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe

2012-08-20 10:38 - 2012-10-10 10:02 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 10:02 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 10:02 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 10:02 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 10:02 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 10:02 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 10:02 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 10:02 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll

2012-08-20 09:40 - 2012-10-10 10:02 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2012-08-20 09:38 - 2012-10-10 10:02 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2012-08-20 09:37 - 2012-10-10 10:02 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2012-08-20 09:37 - 2012-10-10 10:02 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2012-08-20 09:37 - 2012-10-10 10:02 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2012-08-20 09:32 - 2012-10-10 10:02 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2012-08-20 09:32 - 2012-10-10 10:02 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2012-08-20 09:32 - 2012-10-10 10:02 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2012-08-20 09:32 - 2012-10-10 10:02 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2012-08-20 09:32 - 2012-10-10 10:02 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2012-08-20 09:32 - 2012-10-10 10:02 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2012-08-20 09:32 - 2012-10-10 10:02 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2012-08-20 09:32 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2012-08-20 09:32 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2012-08-20 09:32 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2012-08-20 09:32 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2012-08-20 09:32 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2012-08-20 09:32 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2012-08-20 07:38 - 2012-10-10 10:02 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2012-08-20 07:38 - 2012-10-10 10:02 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2012-08-20 07:33 - 2012-10-10 10:02 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2012-08-20 07:33 - 2012-10-10 10:02 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2012-08-20 07:33 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2012-08-20 07:33 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2012-08-20 03:37 - 2012-08-20 03:37 - 00001859 ____A C:\Users\Cassovel\Desktop\Install ApproveIt Desktop.lnk

2012-08-20 02:47 - 2012-08-20 02:44 - 40046905 ____A C:\Users\Cassovel\Documents\AC62_AFR_Home_Use.zip

2012-08-20 02:04 - 2012-08-20 01:59 - 71935640 ____A (IBM ) C:\Users\Cassovel\Documents\Viewer_DSig_3.5.1.333.exe

2012-08-20 01:57 - 2012-08-20 01:55 - 27386256 ____A ( ) C:\Users\Cassovel\Documents\AdbeRdr930_en_US.exe

2012-08-19 22:01 - 2012-08-19 21:58 - 32886524 ____A C:\Users\Cassovel\Downloads\ActivClient62.zip

2012-08-19 21:56 - 2012-08-19 21:56 - 00138403 ____A C:\Users\Cassovel\Downloads\InstallRoot_v3.15A.zip

2012-08-19 21:55 - 2012-08-19 21:55 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf

2012-08-10 16:56 - 2012-10-10 10:01 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll

2012-08-10 15:56 - 2012-10-10 10:01 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

ATTENTION: ========> Check for possible partition/boot infection:

C:\Windows\svchost.exe

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

TDL4: custom:26000022 <===== ATTENTION!

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-10-21 21:07:42

Restore point made on: 2012-10-26 15:44:18

Restore point made on: 2012-10-26 20:16:02

Restore point made on: 2012-10-26 20:45:39

==================== Memory info ===========================

Percentage of memory in use: 12%

Total physical RAM: 8151.08 MB

Available physical RAM: 7169.23 MB

Total Pagefile: 8149.23 MB

Available Pagefile: 7164.36 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: (HP) (Fixed) (Total:920.36 GB) (Free:778.93 GB) NTFS

2 Drive e: (FACTORY_IMAGE) (Fixed) (Total:11.06 GB) (Free:1.59 GB) NTFS ==>[system with boot components (obtained from reading drive)]

4 Drive g: (WDO_MEDIA64) (Removable) (Total:3.77 GB) (Free:3.76 GB) FAT32

9 Drive x: (Boot) (Fixed) (Total:0.08 GB) (Free:0.07 GB) NTFS

10 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]

ATTENTION: Malware custom entry on BCD on drive y: detected. Check for MBR/Partition infection.

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 931 GB 0 B

Disk 1 Online 3864 MB 0 B

Disk 2 No Media 0 B 0 B

Disk 3 No Media 0 B 0 B

Disk 4 No Media 0 B 0 B

Disk 5 No Media 0 B 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 100 MB 1024 KB

Partition 2 Primary 920 GB 101 MB

Partition 3 Primary 11 GB 920 GB

==================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 Y SYSTEM NTFS Partition 100 MB Healthy

=========================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C HP NTFS Partition 920 GB Healthy

=========================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 E FACTORY_IMA NTFS Partition 11 GB Healthy

=========================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 3863 MB 31 KB

==================================================================================

Disk: 1

Partition 1

Type : 0B

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 G WDO_MEDIA64 FAT32 Removable 3863 MB Healthy

=========================================================

Last Boot: 2012-11-02 19:18

==================== End Of Log =============================

Link to post
Share on other sites

Open Notepad (Start => All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open Notepad and select Paste). Save it on the flashdrive as fixlist.txt

start

HKU\Cassovel\...\Run: [bdfccfbdceeddct] "C:\ProgramData\bdfccfbdceeddct.exe" [x]

C:\ProgramData\bdfccfbdceeddct.exe

C:\Windows\svchost.exe

cmd: bootrec /FixMbr

end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.

Link to post
Share on other sites

<p>ok here is the fixlog.txt:</p>

<p> </p>

<p> </p>

<div>Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-10-2012</div>

<div>Ran by SYSTEM at 2012-11-05 14:30:07 Run:1</div>

<div>Running from H:\</div>

<div> </div>

<div>==============================================</div>

<div> </div>

<div>HKEY_USERS\Cassovel\Software\Microsoft\Windows\CurrentVersion\Run\\bdfccfbdceeddct Value deleted successfully.</div>

<div>C:\ProgramData\bdfccfbdceeddct.exe not found.</div>

<div>C:\Windows\svchost.exe moved successfully.</div>

<div> </div>

<div>=========  bootrec /FixMbr =========</div>

<div> </div>

<div>ÿþT h e   o p e r a t i o n   c o m p l e t e d   s u c c e s s f u l l y . </div>

<div> </div>

<div>========= End of CMD: =========</div>

<div> </div>

<div> </div>

<div>==== End of Fixlog ====</div>

Link to post
Share on other sites

Not sure why it is doing the HTML looking code on the fixlog post but here it is again

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-10-2012

Ran by SYSTEM at 2012-11-05 14:30:07 Run:1

Running from H:\

==============================================

HKEY_USERS\Cassovel\Software\Microsoft\Windows\CurrentVersion\Run\\bdfccfbdceeddct Value deleted successfully.

C:\ProgramData\bdfccfbdceeddct.exe not found.

C:\Windows\svchost.exe moved successfully.

========= bootrec /FixMbr =========

ÿþT h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y .

========= End of CMD: =========

==== End of Fixlog ====

Link to post
Share on other sites

<p>New FRST.txt:</p>

<p> </p>

<p> </p>

<div>Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-10-2012 (ATTENTION: FRST version is 7 days old)</div>

<div>Ran by SYSTEM at 06-11-2012 11:02:18</div>

<div>Running from G:\</div>

<div>Windows 7 Home Premium   (X64) OS Language: English(US) </div>

<div>The current controlset is ControlSet001</div>

<div> </div>

<div>==================== Registry (Whitelisted) ===================</div>

<div> </div>

<div>HKLM\...\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-16] (PC-Doctor, Inc.)</div>

<div>HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1289704 2012-09-12] (Microsoft Corporation)</div>

<div>HKLM\...\Run: [acevents] "C:\Program Files\ActivIdentity\ActivClient\acevents.exe" [197272 2012-06-21] (ActivIdentity)</div>

<div>HKLM\...\Run: []  [x]</div>

<div>HKLM\...\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe" [491160 2012-06-21] (ActivIdentity)</div>

<div>HKLM-x32\...\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)</div>

<div>HKLM-x32\...\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [x]</div>

<div>HKLM-x32\...\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)</div>

<div>HKLM-x32\...\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)</div>

<div>HKLM-x32\...\Run: []  [x]</div>

<div>HKLM-x32\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED [600936 2009-06-29] (Symantec Corporation)</div>

<div>HKLM-x32\...\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)</div>

<div>HKLM-x32\...\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [165208 2010-05-07] (Logitech Inc.)</div>

<div>HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-10-01] (Advanced Micro Devices, Inc.)</div>

<div>HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)</div>

<div>HKLM-x32\...\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)</div>

<div>HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)</div>

<div>HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)</div>

<div>HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)</div>

<div>HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated)</div>

<div>HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated)</div>

<div>HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)</div>

<div>HKLM-x32\...\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [309688 2012-10-10] (Samsung Electronics Co., Ltd.)</div>

<div>HKU\Cassovel\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-08-16] (Google Inc.)</div>

<div>HKU\Cassovel\...\Run: [Google Update] "C:\Users\Cassovel\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-08-05] (Google Inc.)</div>

<div>HKU\Cassovel\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)</div>

<div>HKU\Cassovel\...\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload [966072 2012-10-10] (Samsung)</div>

<div>HKU\Cassovel\...\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup [580096 2012-10-08] (Samsung Electronics)</div>

<div>HKU\Cassovel\...\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [842680 2012-10-10] (Samsung)</div>

<div>HKU\Cassovel\...\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart [15668432 2012-09-06] (Google)</div>

<div>HKU\Cassovel\...\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [842680 2012-10-10] (Samsung)</div>

<div>HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1685048 2009-09-29] (Hewlett-Packard)</div>

<div>HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1685048 2009-09-29] (Hewlett-Packard)</div>

<div>HKLM\...\Runonce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [x]</div>

<div>HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)</div>

<div>Tcpip\Parameters: [DhcpNameServer] 192.168.0.1</div>

<div>Startup: C:\Users\All Users\Start Menu\Programs\Startup\ActivClient Agent.lnk</div>

<div>ShortcutTarget: ActivClient Agent.lnk -> C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)</div>

<div>Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk</div>

<div>ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)</div>

<div>Startup: C:\Users\All Users\Start Menu\Programs\Startup\PictureMover.lnk</div>

<div>ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)</div>

<div> </div>

<div>==================== Services (Whitelisted) ===================</div>

<div> </div>

<div>2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277656 2012-06-21] (ActivIdentity)</div>

<div>4 D-Link SharePort Helper; "C:\Program Files\D-Link\SharePort Utility\Spnuhelper.exe" /service [49152 2011-04-12] ()</div>

<div>2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22072 2012-09-12] (Microsoft Corporation)</div>

<div>2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\diMaster.dll" /prefetch:1 [135032 2010-04-29] (Symantec Corporation)</div>

<div>3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [368896 2012-09-12] (Microsoft Corporation)</div>

<div> </div>

<div>==================== Drivers (Whitelisted) =====================</div>

<div> </div>

<div>1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20120928.001\BHDrvx64.sys [1385120 2012-08-31] (Symantec Corporation)</div>

<div>1 ccHP; C:\Windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys [593544 2011-08-03] (Symantec Corporation)</div>

<div>3 dgderdrv; C:\Windows\System32\Drivers\dgderdrv.sys [20552 2010-09-15] (Devguru Co., Ltd)</div>

<div>3 dgderdrv; C:\Windows\SysWow64\Drivers\dgderdrv.sys [20032 2011-03-29] (Devguru Co., Ltd)</div>

<div>1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-19] (Symantec Corporation)</div>

<div>3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-19] (Symantec Corporation)</div>

<div>1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20121017.001\IDSvia64.sys [513184 2012-08-31] (Symantec Corporation)</div>

<div>3 LVPr2M64; C:\Windows\System32\Drivers\LVPr2M64.sys [30304 2010-05-07] ()</div>

<div>3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()</div>

<div>0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [228768 2012-08-31] (Microsoft Corporation)</div>

<div>2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-31] (Microsoft Corporation)</div>

<div>1 SRTSP; C:\Windows\System32\Drivers\NISx64\1109000.00C\SRTSP64.SYS [505392 2010-04-21] (Symantec Corporation)</div>

<div>1 SRTSPX; C:\Windows\system32\drivers\NISx64\1109000.00C\SRTSPX64.SYS [32304 2010-04-21] (Symantec Corporation)</div>

<div>2 sxuptp; C:\Windows\System32\Drivers\sxuptp.sys [291336 2011-04-12] (silex technology, Inc.)</div>

<div>0 SymDS; C:\Windows\System32\drivers\NISx64\1109000.00C\SYMDS64.SYS [433200 2009-08-29] (Symantec Corporation)</div>

<div>0 SymEFA; C:\Windows\System32\drivers\NISx64\1109000.00C\SYMEFA64.SYS [221304 2011-08-21] (Symantec Corporation)</div>

<div>3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [173104 2010-08-15] (Symantec Corporation)</div>

<div>1 SymIRON; C:\Windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS [150064 2010-04-28] (Symantec Corporation)</div>

<div>1 SYMTDIv; C:\Windows\System32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS [451704 2011-08-21] (Symantec Corporation)</div>

<div>2 {55662437-DA8C-40c0-AADA-2C816A897A49}; \??\c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2009-09-17] (CyberLink Corp.)</div>

<div>3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20121020.007\ENG64.SYS [x]</div>

<div>3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20121020.007\EX64.SYS [x]</div>

<div> </div>

<div>==================== NetSvcs (Whitelisted) ====================</div>

<div> </div>

<div> </div>

<div>==================== One Month Created Files and Folders ========</div>

<div> </div>

<div>2012-11-04 11:34 - 2012-11-04 11:34 - 00000000 ____D C:\Windows\Microsoft Antimalware</div>

<div>2012-11-03 01:17 - 2012-11-03 01:18 - 00002951 ____A C:\Users\Cassovel\Desktop\Result.txt</div>

<div>2012-11-03 01:13 - 2012-11-03 01:13 - 00003043 ____A C:\Users\Cassovel\Desktop\RKreport[1].txt</div>

<div>2012-11-03 01:12 - 2012-11-03 01:13 - 00000000 ____D C:\Users\Cassovel\Desktop\RK_Quarantine</div>

<div>2012-11-03 00:53 - 2012-11-03 00:54 - 00031950 ____A C:\Users\Cassovel\Desktop\dds.txt</div>

<div>2012-11-03 00:53 - 2012-11-03 00:54 - 00019199 ____A C:\Users\Cassovel\Desktop\attach.txt</div>

<div>2012-10-29 13:41 - 2012-10-29 13:41 - 00000000 ____D C:\Users\All Users\Windows Genuine Advantage</div>

<div>2012-10-28 23:43 - 2012-11-03 09:45 - 00000000 ____D C:\Users\Cassovel\Desktop\Entry.aspx_files</div>

<div>2012-10-28 23:43 - 2012-10-28 23:43 - 00090790 ____A C:\Users\Cassovel\Desktop\Entry.aspx.htm</div>

<div>2012-10-26 20:52 - 2012-10-26 20:52 - 00000000 ____D C:\Users\Cassovel\AppData\Roaming\Malwarebytes</div>

<div>2012-10-26 20:51 - 2012-11-03 09:45 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware</div>

<div>2012-10-26 20:51 - 2012-10-26 20:51 - 00000000 ____D C:\Users\All Users\Malwarebytes</div>

<div>2012-10-26 20:19 - 2012-10-26 20:19 - 00000000 ____D C:\Windows\Sun</div>

<div>2012-10-26 20:15 - 2012-10-26 20:15 - 00275336 ____A C:\Windows\Minidump\102612-36987-01.dmp</div>

<div>2012-10-26 19:49 - 2012-10-26 19:49 - 00275336 ____A C:\Windows\Minidump\102612-39234-01.dmp</div>

<div>2012-10-22 04:25 - 2012-10-22 04:25 - 00000000 ____D C:\Users\Cassovel\AppData\Roaming\Tific</div>

<div>2012-10-22 04:25 - 2012-10-22 04:25 - 00000000 ____D C:\Users\Cassovel\AppData\Local\Symantec</div>

<div>2012-10-21 20:53 - 2012-10-21 20:53 - 01115152 ____A C:\Windows\Minidump\102112-45957-01.dmp</div>

<div>2012-10-18 16:39 - 2012-10-18 16:39 - 00000000 ____D C:\Users\Public\Documents\CrashDump</div>

<div>2012-10-18 16:01 - 2012-10-18 16:01 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log</div>

<div>2012-10-18 16:00 - 2012-09-19 20:35 - 00203104 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys</div>

<div>2012-10-18 16:00 - 2012-09-19 20:35 - 00102368 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys</div>

<div>2012-10-10 10:02 - 2012-08-31 10:19 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys</div>

<div>2012-10-10 10:02 - 2012-08-30 10:03 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe</div>

<div>2012-10-10 10:02 - 2012-08-30 09:12 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe</div>

<div>2012-10-10 10:02 - 2012-08-30 09:12 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe</div>

<div>2012-10-10 10:02 - 2012-08-20 10:48 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 10:48 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 10:48 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 10:48 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 10:48 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 10:48 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 10:48 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 10:46 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe</div>

<div>2012-10-10 10:02 - 2012-08-20 10:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 10:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 09:40 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 09:38 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe</div>

<div>2012-10-10 10:02 - 2012-08-20 09:37 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 09:37 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 09:37 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 09:32 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 09:32 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 07:38 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe</div>

<div>2012-10-10 10:02 - 2012-08-20 07:38 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe</div>

<div>2012-10-10 10:02 - 2012-08-20 07:33 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 07:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 07:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 07:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll</div>

<div>2012-10-10 10:01 - 2012-09-14 11:19 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll</div>

<div>2012-10-10 10:01 - 2012-09-14 10:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll</div>

<div>2012-10-10 10:01 - 2012-08-24 10:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll</div>

<div>2012-10-10 10:01 - 2012-08-24 08:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll</div>

<div>2012-10-10 10:01 - 2012-08-10 16:56 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll</div>

<div>2012-10-10 10:01 - 2012-08-10 15:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll</div>

<div>2012-10-10 10:01 - 2012-06-01 21:41 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll</div>

<div>2012-10-10 10:01 - 2012-06-01 21:41 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll</div>

<div>2012-10-10 10:01 - 2012-06-01 21:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll</div>

<div>2012-10-10 10:01 - 2012-06-01 20:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll</div>

<div>2012-10-10 10:01 - 2012-06-01 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll</div>

<div>2012-10-10 10:01 - 2012-06-01 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll</div>

<div> </div>

<div> </div>

<div>==================== 3 Months Modified Files ==================</div>

<div> </div>

<div>2012-11-03 01:18 - 2012-11-03 01:17 - 00002951 ____A C:\Users\Cassovel\Desktop\Result.txt</div>

<div>2012-11-03 01:13 - 2012-11-03 01:13 - 00003043 ____A C:\Users\Cassovel\Desktop\RKreport[1].txt</div>

<div>2012-11-03 00:54 - 2012-11-03 00:53 - 00031950 ____A C:\Users\Cassovel\Desktop\dds.txt</div>

<div>2012-11-03 00:54 - 2012-11-03 00:53 - 00019199 ____A C:\Users\Cassovel\Desktop\attach.txt</div>

<div>2012-10-28 23:43 - 2012-10-28 23:43 - 00090790 ____A C:\Users\Cassovel\Desktop\Entry.aspx.htm</div>

<div>2012-10-26 20:15 - 2012-10-26 20:15 - 00275336 ____A C:\Windows\Minidump\102612-36987-01.dmp</div>

<div>2012-10-26 20:15 - 2010-06-24 09:29 - 01311227 ____A C:\Windows\WindowsUpdate.log</div>

<div>2012-10-26 20:15 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT</div>

<div>2012-10-26 20:15 - 2009-07-13 20:51 - 00065163 ____A C:\Windows\setupact.log</div>

<div>2012-10-26 20:14 - 2011-07-17 23:17 - 594894212 ____A C:\Windows\MEMORY.DMP</div>

<div>2012-10-26 20:14 - 2010-08-17 05:22 - 00126562 ____A C:\Windows\PFRO.log</div>

<div>2012-10-26 19:49 - 2012-10-26 19:49 - 00275336 ____A C:\Windows\Minidump\102612-39234-01.dmp</div>

<div>2012-10-26 19:49 - 2010-08-16 17:30 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job</div>

<div>2012-10-21 21:05 - 2011-08-26 10:43 - 00000920 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-411804229-1992954851-3435353238-1001UA.job</div>

<div>2012-10-21 21:01 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</div>

<div>2012-10-21 21:01 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</div>

<div>2012-10-21 21:00 - 2009-07-13 21:13 - 00730512 ____A C:\Windows\System32\PerfStringBackup.INI</div>

<div>2012-10-21 20:58 - 2010-08-16 17:30 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job</div>

<div>2012-10-21 20:53 - 2012-10-21 20:53 - 01115152 ____A C:\Windows\Minidump\102112-45957-01.dmp</div>

<div>2012-10-18 16:27 - 2012-08-20 01:30 - 00000344 ____A C:\Windows\Tasks\HPCeeScheduleForCassovel.job</div>

<div>2012-10-18 15:30 - 2011-08-26 10:43 - 00000868 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-411804229-1992954851-3435353238-1001Core.job</div>

<div>2012-10-18 15:26 - 2012-04-29 11:51 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job</div>

<div>2012-10-12 21:06 - 2010-11-13 22:10 - 00000408 ___AH C:\Windows\Tasks\Norton Security Scan for Cassovel.job</div>

<div>2012-10-11 05:06 - 2010-08-21 14:09 - 65309168 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe</div>

<div>2012-10-11 05:05 - 2011-04-11 09:55 - 00002376 ____A C:\Users\Public\Desktop\Google Chrome.lnk</div>

<div>2012-10-08 17:26 - 2012-04-29 11:51 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe</div>

<div>2012-10-08 17:26 - 2011-05-23 17:26 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl</div>

<div>2012-10-03 05:01 - 2011-05-22 19:38 - 00001945 ____A C:\Windows\epplauncher.mif</div>

<div>2012-10-02 16:54 - 2010-08-15 15:32 - 00000544 ____A C:\Windows\Tasks\PCDRScheduledMaintenance.job</div>

<div>2012-10-02 15:49 - 2010-11-07 15:29 - 00023541 ____A C:\Windows\System32\lvcoinst.log</div>

<div>2012-09-27 12:29 - 2011-05-21 10:23 - 00174080 __ASH C:\Users\Cassovel\Desktop\Thumbs.db</div>

<div>2012-09-26 03:57 - 2011-03-18 01:06 - 00172032 ____A (Musiccity Co.Ltd.) C:\Windows\SysWOW64\muzapp.exe</div>

<div>2012-09-26 03:57 - 2011-03-18 01:06 - 00024576 ____A ((?)????) C:\Windows\SysWOW64\MASetupCleaner.exe</div>

<div>2012-09-19 20:35 - 2012-10-18 16:00 - 00203104 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys</div>

<div>2012-09-19 20:35 - 2012-10-18 16:00 - 00102368 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys</div>

<div>2012-09-18 12:47 - 2012-09-18 11:38 - 941387776 ____A C:\Users\Cassovel\Desktop\Food.Inc.XviD.AC3.MVGroup.org.avi</div>

<div>2012-09-14 11:19 - 2012-10-10 10:01 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll</div>

<div>2012-09-14 10:28 - 2012-10-10 10:01 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll</div>

<div>2012-08-31 10:19 - 2012-10-10 10:02 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys</div>

<div>2012-08-31 00:03 - 2012-08-31 00:03 - 00228768 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys</div>

<div>2012-08-31 00:03 - 2010-10-24 23:25 - 00128456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys</div>

<div>2012-08-30 10:03 - 2012-10-10 10:02 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe</div>

<div>2012-08-30 09:12 - 2012-10-10 10:02 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe</div>

<div>2012-08-30 09:12 - 2012-10-10 10:02 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe</div>

<div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033923 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.23</div>

<div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033923 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.22</div>

<div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033922 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.24</div>

<div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033916 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.25</div>

<div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033824 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.21</div>

<div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033815 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.20</div>

<div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033776 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.19</div>

<div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033774 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.11</div>

<div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033769 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.16</div>

<div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033765 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.18</div>

<div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033765 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.17</div>

<div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033762 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.12</div>

<div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033752 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.9</div>

<div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033752 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.15</div>

<div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033749 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.13</div>

<div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033741 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.6</div>

<div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033741 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.14</div>

<div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033736 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.10</div>

<div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033726 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.7</div>

<div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033724 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.8</div>

<div>2012-08-27 02:10 - 2012-08-27 02:11 - 00033837 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.5</div>

<div>2012-08-27 02:10 - 2012-08-27 02:10 - 00053472 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.4</div>

<div>2012-08-27 02:10 - 2012-08-27 02:10 - 00053472 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.0</div>

<div>2012-08-27 02:10 - 2012-08-27 02:10 - 00034034 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.3</div>

<div>2012-08-27 02:10 - 2012-08-27 02:10 - 00033387 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.1</div>

<div>2012-08-27 02:10 - 2012-08-27 02:10 - 00033106 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.2</div>

<div>2012-08-27 02:06 - 2012-08-27 02:06 - 01001264 ____A (Solid State Networks) C:\Users\Cassovel\Downloads\install_flashplayer11x32ax_mssa_au_aih.exe</div>

<div>2012-08-27 02:05 - 2012-08-27 02:05 - 00001705 ____A C:\Users\Cassovel\Desktop\Google Drive.lnk</div>

<div>2012-08-27 00:45 - 2012-08-27 00:45 - 00001915 ____A C:\Users\Public\Desktop\Samsung Kies.lnk</div>

<div>2012-08-27 00:15 - 2011-04-25 14:26 - 00001136 ____A C:\Users\Public\Desktop\Samsung Kies mini.lnk</div>

<div>2012-08-25 14:56 - 2012-01-25 06:38 - 00001976 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk</div>

<div>2012-08-24 10:05 - 2012-10-10 10:01 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll</div>

<div>2012-08-24 08:57 - 2012-10-10 10:01 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll</div>

<div>2012-08-24 03:15 - 2012-09-23 05:00 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll</div>

<div>2012-08-24 02:39 - 2012-09-23 05:00 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll</div>

<div>2012-08-24 02:31 - 2012-09-23 05:00 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll</div>

<div>2012-08-24 02:22 - 2012-09-23 05:00 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll</div>

<div>2012-08-24 02:21 - 2012-09-23 05:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll</div>

<div>2012-08-24 02:20 - 2012-09-23 05:00 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl</div>

<div>2012-08-24 02:18 - 2012-09-23 05:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll</div>

<div>2012-08-24 02:17 - 2012-09-23 05:00 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll</div>

<div>2012-08-24 02:14 - 2012-09-23 05:00 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll</div>

<div>2012-08-24 02:14 - 2012-09-23 05:00 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe</div>

<div>2012-08-24 02:13 - 2012-09-23 05:00 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll</div>

<div>2012-08-24 02:12 - 2012-09-23 05:00 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll</div>

<div>2012-08-24 02:11 - 2012-09-23 05:00 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll</div>

<div>2012-08-24 02:10 - 2012-09-23 05:00 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll</div>

<div>2012-08-24 02:09 - 2012-09-23 05:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb</div>

<div>2012-08-24 02:04 - 2012-09-23 05:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll</div>

<div>2012-08-24 00:09 - 2012-08-24 00:08 - 00265600 ____A C:\Windows\Minidump\082312-123412-01.dmp</div>

<div>2012-08-23 23:27 - 2012-09-23 05:00 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll</div>

<div>2012-08-23 23:03 - 2012-09-23 05:00 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll</div>

<div>2012-08-23 22:59 - 2012-09-23 05:00 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll</div>

<div>2012-08-23 22:51 - 2012-09-23 05:00 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl</div>

<div>2012-08-23 22:51 - 2012-09-23 05:00 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll</div>

<div>2012-08-23 22:51 - 2012-09-23 05:00 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll</div>

<div>2012-08-23 22:49 - 2012-09-23 05:00 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll</div>

<div>2012-08-23 22:48 - 2012-09-23 05:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll</div>

<div>2012-08-23 22:47 - 2012-09-23 05:00 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll</div>

<div>2012-08-23 22:47 - 2012-09-23 05:00 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll</div>

<div>2012-08-23 22:47 - 2012-09-23 05:00 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe</div>

<div>2012-08-23 22:45 - 2012-09-23 05:00 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll</div>

<div>2012-08-23 22:44 - 2012-09-23 05:00 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll</div>

<div>2012-08-23 22:44 - 2012-09-23 05:00 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll</div>

<div>2012-08-23 22:43 - 2012-09-23 05:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb</div>

<div>2012-08-23 22:40 - 2012-09-23 05:00 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll</div>

<div>2012-08-23 05:18 - 2009-07-13 20:45 - 00431064 ____A C:\Windows\System32\FNTCACHE.DAT</div>

<div>2012-08-22 10:12 - 2012-09-15 15:51 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys</div>

<div>2012-08-22 10:12 - 2012-09-15 15:51 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys</div>

<div>2012-08-22 10:12 - 2012-09-15 15:51 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys</div>

<div>2012-08-22 10:12 - 2012-09-15 15:51 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS</div>

<div>2012-08-21 13:01 - 2012-09-25 13:40 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe</div>

<div>2012-08-20 23:06 - 2010-11-17 20:35 - 00116896 ____A C:\Users\Cassovel\AppData\Local\GDIPFONTCACHEV1.DAT</div>

<div>2012-08-20 10:48 - 2012-10-10 10:02 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll</div>

<div>2012-08-20 10:48 - 2012-10-10 10:02 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll</div>

<div>2012-08-20 10:48 - 2012-10-10 10:02 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll</div>

<div>2012-08-20 10:48 - 2012-10-10 10:02 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll</div>

<div>2012-08-20 10:48 - 2012-10-10 10:02 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll</div>

<div>2012-08-20 10:48 - 2012-10-10 10:02 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll</div>

<div>2012-08-20 10:48 - 2012-10-10 10:02 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll</div>

<div>2012-08-20 10:46 - 2012-10-10 10:02 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe</div>

<div>2012-08-20 10:38 - 2012-10-10 10:02 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll</div>

<div>2012-08-20 10:38 - 2012-10-10 10:02 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll</div>

<div>2012-08-20 10:38 - 2012-10-10 10:02 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll</div>

<div>2012-08-20 10:38 - 2012-10-10 10:02 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll</div>

<div>2012-08-20 10:38 - 2012-10-10 10:02 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll</div>

<div>2012-08-20 10:38 - 2012-10-10 10:02 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll</div>

<div>2012-08-20 10:38 - 2012-10-10 10:02 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll</div>

<div>2012-08-20 10:38 - 2012-10-10 10:02 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll</div>

<div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll</div>

<div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll</div>

<div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll</div>

<div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll</div>

<div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll</div>

<div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll</div>

<div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll</div>

<div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll</div>

<div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll</div>

<div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll</div>

<div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll</div>

<div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll</div>

<div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll</div>

<div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll</div>

<div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll</div>

<div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll</div>

<div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll</div>

<div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll</div>

<div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll</div>

<div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll</div>

<div>2012-08-20 09:40 - 2012-10-10 10:02 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll</div>

<div>2012-08-20 09:38 - 2012-10-10 10:02 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe</div>

<div>2012-08-20 09:37 - 2012-10-10 10:02 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll</div>

<div>2012-08-20 09:37 - 2012-10-10 10:02 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll</div>

<div>2012-08-20 09:37 - 2012-10-10 10:02 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll</div>

<div>2012-08-20 09:32 - 2012-10-10 10:02 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll</div>

<div>2012-08-20 09:32 - 2012-10-10 10:02 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll</div>

<div>2012-08-20 09:32 - 2012-10-10 10:02 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll</div>

<div>2012-08-20 09:32 - 2012-10-10 10:02 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll</div>

<div>2012-08-20 09:32 - 2012-10-10 10:02 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll</div>

<div>2012-08-20 09:32 - 2012-10-10 10:02 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll</div>

<div>2012-08-20 09:32 - 2012-10-10 10:02 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll</div>

<div>2012-08-20 09:32 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll</div>

<div>2012-08-20 09:32 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll</div>

<div>2012-08-20 09:32 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll</div>

<div>2012-08-20 09:32 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll</div>

<div>2012-08-20 09:32 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll</div>

<div>2012-08-20 09:32 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll</div>

<div>2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll</div>

<div>2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll</div>

<div>2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll</div>

<div>2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll</div>

<div>2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll</div>

<div>2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll</div>

<div>2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll</div>

<div>2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll</div>

<div>2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll</div>

<div>2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll</div>

<div>2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll</div>

<div>2012-08-20 07:38 - 2012-10-10 10:02 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe</div>

<div>2012-08-20 07:38 - 2012-10-10 10:02 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe</div>

<div>2012-08-20 07:33 - 2012-10-10 10:02 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll</div>

<div>2012-08-20 07:33 - 2012-10-10 10:02 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll</div>

<div>2012-08-20 07:33 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll</div>

<div>2012-08-20 07:33 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll</div>

<div>2012-08-20 03:37 - 2012-08-20 03:37 - 00001859 ____A C:\Users\Cassovel\Desktop\Install ApproveIt Desktop.lnk</div>

<div>2012-08-20 02:47 - 2012-08-20 02:44 - 40046905 ____A C:\Users\Cassovel\Documents\AC62_AFR_Home_Use.zip</div>

<div>2012-08-20 02:04 - 2012-08-20 01:59 - 71935640 ____A (IBM                                                            ) C:\Users\Cassovel\Documents\Viewer_DSig_3.5.1.333.exe</div>

<div>2012-08-20 01:57 - 2012-08-20 01:55 - 27386256 ____A (                                   ) C:\Users\Cassovel\Documents\AdbeRdr930_en_US.exe</div>

<div>2012-08-19 22:01 - 2012-08-19 21:58 - 32886524 ____A C:\Users\Cassovel\Downloads\ActivClient62.zip</div>

<div>2012-08-19 21:56 - 2012-08-19 21:56 - 00138403 ____A C:\Users\Cassovel\Downloads\InstallRoot_v3.15A.zip</div>

<div>2012-08-19 21:55 - 2012-08-19 21:55 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf</div>

<div>2012-08-10 16:56 - 2012-10-10 10:01 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll</div>

<div>2012-08-10 15:56 - 2012-10-10 10:01 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll</div>

<div> </div>

<div>==================== Known DLLs (Whitelisted) =================</div>

<div> </div>

<div> </div>

<div>==================== Bamital & volsnap Check =================</div>

<div> </div>

<div>C:\Windows\System32\winlogon.exe => MD5 is legit</div>

<div>C:\Windows\System32\wininit.exe => MD5 is legit</div>

<div>C:\Windows\SysWOW64\wininit.exe => MD5 is legit</div>

<div>C:\Windows\explorer.exe => MD5 is legit</div>

<div>C:\Windows\SysWOW64\explorer.exe => MD5 is legit</div>

<div>C:\Windows\System32\svchost.exe => MD5 is legit</div>

<div>C:\Windows\SysWOW64\svchost.exe => MD5 is legit</div>

<div>C:\Windows\System32\services.exe => MD5 is legit</div>

<div>C:\Windows\System32\User32.dll => MD5 is legit</div>

<div>C:\Windows\SysWOW64\User32.dll => MD5 is legit</div>

<div>C:\Windows\System32\userinit.exe => MD5 is legit</div>

<div>C:\Windows\SysWOW64\userinit.exe => MD5 is legit</div>

<div>C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit</div>

<div> </div>

<div>TDL4: custom:26000022 <===== ATTENTION!</div>

<div> </div>

<div>==================== EXE ASSOCIATION =====================</div>

<div> </div>

<div>HKLM\...\.exe: exefile => OK</div>

<div>HKLM\...\exefile\DefaultIcon: %1 => OK</div>

<div>HKLM\...\exefile\open\command: "%1" %* => OK</div>

<div> </div>

<div>==================== Restore Points  =========================</div>

<div> </div>

<div>Restore point made on: 2012-10-21 21:07:42</div>

<div>Restore point made on: 2012-10-26 15:44:18</div>

<div>Restore point made on: 2012-10-26 20:16:02</div>

<div>Restore point made on: 2012-10-26 20:45:39</div>

<div> </div>

<div>==================== Memory info =========================== </div>

<div> </div>

<div>Percentage of memory in use: 11%</div>

<div>Total physical RAM: 8151.08 MB</div>

<div>Available physical RAM: 7173.25 MB</div>

<div>Total Pagefile: 8149.23 MB</div>

<div>Available Pagefile: 7166.5 MB</div>

<div>Total Virtual: 8192 MB</div>

<div>Available Virtual: 8191.91 MB</div>

<div> </div>

<div>==================== Partitions =============================</div>

<div> </div>

<div>1 Drive c: (HP) (Fixed) (Total:920.36 GB) (Free:778.93 GB) NTFS</div>

<div>2 Drive e: (FACTORY_IMAGE) (Fixed) (Total:11.06 GB) (Free:1.59 GB) NTFS ==>[system with boot components (obtained from reading drive)]</div>

<div>4 Drive g: (WDO_MEDIA64) (Removable) (Total:3.77 GB) (Free:3.76 GB) FAT32</div>

<div>9 Drive x: (Boot) (Fixed) (Total:0.08 GB) (Free:0.07 GB) NTFS</div>

<div>10 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]</div>

<div>ATTENTION: Malware custom entry on BCD on drive y: detected. Check for MBR/Partition infection.</div>

<div> </div>

<div>  Disk ###  Status         Size     Free     Dyn  Gpt</div>

<div>  --------  -------------  -------  -------  ---  ---</div>

<div>  Disk 0    Online          931 GB      0 B         </div>

<div>  Disk 1    Online         3864 MB      0 B         </div>

<div>  Disk 2    No Media           0 B      0 B         </div>

<div>  Disk 3    No Media           0 B      0 B         </div>

<div>  Disk 4    No Media           0 B      0 B         </div>

<div>  Disk 5    No Media           0 B      0 B         </div>

<div> </div>

<div>Partitions of Disk 0:</div>

<div>===============</div>

<div> </div>

<div>  Partition ###  Type              Size     Offset</div>

<div>  -------------  ----------------  -------  -------</div>

<div>  Partition 1    Primary            100 MB  1024 KB</div>

<div>  Partition 2    Primary            920 GB   101 MB</div>

<div>  Partition 3    Primary             11 GB   920 GB</div>

<div> </div>

<div>==================================================================================</div>

<div> </div>

<div>Disk: 0</div>

<div>Partition 1</div>

<div>Type  : 07</div>

<div>Hidden: No</div>

<div>Active: Yes</div>

<div> </div>

<div>  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info</div>

<div>  ----------  ---  -----------  -----  ----------  -------  ---------  --------</div>

<div>* Volume 1     Y   SYSTEM       NTFS   Partition    100 MB  Healthy            </div>

<div> </div>

<div>=========================================================</div>

<div> </div>

<div>Disk: 0</div>

<div>Partition 2</div>

<div>Type  : 07</div>

<div>Hidden: No</div>

<div>Active: No</div>

<div> </div>

<div>  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info</div>

<div>  ----------  ---  -----------  -----  ----------  -------  ---------  --------</div>

<div>* Volume 2     C   HP           NTFS   Partition    920 GB  Healthy            </div>

<div> </div>

<div>=========================================================</div>

<div> </div>

<div>Disk: 0</div>

<div>Partition 3</div>

<div>Type  : 07</div>

<div>Hidden: No</div>

<div>Active: No</div>

<div> </div>

<div>  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info</div>

<div>  ----------  ---  -----------  -----  ----------  -------  ---------  --------</div>

<div>* Volume 3     E   FACTORY_IMA  NTFS   Partition     11 GB  Healthy            </div>

<div> </div>

<div>=========================================================</div>

<div> </div>

<div>Partitions of Disk 1:</div>

<div>===============</div>

<div> </div>

<div>  Partition ###  Type              Size     Offset</div>

<div>  -------------  ----------------  -------  -------</div>

<div>  Partition 1    Primary           3863 MB    31 KB</div>

<div> </div>

<div>==================================================================================</div>

<div> </div>

<div>Disk: 1</div>

<div>Partition 1</div>

<div>Type  : 0B</div>

<div>Hidden: No</div>

<div>Active: Yes</div>

<div> </div>

<div>  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info</div>

<div>  ----------  ---  -----------  -----  ----------  -------  ---------  --------</div>

<div>* Volume 4     G   WDO_MEDIA64  FAT32  Removable   3863 MB  Healthy            </div>

<div> </div>

<div>=========================================================</div>

<div> </div>

<div>Last Boot: 2012-11-02 19:18</div>

<div> </div>

<div>==================== End Of Log =============================</div>

Link to post
Share on other sites

<p>HTML thing again...</p>

<p> </p>

<p> </p>

<div>Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-10-2012 (ATTENTION: FRST version is 7 days old)</div>

<div>Ran by SYSTEM at 06-11-2012 11:02:18</div>

<div>Running from G:\</div>

<div>Windows 7 Home Premium   (X64) OS Language: English(US) </div>

<div>The current controlset is ControlSet001</div>

<div> </div>

<div>==================== Registry (Whitelisted) ===================</div>

<div> </div>

<div>HKLM\...\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-16] (PC-Doctor, Inc.)</div>

<div>HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1289704 2012-09-12] (Microsoft Corporation)</div>

<div>HKLM\...\Run: [acevents] "C:\Program Files\ActivIdentity\ActivClient\acevents.exe" [197272 2012-06-21] (ActivIdentity)</div>

<div>HKLM\...\Run: []  [x]</div>

<div>HKLM\...\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe" [491160 2012-06-21] (ActivIdentity)</div>

<div>HKLM-x32\...\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)</div>

<div>HKLM-x32\...\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [x]</div>

<div>HKLM-x32\...\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)</div>

<div>HKLM-x32\...\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)</div>

<div>HKLM-x32\...\Run: []  [x]</div>

<div>HKLM-x32\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED [600936 2009-06-29] (Symantec Corporation)</div>

<div>HKLM-x32\...\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)</div>

<div>HKLM-x32\...\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [165208 2010-05-07] (Logitech Inc.)</div>

<div>HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-10-01] (Advanced Micro Devices, Inc.)</div>

<div>HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)</div>

<div>HKLM-x32\...\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)</div>

<div>HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)</div>

<div>HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)</div>

<div>HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)</div>

<div>HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated)</div>

<div>HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated)</div>

<div>HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)</div>

<div>HKLM-x32\...\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [309688 2012-10-10] (Samsung Electronics Co., Ltd.)</div>

<div>HKU\Cassovel\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-08-16] (Google Inc.)</div>

<div>HKU\Cassovel\...\Run: [Google Update] "C:\Users\Cassovel\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-08-05] (Google Inc.)</div>

<div>HKU\Cassovel\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)</div>

<div>HKU\Cassovel\...\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload [966072 2012-10-10] (Samsung)</div>

<div>HKU\Cassovel\...\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup [580096 2012-10-08] (Samsung Electronics)</div>

<div>HKU\Cassovel\...\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [842680 2012-10-10] (Samsung)</div>

<div>HKU\Cassovel\...\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart [15668432 2012-09-06] (Google)</div>

<div>HKU\Cassovel\...\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [842680 2012-10-10] (Samsung)</div>

<div>HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1685048 2009-09-29] (Hewlett-Packard)</div>

<div>HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1685048 2009-09-29] (Hewlett-Packard)</div>

<div>HKLM\...\Runonce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [x]</div>

<div>HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)</div>

<div>Tcpip\Parameters: [DhcpNameServer] 192.168.0.1</div>

<div>Startup: C:\Users\All Users\Start Menu\Programs\Startup\ActivClient Agent.lnk</div>

<div>ShortcutTarget: ActivClient Agent.lnk -> C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)</div>

<div>Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk</div>

<div>ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)</div>

<div>Startup: C:\Users\All Users\Start Menu\Programs\Startup\PictureMover.lnk</div>

<div>ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)</div>

<div> </div>

<div>==================== Services (Whitelisted) ===================</div>

<div> </div>

<div>2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277656 2012-06-21] (ActivIdentity)</div>

<div>4 D-Link SharePort Helper; "C:\Program Files\D-Link\SharePort Utility\Spnuhelper.exe" /service [49152 2011-04-12] ()</div>

<div>2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22072 2012-09-12] (Microsoft Corporation)</div>

<div>2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\diMaster.dll" /prefetch:1 [135032 2010-04-29] (Symantec Corporation)</div>

<div>3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [368896 2012-09-12] (Microsoft Corporation)</div>

<div> </div>

<div>==================== Drivers (Whitelisted) =====================</div>

<div> </div>

<div>1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20120928.001\BHDrvx64.sys [1385120 2012-08-31] (Symantec Corporation)</div>

<div>1 ccHP; C:\Windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys [593544 2011-08-03] (Symantec Corporation)</div>

<div>3 dgderdrv; C:\Windows\System32\Drivers\dgderdrv.sys [20552 2010-09-15] (Devguru Co., Ltd)</div>

<div>3 dgderdrv; C:\Windows\SysWow64\Drivers\dgderdrv.sys [20032 2011-03-29] (Devguru Co., Ltd)</div>

<div>1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-19] (Symantec Corporation)</div>

<div>3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-19] (Symantec Corporation)</div>

<div>1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20121017.001\IDSvia64.sys [513184 2012-08-31] (Symantec Corporation)</div>

<div>3 LVPr2M64; C:\Windows\System32\Drivers\LVPr2M64.sys [30304 2010-05-07] ()</div>

<div>3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()</div>

<div>0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [228768 2012-08-31] (Microsoft Corporation)</div>

<div>2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-31] (Microsoft Corporation)</div>

<div>1 SRTSP; C:\Windows\System32\Drivers\NISx64\1109000.00C\SRTSP64.SYS [505392 2010-04-21] (Symantec Corporation)</div>

<div>1 SRTSPX; C:\Windows\system32\drivers\NISx64\1109000.00C\SRTSPX64.SYS [32304 2010-04-21] (Symantec Corporation)</div>

<div>2 sxuptp; C:\Windows\System32\Drivers\sxuptp.sys [291336 2011-04-12] (silex technology, Inc.)</div>

<div>0 SymDS; C:\Windows\System32\drivers\NISx64\1109000.00C\SYMDS64.SYS [433200 2009-08-29] (Symantec Corporation)</div>

<div>0 SymEFA; C:\Windows\System32\drivers\NISx64\1109000.00C\SYMEFA64.SYS [221304 2011-08-21] (Symantec Corporation)</div>

<div>3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [173104 2010-08-15] (Symantec Corporation)</div>

<div>1 SymIRON; C:\Windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS [150064 2010-04-28] (Symantec Corporation)</div>

<div>1 SYMTDIv; C:\Windows\System32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS [451704 2011-08-21] (Symantec Corporation)</div>

<div>2 {55662437-DA8C-40c0-AADA-2C816A897A49}; \??\c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2009-09-17] (CyberLink Corp.)</div>

<div>3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20121020.007\ENG64.SYS [x]</div>

<div>3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20121020.007\EX64.SYS [x]</div>

<div> </div>

<div>==================== NetSvcs (Whitelisted) ====================</div>

<div> </div>

<div> </div>

<div>==================== One Month Created Files and Folders ========</div>

<div> </div>

<div>2012-11-04 11:34 - 2012-11-04 11:34 - 00000000 ____D C:\Windows\Microsoft Antimalware</div>

<div>2012-11-03 01:17 - 2012-11-03 01:18 - 00002951 ____A C:\Users\Cassovel\Desktop\Result.txt</div>

<div>2012-11-03 01:13 - 2012-11-03 01:13 - 00003043 ____A C:\Users\Cassovel\Desktop\RKreport[1].txt</div>

<div>2012-11-03 01:12 - 2012-11-03 01:13 - 00000000 ____D C:\Users\Cassovel\Desktop\RK_Quarantine</div>

<div>2012-11-03 00:53 - 2012-11-03 00:54 - 00031950 ____A C:\Users\Cassovel\Desktop\dds.txt</div>

<div>2012-11-03 00:53 - 2012-11-03 00:54 - 00019199 ____A C:\Users\Cassovel\Desktop\attach.txt</div>

<div>2012-10-29 13:41 - 2012-10-29 13:41 - 00000000 ____D C:\Users\All Users\Windows Genuine Advantage</div>

<div>2012-10-28 23:43 - 2012-11-03 09:45 - 00000000 ____D C:\Users\Cassovel\Desktop\Entry.aspx_files</div>

<div>2012-10-28 23:43 - 2012-10-28 23:43 - 00090790 ____A C:\Users\Cassovel\Desktop\Entry.aspx.htm</div>

<div>2012-10-26 20:52 - 2012-10-26 20:52 - 00000000 ____D C:\Users\Cassovel\AppData\Roaming\Malwarebytes</div>

<div>2012-10-26 20:51 - 2012-11-03 09:45 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware</div>

<div>2012-10-26 20:51 - 2012-10-26 20:51 - 00000000 ____D C:\Users\All Users\Malwarebytes</div>

<div>2012-10-26 20:19 - 2012-10-26 20:19 - 00000000 ____D C:\Windows\Sun</div>

<div>2012-10-26 20:15 - 2012-10-26 20:15 - 00275336 ____A C:\Windows\Minidump\102612-36987-01.dmp</div>

<div>2012-10-26 19:49 - 2012-10-26 19:49 - 00275336 ____A C:\Windows\Minidump\102612-39234-01.dmp</div>

<div>2012-10-22 04:25 - 2012-10-22 04:25 - 00000000 ____D C:\Users\Cassovel\AppData\Roaming\Tific</div>

<div>2012-10-22 04:25 - 2012-10-22 04:25 - 00000000 ____D C:\Users\Cassovel\AppData\Local\Symantec</div>

<div>2012-10-21 20:53 - 2012-10-21 20:53 - 01115152 ____A C:\Windows\Minidump\102112-45957-01.dmp</div>

<div>2012-10-18 16:39 - 2012-10-18 16:39 - 00000000 ____D C:\Users\Public\Documents\CrashDump</div>

<div>2012-10-18 16:01 - 2012-10-18 16:01 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log</div>

<div>2012-10-18 16:00 - 2012-09-19 20:35 - 00203104 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys</div>

<div>2012-10-18 16:00 - 2012-09-19 20:35 - 00102368 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys</div>

<div>2012-10-10 10:02 - 2012-08-31 10:19 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys</div>

<div>2012-10-10 10:02 - 2012-08-30 10:03 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe</div>

<div>2012-10-10 10:02 - 2012-08-30 09:12 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe</div>

<div>2012-10-10 10:02 - 2012-08-30 09:12 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe</div>

<div>2012-10-10 10:02 - 2012-08-20 10:48 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 10:48 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 10:48 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 10:48 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 10:48 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 10:48 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 10:48 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 10:46 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe</div>

<div>2012-10-10 10:02 - 2012-08-20 10:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 10:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 09:40 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 09:38 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe</div>

<div>2012-10-10 10:02 - 2012-08-20 09:37 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 09:37 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 09:37 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 09:32 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 09:32 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 07:38 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe</div>

<div>2012-10-10 10:02 - 2012-08-20 07:38 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe</div>

<div>2012-10-10 10:02 - 2012-08-20 07:33 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 07:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 07:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll</div>

<div>2012-10-10 10:02 - 2012-08-20 07:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll</div>

<div>2012-10-10 10:01 - 2012-09-14 11:19 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll</div>

<div>2012-10-10 10:01 - 2012-09-14 10:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll</div>

<div>2012-10-10 10:01 - 2012-08-24 10:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll</div>

<div>2012-10-10 10:01 - 2012-08-24 08:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll</div>

<div>2012-10-10 10:01 - 2012-08-10 16:56 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll</div>

<div>2012-10-10 10:01 - 2012-08-10 15:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll</div>

<div>2012-10-10 10:01 - 2012-06-01 21:41 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll</div>

<div>2012-10-10 10:01 - 2012-06-01 21:41 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll</div>

<div>2012-10-10 10:01 - 2012-06-01 21:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll</div>

<div>2012-10-10 10:01 - 2012-06-01 20:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll</div>

<div>2012-10-10 10:01 - 2012-06-01 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll</div>

<div>2012-10-10 10:01 - 2012-06-01 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll</div>

<div> </div>

<div> </div>

<div>==================== 3 Months Modified Files ==================</div>

<div> </div>

<div>2012-11-03 01:18 - 2012-11-03 01:17 - 00002951 ____A C:\Users\Cassovel\Desktop\Result.txt</div>

<div>2012-11-03 01:13 - 2012-11-03 01:13 - 00003043 ____A C:\Users\Cassovel\Desktop\RKreport[1].txt</div>

<div>2012-11-03 00:54 - 2012-11-03 00:53 - 00031950 ____A C:\Users\Cassovel\Desktop\dds.txt</div>

<div>2012-11-03 00:54 - 2012-11-03 00:53 - 00019199 ____A C:\Users\Cassovel\Desktop\attach.txt</div>

<div>2012-10-28 23:43 - 2012-10-28 23:43 - 00090790 ____A C:\Users\Cassovel\Desktop\Entry.aspx.htm</div>

<div>2012-10-26 20:15 - 2012-10-26 20:15 - 00275336 ____A C:\Windows\Minidump\102612-36987-01.dmp</div>

<div>2012-10-26 20:15 - 2010-06-24 09:29 - 01311227 ____A C:\Windows\WindowsUpdate.log</div>

<div>2012-10-26 20:15 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT</div>

<div>2012-10-26 20:15 - 2009-07-13 20:51 - 00065163 ____A C:\Windows\setupact.log</div>

<div>2012-10-26 20:14 - 2011-07-17 23:17 - 594894212 ____A C:\Windows\MEMORY.DMP</div>

<div>2012-10-26 20:14 - 2010-08-17 05:22 - 00126562 ____A C:\Windows\PFRO.log</div>

<div>2012-10-26 19:49 - 2012-10-26 19:49 - 00275336 ____A C:\Windows\Minidump\102612-39234-01.dmp</div>

<div>2012-10-26 19:49 - 2010-08-16 17:30 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job</div>

<div>2012-10-21 21:05 - 2011-08-26 10:43 - 00000920 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-411804229-1992954851-3435353238-1001UA.job</div>

<div>2012-10-21 21:01 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</div>

<div>2012-10-21 21:01 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</div>

<div>2012-10-21 21:00 - 2009-07-13 21:13 - 00730512 ____A C:\Windows\System32\PerfStringBackup.INI</div>

<div>2012-10-21 20:58 - 2010-08-16 17:30 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job</div>

<div>2012-10-21 20:53 - 2012-10-21 20:53 - 01115152 ____A C:\Windows\Minidump\102112-45957-01.dmp</div>

<div>2012-10-18 16:27 - 2012-08-20 01:30 - 00000344 ____A C:\Windows\Tasks\HPCeeScheduleForCassovel.job</div>

<div>2012-10-18 15:30 - 2011-08-26 10:43 - 00000868 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-411804229-1992954851-3435353238-1001Core.job</div>

<div>2012-10-18 15:26 - 2012-04-29 11:51 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job</div>

<div>2012-10-12 21:06 - 2010-11-13 22:10 - 00000408 ___AH C:\Windows\Tasks\Norton Security Scan for Cassovel.job</div>

<div>2012-10-11 05:06 - 2010-08-21 14:09 - 65309168 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe</div>

<div>2012-10-11 05:05 - 2011-04-11 09:55 - 00002376 ____A C:\Users\Public\Desktop\Google Chrome.lnk</div>

<div>2012-10-08 17:26 - 2012-04-29 11:51 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe</div>

<div>2012-10-08 17:26 - 2011-05-23 17:26 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl</div>

<div>2012-10-03 05:01 - 2011-05-22 19:38 - 00001945 ____A C:\Windows\epplauncher.mif</div>

<div>2012-10-02 16:54 - 2010-08-15 15:32 - 00000544 ____A C:\Windows\Tasks\PCDRScheduledMaintenance.job</div>

<div>2012-10-02 15:49 - 2010-11-07 15:29 - 00023541 ____A C:\Windows\System32\lvcoinst.log</div>

<div>2012-09-27 12:29 - 2011-05-21 10:23 - 00174080 __ASH C:\Users\Cassovel\Desktop\Thumbs.db</div>

<div>2012-09-26 03:57 - 2011-03-18 01:06 - 00172032 ____A (Musiccity Co.Ltd.) C:\Windows\SysWOW64\muzapp.exe</div>

<div>2012-09-26 03:57 - 2011-03-18 01:06 - 00024576 ____A ((?)????) C:\Windows\SysWOW64\MASetupCleaner.exe</div>

<div>2012-09-19 20:35 - 2012-10-18 16:00 - 00203104 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys</div>

<div>2012-09-19 20:35 - 2012-10-18 16:00 - 00102368 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys</div>

<div>2012-09-18 12:47 - 2012-09-18 11:38 - 941387776 ____A C:\Users\Cassovel\Desktop\Food.Inc.XviD.AC3.MVGroup.org.avi</div>

<div>2012-09-14 11:19 - 2012-10-10 10:01 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll</div>

<div>2012-09-14 10:28 - 2012-10-10 10:01 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll</div>

<div>2012-08-31 10:19 - 2012-10-10 10:02 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys</div>

<div>2012-08-31 00:03 - 2012-08-31 00:03 - 00228768 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys</div>

<div>2012-08-31 00:03 - 2010-10-24 23:25 - 00128456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys</div>

<div>2012-08-30 10:03 - 2012-10-10 10:02 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe</div>

<div>2012-08-30 09:12 - 2012-10-10 10:02 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe</div>

<div>2012-08-30 09:12 - 2012-10-10 10:02 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe</div>

<div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033923 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.23</div>

<div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033923 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.22</div>

<div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033922 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.24</div>

<div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033916 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.25</div>

<div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033824 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.21</div>

<div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033815 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.20</div>

<div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033776 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.19</div>

<div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033774 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.11</div>

<div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033769 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.16</div>

<div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033765 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.18</div>

<div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033765 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.17</div>

<div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033762 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.12</div>

<div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033752 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.9</div>

<div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033752 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.15</div>

<div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033749 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.13</div>

<div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033741 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.6</div>

<div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033741 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.14</div>

<div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033736 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.10</div>

<div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033726 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.7</div>

<div>2012-08-27 02:11 - 2012-08-27 02:11 - 00033724 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.8</div>

<div>2012-08-27 02:10 - 2012-08-27 02:11 - 00033837 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.5</div>

<div>2012-08-27 02:10 - 2012-08-27 02:10 - 00053472 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.4</div>

<div>2012-08-27 02:10 - 2012-08-27 02:10 - 00053472 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.0</div>

<div>2012-08-27 02:10 - 2012-08-27 02:10 - 00034034 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.3</div>

<div>2012-08-27 02:10 - 2012-08-27 02:10 - 00033387 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.1</div>

<div>2012-08-27 02:10 - 2012-08-27 02:10 - 00033106 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.2</div>

<div>2012-08-27 02:06 - 2012-08-27 02:06 - 01001264 ____A (Solid State Networks) C:\Users\Cassovel\Downloads\install_flashplayer11x32ax_mssa_au_aih.exe</div>

<div>2012-08-27 02:05 - 2012-08-27 02:05 - 00001705 ____A C:\Users\Cassovel\Desktop\Google Drive.lnk</div>

<div>2012-08-27 00:45 - 2012-08-27 00:45 - 00001915 ____A C:\Users\Public\Desktop\Samsung Kies.lnk</div>

<div>2012-08-27 00:15 - 2011-04-25 14:26 - 00001136 ____A C:\Users\Public\Desktop\Samsung Kies mini.lnk</div>

<div>2012-08-25 14:56 - 2012-01-25 06:38 - 00001976 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk</div>

<div>2012-08-24 10:05 - 2012-10-10 10:01 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll</div>

<div>2012-08-24 08:57 - 2012-10-10 10:01 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll</div>

<div>2012-08-24 03:15 - 2012-09-23 05:00 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll</div>

<div>2012-08-24 02:39 - 2012-09-23 05:00 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll</div>

<div>2012-08-24 02:31 - 2012-09-23 05:00 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll</div>

<div>2012-08-24 02:22 - 2012-09-23 05:00 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll</div>

<div>2012-08-24 02:21 - 2012-09-23 05:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll</div>

<div>2012-08-24 02:20 - 2012-09-23 05:00 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl</div>

<div>2012-08-24 02:18 - 2012-09-23 05:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll</div>

<div>2012-08-24 02:17 - 2012-09-23 05:00 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll</div>

<div>2012-08-24 02:14 - 2012-09-23 05:00 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll</div>

<div>2012-08-24 02:14 - 2012-09-23 05:00 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe</div>

<div>2012-08-24 02:13 - 2012-09-23 05:00 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll</div>

<div>2012-08-24 02:12 - 2012-09-23 05:00 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll</div>

<div>2012-08-24 02:11 - 2012-09-23 05:00 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll</div>

<div>2012-08-24 02:10 - 2012-09-23 05:00 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll</div>

<div>2012-08-24 02:09 - 2012-09-23 05:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb</div>

<div>2012-08-24 02:04 - 2012-09-23 05:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll</div>

<div>2012-08-24 00:09 - 2012-08-24 00:08 - 00265600 ____A C:\Windows\Minidump\082312-123412-01.dmp</div>

<div>2012-08-23 23:27 - 2012-09-23 05:00 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll</div>

<div>2012-08-23 23:03 - 2012-09-23 05:00 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll</div>

<div>2012-08-23 22:59 - 2012-09-23 05:00 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll</div>

<div>2012-08-23 22:51 - 2012-09-23 05:00 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl</div>

<div>2012-08-23 22:51 - 2012-09-23 05:00 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll</div>

<div>2012-08-23 22:51 - 2012-09-23 05:00 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll</div>

<div>2012-08-23 22:49 - 2012-09-23 05:00 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll</div>

<div>2012-08-23 22:48 - 2012-09-23 05:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll</div>

<div>2012-08-23 22:47 - 2012-09-23 05:00 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll</div>

<div>2012-08-23 22:47 - 2012-09-23 05:00 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll</div>

<div>2012-08-23 22:47 - 2012-09-23 05:00 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe</div>

<div>2012-08-23 22:45 - 2012-09-23 05:00 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll</div>

<div>2012-08-23 22:44 - 2012-09-23 05:00 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll</div>

<div>2012-08-23 22:44 - 2012-09-23 05:00 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll</div>

<div>2012-08-23 22:43 - 2012-09-23 05:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb</div>

<div>2012-08-23 22:40 - 2012-09-23 05:00 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll</div>

<div>2012-08-23 05:18 - 2009-07-13 20:45 - 00431064 ____A C:\Windows\System32\FNTCACHE.DAT</div>

<div>2012-08-22 10:12 - 2012-09-15 15:51 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys</div>

<div>2012-08-22 10:12 - 2012-09-15 15:51 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys</div>

<div>2012-08-22 10:12 - 2012-09-15 15:51 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys</div>

<div>2012-08-22 10:12 - 2012-09-15 15:51 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS</div>

<div>2012-08-21 13:01 - 2012-09-25 13:40 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe</div>

<div>2012-08-20 23:06 - 2010-11-17 20:35 - 00116896 ____A C:\Users\Cassovel\AppData\Local\GDIPFONTCACHEV1.DAT</div>

<div>2012-08-20 10:48 - 2012-10-10 10:02 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll</div>

<div>2012-08-20 10:48 - 2012-10-10 10:02 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll</div>

<div>2012-08-20 10:48 - 2012-10-10 10:02 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll</div>

<div>2012-08-20 10:48 - 2012-10-10 10:02 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll</div>

<div>2012-08-20 10:48 - 2012-10-10 10:02 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll</div>

<div>2012-08-20 10:48 - 2012-10-10 10:02 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll</div>

<div>2012-08-20 10:48 - 2012-10-10 10:02 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll</div>

<div>2012-08-20 10:46 - 2012-10-10 10:02 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe</div>

<div>2012-08-20 10:38 - 2012-10-10 10:02 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll</div>

<div>2012-08-20 10:38 - 2012-10-10 10:02 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll</div>

<div>2012-08-20 10:38 - 2012-10-10 10:02 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll</div>

<div>2012-08-20 10:38 - 2012-10-10 10:02 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll</div>

<div>2012-08-20 10:38 - 2012-10-10 10:02 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll</div>

<div>2012-08-20 10:38 - 2012-10-10 10:02 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll</div>

<div>2012-08-20 10:38 - 2012-10-10 10:02 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll</div>

<div>2012-08-20 10:38 - 2012-10-10 10:02 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll</div>

<div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll</div>

<div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll</div>

<div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll</div>

<div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll</div>

<div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll</div>

<div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll</div>

<div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll</div>

<div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll</div>

<div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll</div>

<div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll</div>

<div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll</div>

<div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll</div>

<div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll</div>

<div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll</div>

<div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll</div>

<div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll</div>

<div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll</div>

<div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll</div>

<div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll</div>

<div>2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll</div>

<div>2012-08-20 09:40 - 2012-10-10 10:02 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll</div>

<div>2012-08-20 09:38 - 2012-10-10 10:02 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe</div>

<div>2012-08-20 09:37 - 2012-10-10 10:02 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll</div>

<div>2012-08-20 09:37 - 2012-10-10 10:02 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll</div>

<div>2012-08-20 09:37 - 2012-10-10 10:02 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll</div>

<div>2012-08-20 09:32 - 2012-10-10 10:02 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll</div>

<div>2012-08-20 09:32 - 2012-10-10 10:02 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll</div>

<div>2012-08-20 09:32 - 2012-10-10 10:02 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll</div>

<div>2012-08-20 09:32 - 2012-10-10 10:02 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll</div>

<div>2012-08-20 09:32 - 2012-10-10 10:02 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll</div>

<div>2012-08-20 09:32 - 2012-10-10 10:02 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll</div>

<div>2012-08-20 09:32 - 2012-10-10 10:02 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll</div>

<div>2012-08-20 09:32 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll</div>

<div>2012-08-20 09:32 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll</div>

<div>2012-08-20 09:32 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll</div>

<div>2012-08-20 09:32 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll</div>

<div>2012-08-20 09:32 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll</div>

<div>2012-08-20 09:32 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll</div>

<div>2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll</div>

<div>2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll</div>

<div>2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll</div>

<div>2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll</div>

<div>2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll</div>

<div>2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll</div>

<div>2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll</div>

<div>2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll</div>

<div>2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll</div>

<div>2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll</div>

<div>2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll</div>

<div>2012-08-20 07:38 - 2012-10-10 10:02 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe</div>

<div>2012-08-20 07:38 - 2012-10-10 10:02 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe</div>

<div>2012-08-20 07:33 - 2012-10-10 10:02 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll</div>

<div>2012-08-20 07:33 - 2012-10-10 10:02 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll</div>

<div>2012-08-20 07:33 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll</div>

<div>2012-08-20 07:33 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll</div>

<div>2012-08-20 03:37 - 2012-08-20 03:37 - 00001859 ____A C:\Users\Cassovel\Desktop\Install ApproveIt Desktop.lnk</div>

<div>2012-08-20 02:47 - 2012-08-20 02:44 - 40046905 ____A C:\Users\Cassovel\Documents\AC62_AFR_Home_Use.zip</div>

<div>2012-08-20 02:04 - 2012-08-20 01:59 - 71935640 ____A (IBM                                                            ) C:\Users\Cassovel\Documents\Viewer_DSig_3.5.1.333.exe</div>

<div>2012-08-20 01:57 - 2012-08-20 01:55 - 27386256 ____A (                                   ) C:\Users\Cassovel\Documents\AdbeRdr930_en_US.exe</div>

<div>2012-08-19 22:01 - 2012-08-19 21:58 - 32886524 ____A C:\Users\Cassovel\Downloads\ActivClient62.zip</div>

<div>2012-08-19 21:56 - 2012-08-19 21:56 - 00138403 ____A C:\Users\Cassovel\Downloads\InstallRoot_v3.15A.zip</div>

<div>2012-08-19 21:55 - 2012-08-19 21:55 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf</div>

<div>2012-08-10 16:56 - 2012-10-10 10:01 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll</div>

<div>2012-08-10 15:56 - 2012-10-10 10:01 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll</div>

<div> </div>

<div>==================== Known DLLs (Whitelisted) =================</div>

<div> </div>

<div> </div>

<div>==================== Bamital & volsnap Check =================</div>

<div> </div>

<div>C:\Windows\System32\winlogon.exe => MD5 is legit</div>

<div>C:\Windows\System32\wininit.exe => MD5 is legit</div>

<div>C:\Windows\SysWOW64\wininit.exe => MD5 is legit</div>

<div>C:\Windows\explorer.exe => MD5 is legit</div>

<div>C:\Windows\SysWOW64\explorer.exe => MD5 is legit</div>

<div>C:\Windows\System32\svchost.exe => MD5 is legit</div>

<div>C:\Windows\SysWOW64\svchost.exe => MD5 is legit</div>

<div>C:\Windows\System32\services.exe => MD5 is legit</div>

<div>C:\Windows\System32\User32.dll => MD5 is legit</div>

<div>C:\Windows\SysWOW64\User32.dll => MD5 is legit</div>

<div>C:\Windows\System32\userinit.exe => MD5 is legit</div>

<div>C:\Windows\SysWOW64\userinit.exe => MD5 is legit</div>

<div>C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit</div>

<div> </div>

<div>TDL4: custom:26000022 <===== ATTENTION!</div>

<div> </div>

<div>==================== EXE ASSOCIATION =====================</div>

<div> </div>

<div>HKLM\...\.exe: exefile => OK</div>

<div>HKLM\...\exefile\DefaultIcon: %1 => OK</div>

<div>HKLM\...\exefile\open\command: "%1" %* => OK</div>

<div> </div>

<div>==================== Restore Points  =========================</div>

<div> </div>

<div>Restore point made on: 2012-10-21 21:07:42</div>

<div>Restore point made on: 2012-10-26 15:44:18</div>

<div>Restore point made on: 2012-10-26 20:16:02</div>

<div>Restore point made on: 2012-10-26 20:45:39</div>

<div> </div>

<div>==================== Memory info =========================== </div>

<div> </div>

<div>Percentage of memory in use: 11%</div>

<div>Total physical RAM: 8151.08 MB</div>

<div>Available physical RAM: 7173.25 MB</div>

<div>Total Pagefile: 8149.23 MB</div>

<div>Available Pagefile: 7166.5 MB</div>

<div>Total Virtual: 8192 MB</div>

<div>Available Virtual: 8191.91 MB</div>

<div> </div>

<div>==================== Partitions =============================</div>

<div> </div>

<div>1 Drive c: (HP) (Fixed) (Total:920.36 GB) (Free:778.93 GB) NTFS</div>

<div>2 Drive e: (FACTORY_IMAGE) (Fixed) (Total:11.06 GB) (Free:1.59 GB) NTFS ==>[system with boot components (obtained from reading drive)]</div>

<div>4 Drive g: (WDO_MEDIA64) (Removable) (Total:3.77 GB) (Free:3.76 GB) FAT32</div>

<div>9 Drive x: (Boot) (Fixed) (Total:0.08 GB) (Free:0.07 GB) NTFS</div>

<div>10 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]</div>

<div>ATTENTION: Malware custom entry on BCD on drive y: detected. Check for MBR/Partition infection.</div>

<div> </div>

<div>  Disk ###  Status         Size     Free     Dyn  Gpt</div>

<div>  --------  -------------  -------  -------  ---  ---</div>

<div>  Disk 0    Online          931 GB      0 B         </div>

<div>  Disk 1    Online         3864 MB      0 B         </div>

<div>  Disk 2    No Media           0 B      0 B         </div>

<div>  Disk 3    No Media           0 B      0 B         </div>

<div>  Disk 4    No Media           0 B      0 B         </div>

<div>  Disk 5    No Media           0 B      0 B         </div>

<div> </div>

<div>Partitions of Disk 0:</div>

<div>===============</div>

<div> </div>

<div>  Partition ###  Type              Size     Offset</div>

<div>  -------------  ----------------  -------  -------</div>

<div>  Partition 1    Primary            100 MB  1024 KB</div>

<div>  Partition 2    Primary            920 GB   101 MB</div>

<div>  Partition 3    Primary             11 GB   920 GB</div>

<div> </div>

<div>==================================================================================</div>

<div> </div>

<div>Disk: 0</div>

<div>Partition 1</div>

<div>Type  : 07</div>

<div>Hidden: No</div>

<div>Active: Yes</div>

<div> </div>

<div>  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info</div>

<div>  ----------  ---  -----------  -----  ----------  -------  ---------  --------</div>

<div>* Volume 1     Y   SYSTEM       NTFS   Partition    100 MB  Healthy            </div>

<div> </div>

<div>=========================================================</div>

<div> </div>

<div>Disk: 0</div>

<div>Partition 2</div>

<div>Type  : 07</div>

<div>Hidden: No</div>

<div>Active: No</div>

<div> </div>

<div>  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info</div>

<div>  ----------  ---  -----------  -----  ----------  -------  ---------  --------</div>

<div>* Volume 2     C   HP           NTFS   Partition    920 GB  Healthy            </div>

<div> </div>

<div>=========================================================</div>

<div> </div>

<div>Disk: 0</div>

<div>Partition 3</div>

<div>Type  : 07</div>

<div>Hidden: No</div>

<div>Active: No</div>

<div> </div>

<div>  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info</div>

<div>  ----------  ---  -----------  -----  ----------  -------  ---------  --------</div>

<div>* Volume 3     E   FACTORY_IMA  NTFS   Partition     11 GB  Healthy            </div>

<div> </div>

<div>=========================================================</div>

<div> </div>

<div>Partitions of Disk 1:</div>

<div>===============</div>

<div> </div>

<div>  Partition ###  Type              Size     Offset</div>

<div>  -------------  ----------------  -------  -------</div>

<div>  Partition 1    Primary           3863 MB    31 KB</div>

<div> </div>

<div>==================================================================================</div>

<div> </div>

<div>Disk: 1</div>

<div>Partition 1</div>

<div>Type  : 0B</div>

<div>Hidden: No</div>

<div>Active: Yes</div>

<div> </div>

<div>  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info</div>

<div>  ----------  ---  -----------  -----  ----------  -------  ---------  --------</div>

<div>* Volume 4     G   WDO_MEDIA64  FAT32  Removable   3863 MB  Healthy            </div>

<div> </div>

<div>=========================================================</div>

<div> </div>

<div>Last Boot: 2012-11-02 19:18</div>

<div> </div>

<div>==================== End Of Log =============================</div>

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-10-2012 (ATTENTION: FRST version is 7 days old)

Ran by SYSTEM at 06-11-2012 11:02:18

Running from G:\

Windows 7 Home Premium (X64) OS Language: English(US)

The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-16] (PC-Doctor, Inc.)

HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1289704 2012-09-12] (Microsoft Corporation)

HKLM\...\Run: [acevents] "C:\Program Files\ActivIdentity\ActivClient\acevents.exe" [197272 2012-06-21] (ActivIdentity)

HKLM\...\Run: [] [x]

HKLM\...\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe" [491160 2012-06-21] (ActivIdentity)

HKLM-x32\...\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)

HKLM-x32\...\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [x]

HKLM-x32\...\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)

HKLM-x32\...\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)

HKLM-x32\...\Run: [] [x]

HKLM-x32\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED [600936 2009-06-29] (Symantec Corporation)

HKLM-x32\...\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)

HKLM-x32\...\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [165208 2010-05-07] (Logitech Inc.)

HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-10-01] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)

HKLM-x32\...\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)

HKLM-x32\...\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [309688 2012-10-10] (Samsung Electronics Co., Ltd.)

HKU\Cassovel\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-08-16] (Google Inc.)

HKU\Cassovel\...\Run: [Google Update] "C:\Users\Cassovel\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-08-05] (Google Inc.)

HKU\Cassovel\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)

HKU\Cassovel\...\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload [966072 2012-10-10] (Samsung)

HKU\Cassovel\...\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup [580096 2012-10-08] (Samsung Electronics)

HKU\Cassovel\...\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [842680 2012-10-10] (Samsung)

HKU\Cassovel\...\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart [15668432 2012-09-06] (Google)

HKU\Cassovel\...\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [842680 2012-10-10] (Samsung)

HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1685048 2009-09-29] (Hewlett-Packard)

HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1685048 2009-09-29] (Hewlett-Packard)

HKLM\...\Runonce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [x]

HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Startup: C:\Users\All Users\Start Menu\Programs\Startup\ActivClient Agent.lnk

ShortcutTarget: ActivClient Agent.lnk -> C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)

Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

Startup: C:\Users\All Users\Start Menu\Programs\Startup\PictureMover.lnk

ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)

==================== Services (Whitelisted) ===================

2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277656 2012-06-21] (ActivIdentity)

4 D-Link SharePort Helper; "C:\Program Files\D-Link\SharePort Utility\Spnuhelper.exe" /service [49152 2011-04-12] ()

2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22072 2012-09-12] (Microsoft Corporation)

2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\diMaster.dll" /prefetch:1 [135032 2010-04-29] (Symantec Corporation)

3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [368896 2012-09-12] (Microsoft Corporation)

==================== Drivers (Whitelisted) =====================

1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20120928.001\BHDrvx64.sys [1385120 2012-08-31] (Symantec Corporation)

1 ccHP; C:\Windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys [593544 2011-08-03] (Symantec Corporation)

3 dgderdrv; C:\Windows\System32\Drivers\dgderdrv.sys [20552 2010-09-15] (Devguru Co., Ltd)

3 dgderdrv; C:\Windows\SysWow64\Drivers\dgderdrv.sys [20032 2011-03-29] (Devguru Co., Ltd)

1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-19] (Symantec Corporation)

3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-19] (Symantec Corporation)

1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20121017.001\IDSvia64.sys [513184 2012-08-31] (Symantec Corporation)

3 LVPr2M64; C:\Windows\System32\Drivers\LVPr2M64.sys [30304 2010-05-07] ()

3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()

0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [228768 2012-08-31] (Microsoft Corporation)

2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-31] (Microsoft Corporation)

1 SRTSP; C:\Windows\System32\Drivers\NISx64\1109000.00C\SRTSP64.SYS [505392 2010-04-21] (Symantec Corporation)

1 SRTSPX; C:\Windows\system32\drivers\NISx64\1109000.00C\SRTSPX64.SYS [32304 2010-04-21] (Symantec Corporation)

2 sxuptp; C:\Windows\System32\Drivers\sxuptp.sys [291336 2011-04-12] (silex technology, Inc.)

0 SymDS; C:\Windows\System32\drivers\NISx64\1109000.00C\SYMDS64.SYS [433200 2009-08-29] (Symantec Corporation)

0 SymEFA; C:\Windows\System32\drivers\NISx64\1109000.00C\SYMEFA64.SYS [221304 2011-08-21] (Symantec Corporation)

3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [173104 2010-08-15] (Symantec Corporation)

1 SymIRON; C:\Windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS [150064 2010-04-28] (Symantec Corporation)

1 SYMTDIv; C:\Windows\System32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS [451704 2011-08-21] (Symantec Corporation)

2 {55662437-DA8C-40c0-AADA-2C816A897A49}; \??\c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2009-09-17] (CyberLink Corp.)

3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20121020.007\ENG64.SYS [x]

3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20121020.007\EX64.SYS [x]

==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========

2012-11-04 11:34 - 2012-11-04 11:34 - 00000000 ____D C:\Windows\Microsoft Antimalware

2012-11-03 01:17 - 2012-11-03 01:18 - 00002951 ____A C:\Users\Cassovel\Desktop\Result.txt

2012-11-03 01:13 - 2012-11-03 01:13 - 00003043 ____A C:\Users\Cassovel\Desktop\RKreport[1].txt

2012-11-03 01:12 - 2012-11-03 01:13 - 00000000 ____D C:\Users\Cassovel\Desktop\RK_Quarantine

2012-11-03 00:53 - 2012-11-03 00:54 - 00031950 ____A C:\Users\Cassovel\Desktop\dds.txt

2012-11-03 00:53 - 2012-11-03 00:54 - 00019199 ____A C:\Users\Cassovel\Desktop\attach.txt

2012-10-29 13:41 - 2012-10-29 13:41 - 00000000 ____D C:\Users\All Users\Windows Genuine Advantage

2012-10-28 23:43 - 2012-11-03 09:45 - 00000000 ____D C:\Users\Cassovel\Desktop\Entry.aspx_files

2012-10-28 23:43 - 2012-10-28 23:43 - 00090790 ____A C:\Users\Cassovel\Desktop\Entry.aspx.htm

2012-10-26 20:52 - 2012-10-26 20:52 - 00000000 ____D C:\Users\Cassovel\AppData\Roaming\Malwarebytes

2012-10-26 20:51 - 2012-11-03 09:45 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-10-26 20:51 - 2012-10-26 20:51 - 00000000 ____D C:\Users\All Users\Malwarebytes

2012-10-26 20:19 - 2012-10-26 20:19 - 00000000 ____D C:\Windows\Sun

2012-10-26 20:15 - 2012-10-26 20:15 - 00275336 ____A C:\Windows\Minidump\102612-36987-01.dmp

2012-10-26 19:49 - 2012-10-26 19:49 - 00275336 ____A C:\Windows\Minidump\102612-39234-01.dmp

2012-10-22 04:25 - 2012-10-22 04:25 - 00000000 ____D C:\Users\Cassovel\AppData\Roaming\Tific

2012-10-22 04:25 - 2012-10-22 04:25 - 00000000 ____D C:\Users\Cassovel\AppData\Local\Symantec

2012-10-21 20:53 - 2012-10-21 20:53 - 01115152 ____A C:\Windows\Minidump\102112-45957-01.dmp

2012-10-18 16:39 - 2012-10-18 16:39 - 00000000 ____D C:\Users\Public\Documents\CrashDump

2012-10-18 16:01 - 2012-10-18 16:01 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log

2012-10-18 16:00 - 2012-09-19 20:35 - 00203104 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys

2012-10-18 16:00 - 2012-09-19 20:35 - 00102368 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys

2012-10-10 10:02 - 2012-08-31 10:19 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys

2012-10-10 10:02 - 2012-08-30 10:03 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

2012-10-10 10:02 - 2012-08-30 09:12 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2012-10-10 10:02 - 2012-08-30 09:12 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2012-10-10 10:02 - 2012-08-20 10:48 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll

2012-10-10 10:02 - 2012-08-20 10:48 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll

2012-10-10 10:02 - 2012-08-20 10:48 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll

2012-10-10 10:02 - 2012-08-20 10:48 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll

2012-10-10 10:02 - 2012-08-20 10:48 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll

2012-10-10 10:02 - 2012-08-20 10:48 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll

2012-10-10 10:02 - 2012-08-20 10:48 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll

2012-10-10 10:02 - 2012-08-20 10:46 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe

2012-10-10 10:02 - 2012-08-20 10:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 10:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 09:40 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2012-10-10 10:02 - 2012-08-20 09:38 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2012-10-10 10:02 - 2012-08-20 09:37 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2012-10-10 10:02 - 2012-08-20 09:37 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2012-10-10 10:02 - 2012-08-20 09:37 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2012-10-10 10:02 - 2012-08-20 09:32 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 09:32 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 07:38 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2012-10-10 10:02 - 2012-08-20 07:38 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2012-10-10 10:02 - 2012-08-20 07:33 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 07:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 07:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2012-10-10 10:02 - 2012-08-20 07:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2012-10-10 10:01 - 2012-09-14 11:19 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll

2012-10-10 10:01 - 2012-09-14 10:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2012-10-10 10:01 - 2012-08-24 10:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll

2012-10-10 10:01 - 2012-08-24 08:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll

2012-10-10 10:01 - 2012-08-10 16:56 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll

2012-10-10 10:01 - 2012-08-10 15:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2012-10-10 10:01 - 2012-06-01 21:41 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll

2012-10-10 10:01 - 2012-06-01 21:41 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll

2012-10-10 10:01 - 2012-06-01 21:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll

2012-10-10 10:01 - 2012-06-01 20:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2012-10-10 10:01 - 2012-06-01 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll

2012-10-10 10:01 - 2012-06-01 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

==================== 3 Months Modified Files ==================

2012-11-03 01:18 - 2012-11-03 01:17 - 00002951 ____A C:\Users\Cassovel\Desktop\Result.txt

2012-11-03 01:13 - 2012-11-03 01:13 - 00003043 ____A C:\Users\Cassovel\Desktop\RKreport[1].txt

2012-11-03 00:54 - 2012-11-03 00:53 - 00031950 ____A C:\Users\Cassovel\Desktop\dds.txt

2012-11-03 00:54 - 2012-11-03 00:53 - 00019199 ____A C:\Users\Cassovel\Desktop\attach.txt

2012-10-28 23:43 - 2012-10-28 23:43 - 00090790 ____A C:\Users\Cassovel\Desktop\Entry.aspx.htm

2012-10-26 20:15 - 2012-10-26 20:15 - 00275336 ____A C:\Windows\Minidump\102612-36987-01.dmp

2012-10-26 20:15 - 2010-06-24 09:29 - 01311227 ____A C:\Windows\WindowsUpdate.log

2012-10-26 20:15 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-10-26 20:15 - 2009-07-13 20:51 - 00065163 ____A C:\Windows\setupact.log

2012-10-26 20:14 - 2011-07-17 23:17 - 594894212 ____A C:\Windows\MEMORY.DMP

2012-10-26 20:14 - 2010-08-17 05:22 - 00126562 ____A C:\Windows\PFRO.log

2012-10-26 19:49 - 2012-10-26 19:49 - 00275336 ____A C:\Windows\Minidump\102612-39234-01.dmp

2012-10-26 19:49 - 2010-08-16 17:30 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2012-10-21 21:05 - 2011-08-26 10:43 - 00000920 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-411804229-1992954851-3435353238-1001UA.job

2012-10-21 21:01 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-10-21 21:01 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-10-21 21:00 - 2009-07-13 21:13 - 00730512 ____A C:\Windows\System32\PerfStringBackup.INI

2012-10-21 20:58 - 2010-08-16 17:30 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2012-10-21 20:53 - 2012-10-21 20:53 - 01115152 ____A C:\Windows\Minidump\102112-45957-01.dmp

2012-10-18 16:27 - 2012-08-20 01:30 - 00000344 ____A C:\Windows\Tasks\HPCeeScheduleForCassovel.job

2012-10-18 15:30 - 2011-08-26 10:43 - 00000868 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-411804229-1992954851-3435353238-1001Core.job

2012-10-18 15:26 - 2012-04-29 11:51 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-10-12 21:06 - 2010-11-13 22:10 - 00000408 ___AH C:\Windows\Tasks\Norton Security Scan for Cassovel.job

2012-10-11 05:06 - 2010-08-21 14:09 - 65309168 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-10-11 05:05 - 2011-04-11 09:55 - 00002376 ____A C:\Users\Public\Desktop\Google Chrome.lnk

2012-10-08 17:26 - 2012-04-29 11:51 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-10-08 17:26 - 2011-05-23 17:26 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-10-03 05:01 - 2011-05-22 19:38 - 00001945 ____A C:\Windows\epplauncher.mif

2012-10-02 16:54 - 2010-08-15 15:32 - 00000544 ____A C:\Windows\Tasks\PCDRScheduledMaintenance.job

2012-10-02 15:49 - 2010-11-07 15:29 - 00023541 ____A C:\Windows\System32\lvcoinst.log

2012-09-27 12:29 - 2011-05-21 10:23 - 00174080 __ASH C:\Users\Cassovel\Desktop\Thumbs.db

2012-09-26 03:57 - 2011-03-18 01:06 - 00172032 ____A (Musiccity Co.Ltd.) C:\Windows\SysWOW64\muzapp.exe

2012-09-26 03:57 - 2011-03-18 01:06 - 00024576 ____A ((?)????) C:\Windows\SysWOW64\MASetupCleaner.exe

2012-09-19 20:35 - 2012-10-18 16:00 - 00203104 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys

2012-09-19 20:35 - 2012-10-18 16:00 - 00102368 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys

2012-09-18 12:47 - 2012-09-18 11:38 - 941387776 ____A C:\Users\Cassovel\Desktop\Food.Inc.XviD.AC3.MVGroup.org.avi

2012-09-14 11:19 - 2012-10-10 10:01 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll

2012-09-14 10:28 - 2012-10-10 10:01 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2012-08-31 10:19 - 2012-10-10 10:02 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys

2012-08-31 00:03 - 2012-08-31 00:03 - 00228768 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys

2012-08-31 00:03 - 2010-10-24 23:25 - 00128456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys

2012-08-30 10:03 - 2012-10-10 10:02 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

2012-08-30 09:12 - 2012-10-10 10:02 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2012-08-30 09:12 - 2012-10-10 10:02 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2012-08-27 02:11 - 2012-08-27 02:11 - 00033923 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.23

2012-08-27 02:11 - 2012-08-27 02:11 - 00033923 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.22

2012-08-27 02:11 - 2012-08-27 02:11 - 00033922 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.24

2012-08-27 02:11 - 2012-08-27 02:11 - 00033916 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.25

2012-08-27 02:11 - 2012-08-27 02:11 - 00033824 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.21

2012-08-27 02:11 - 2012-08-27 02:11 - 00033815 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.20

2012-08-27 02:11 - 2012-08-27 02:11 - 00033776 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.19

2012-08-27 02:11 - 2012-08-27 02:11 - 00033774 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.11

2012-08-27 02:11 - 2012-08-27 02:11 - 00033769 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.16

2012-08-27 02:11 - 2012-08-27 02:11 - 00033765 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.18

2012-08-27 02:11 - 2012-08-27 02:11 - 00033765 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.17

2012-08-27 02:11 - 2012-08-27 02:11 - 00033762 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.12

2012-08-27 02:11 - 2012-08-27 02:11 - 00033752 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.9

2012-08-27 02:11 - 2012-08-27 02:11 - 00033752 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.15

2012-08-27 02:11 - 2012-08-27 02:11 - 00033749 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.13

2012-08-27 02:11 - 2012-08-27 02:11 - 00033741 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.6

2012-08-27 02:11 - 2012-08-27 02:11 - 00033741 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.14

2012-08-27 02:11 - 2012-08-27 02:11 - 00033736 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.10

2012-08-27 02:11 - 2012-08-27 02:11 - 00033726 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.7

2012-08-27 02:11 - 2012-08-27 02:11 - 00033724 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.8

2012-08-27 02:10 - 2012-08-27 02:11 - 00033837 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.5

2012-08-27 02:10 - 2012-08-27 02:10 - 00053472 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.4

2012-08-27 02:10 - 2012-08-27 02:10 - 00053472 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.0

2012-08-27 02:10 - 2012-08-27 02:10 - 00034034 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.3

2012-08-27 02:10 - 2012-08-27 02:10 - 00033387 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.1

2012-08-27 02:10 - 2012-08-27 02:10 - 00033106 ____A C:\Users\Cassovel\AppData\Local\tmpBURGER PIC.2

2012-08-27 02:06 - 2012-08-27 02:06 - 01001264 ____A (Solid State Networks) C:\Users\Cassovel\Downloads\install_flashplayer11x32ax_mssa_au_aih.exe

2012-08-27 02:05 - 2012-08-27 02:05 - 00001705 ____A C:\Users\Cassovel\Desktop\Google Drive.lnk

2012-08-27 00:45 - 2012-08-27 00:45 - 00001915 ____A C:\Users\Public\Desktop\Samsung Kies.lnk

2012-08-27 00:15 - 2011-04-25 14:26 - 00001136 ____A C:\Users\Public\Desktop\Samsung Kies mini.lnk

2012-08-25 14:56 - 2012-01-25 06:38 - 00001976 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk

2012-08-24 10:05 - 2012-10-10 10:01 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll

2012-08-24 08:57 - 2012-10-10 10:01 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll

2012-08-24 03:15 - 2012-09-23 05:00 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-08-24 02:39 - 2012-09-23 05:00 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-08-24 02:31 - 2012-09-23 05:00 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-08-24 02:22 - 2012-09-23 05:00 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-08-24 02:21 - 2012-09-23 05:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-08-24 02:20 - 2012-09-23 05:00 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-08-24 02:18 - 2012-09-23 05:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-08-24 02:17 - 2012-09-23 05:00 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-08-24 02:14 - 2012-09-23 05:00 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-08-24 02:14 - 2012-09-23 05:00 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-08-24 02:13 - 2012-09-23 05:00 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2012-08-24 02:12 - 2012-09-23 05:00 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-08-24 02:11 - 2012-09-23 05:00 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2012-08-24 02:10 - 2012-09-23 05:00 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-08-24 02:09 - 2012-09-23 05:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-08-24 02:04 - 2012-09-23 05:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-08-24 00:09 - 2012-08-24 00:08 - 00265600 ____A C:\Windows\Minidump\082312-123412-01.dmp

2012-08-23 23:27 - 2012-09-23 05:00 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-08-23 23:03 - 2012-09-23 05:00 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-08-23 22:59 - 2012-09-23 05:00 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-08-23 22:51 - 2012-09-23 05:00 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-08-23 22:51 - 2012-09-23 05:00 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-08-23 22:51 - 2012-09-23 05:00 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-08-23 22:49 - 2012-09-23 05:00 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-08-23 22:48 - 2012-09-23 05:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-08-23 22:47 - 2012-09-23 05:00 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-08-23 22:47 - 2012-09-23 05:00 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2012-08-23 22:47 - 2012-09-23 05:00 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-08-23 22:45 - 2012-09-23 05:00 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2012-08-23 22:44 - 2012-09-23 05:00 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-08-23 22:44 - 2012-09-23 05:00 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-08-23 22:43 - 2012-09-23 05:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-08-23 22:40 - 2012-09-23 05:00 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-08-23 05:18 - 2009-07-13 20:45 - 00431064 ____A C:\Windows\System32\FNTCACHE.DAT

2012-08-22 10:12 - 2012-09-15 15:51 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

2012-08-22 10:12 - 2012-09-15 15:51 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys

2012-08-22 10:12 - 2012-09-15 15:51 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys

2012-08-22 10:12 - 2012-09-15 15:51 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS

2012-08-21 13:01 - 2012-09-25 13:40 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe

2012-08-20 23:06 - 2010-11-17 20:35 - 00116896 ____A C:\Users\Cassovel\AppData\Local\GDIPFONTCACHEV1.DAT

2012-08-20 10:48 - 2012-10-10 10:02 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll

2012-08-20 10:48 - 2012-10-10 10:02 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll

2012-08-20 10:48 - 2012-10-10 10:02 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll

2012-08-20 10:48 - 2012-10-10 10:02 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll

2012-08-20 10:48 - 2012-10-10 10:02 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll

2012-08-20 10:48 - 2012-10-10 10:02 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll

2012-08-20 10:48 - 2012-10-10 10:02 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll

2012-08-20 10:46 - 2012-10-10 10:02 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe

2012-08-20 10:38 - 2012-10-10 10:02 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 10:02 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 10:02 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 10:02 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 10:02 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 10:02 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 10:02 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 10:02 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll

2012-08-20 10:38 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll

2012-08-20 09:40 - 2012-10-10 10:02 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2012-08-20 09:38 - 2012-10-10 10:02 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2012-08-20 09:37 - 2012-10-10 10:02 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2012-08-20 09:37 - 2012-10-10 10:02 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2012-08-20 09:37 - 2012-10-10 10:02 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2012-08-20 09:32 - 2012-10-10 10:02 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2012-08-20 09:32 - 2012-10-10 10:02 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2012-08-20 09:32 - 2012-10-10 10:02 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2012-08-20 09:32 - 2012-10-10 10:02 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2012-08-20 09:32 - 2012-10-10 10:02 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2012-08-20 09:32 - 2012-10-10 10:02 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2012-08-20 09:32 - 2012-10-10 10:02 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2012-08-20 09:32 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2012-08-20 09:32 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2012-08-20 09:32 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2012-08-20 09:32 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2012-08-20 09:32 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2012-08-20 09:32 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2012-08-20 09:32 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2012-08-20 07:38 - 2012-10-10 10:02 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2012-08-20 07:38 - 2012-10-10 10:02 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2012-08-20 07:33 - 2012-10-10 10:02 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2012-08-20 07:33 - 2012-10-10 10:02 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2012-08-20 07:33 - 2012-10-10 10:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2012-08-20 07:33 - 2012-10-10 10:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2012-08-20 03:37 - 2012-08-20 03:37 - 00001859 ____A C:\Users\Cassovel\Desktop\Install ApproveIt Desktop.lnk

2012-08-20 02:47 - 2012-08-20 02:44 - 40046905 ____A C:\Users\Cassovel\Documents\AC62_AFR_Home_Use.zip

2012-08-20 02:04 - 2012-08-20 01:59 - 71935640 ____A (IBM ) C:\Users\Cassovel\Documents\Viewer_DSig_3.5.1.333.exe

2012-08-20 01:57 - 2012-08-20 01:55 - 27386256 ____A ( ) C:\Users\Cassovel\Documents\AdbeRdr930_en_US.exe

2012-08-19 22:01 - 2012-08-19 21:58 - 32886524 ____A C:\Users\Cassovel\Downloads\ActivClient62.zip

2012-08-19 21:56 - 2012-08-19 21:56 - 00138403 ____A C:\Users\Cassovel\Downloads\InstallRoot_v3.15A.zip

2012-08-19 21:55 - 2012-08-19 21:55 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf

2012-08-10 16:56 - 2012-10-10 10:01 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll

2012-08-10 15:56 - 2012-10-10 10:01 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

TDL4: custom:26000022 <===== ATTENTION!

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-10-21 21:07:42

Restore point made on: 2012-10-26 15:44:18

Restore point made on: 2012-10-26 20:16:02

Restore point made on: 2012-10-26 20:45:39

==================== Memory info ===========================

Percentage of memory in use: 11%

Total physical RAM: 8151.08 MB

Available physical RAM: 7173.25 MB

Total Pagefile: 8149.23 MB

Available Pagefile: 7166.5 MB

Total Virtual: 8192 MB

Available Virtual: 8191.91 MB

==================== Partitions =============================

1 Drive c: (HP) (Fixed) (Total:920.36 GB) (Free:778.93 GB) NTFS

2 Drive e: (FACTORY_IMAGE) (Fixed) (Total:11.06 GB) (Free:1.59 GB) NTFS ==>[system with boot components (obtained from reading drive)]

4 Drive g: (WDO_MEDIA64) (Removable) (Total:3.77 GB) (Free:3.76 GB) FAT32

9 Drive x: (Boot) (Fixed) (Total:0.08 GB) (Free:0.07 GB) NTFS

10 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]

ATTENTION: Malware custom entry on BCD on drive y: detected. Check for MBR/Partition infection.

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 931 GB 0 B

Disk 1 Online 3864 MB 0 B

Disk 2 No Media 0 B 0 B

Disk 3 No Media 0 B 0 B

Disk 4 No Media 0 B 0 B

Disk 5 No Media 0 B 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 100 MB 1024 KB

Partition 2 Primary 920 GB 101 MB

Partition 3 Primary 11 GB 920 GB

==================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 Y SYSTEM NTFS Partition 100 MB Healthy

=========================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C HP NTFS Partition 920 GB Healthy

=========================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 E FACTORY_IMA NTFS Partition 11 GB Healthy

=========================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 3863 MB 31 KB

==================================================================================

Disk: 1

Partition 1

Type : 0B

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 G WDO_MEDIA64 FAT32 Removable 3863 MB Healthy

=========================================================

Last Boot: 2012-11-02 19:18

==================== End Of Log =============================

Link to post
Share on other sites

Open Notepad (Start => All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open Notepad and select Paste). Save it on the flashdrive as fixlist.txt

start

TDL4: custom:26000022 <===== ATTENTION!

end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.

Link to post
Share on other sites

fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-10-2012

Ran by SYSTEM at 2012-11-06 19:22:13 Run:2

Running from G:\

==============================================

The operation completed successfully.

The operation completed successfully.

==== End of Fixlog ====

also the computer turned on and no blue screen.. awesome :) what next lol

Link to post
Share on other sites

DDS (Ver_2012-11-05.02) - NTFS_AMD64

Internet Explorer: 9.0.8112.16450 BrowserJavaVersion: 10.9.2

Run by Cassovel at 23:36:52 on 2012-11-06

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8151.5758 [GMT -10:00]

.

AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\ActivIdentity\ActivClient\acevents.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler64.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Program Files\ActivIdentity\ActivClient\acevents.exe

C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

C:\Program Files (x86)\Samsung\Kies\Kies.exe

C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

C:\Program Files (x86)\Google\Drive\googledrivesync.exe

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

C:\Program Files\ActivIdentity\ActivClient\acsagent.exe

C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Google\Drive\googledrivesync.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

mWinlogon: Userinit = userinit.exe,

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>

BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\hp\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: PE_IE_Helper Class: {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files (x86)\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\CoIEPlg.dll

BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\IPS\IPSBHO.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\CoIEPlg.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [Google Update] "C:\Users\Cassovel\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload

uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup

uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart

uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

mRun: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ACTIVC~1.LNK - C:\Program Files\ActivIdentity\ActivClient\acsagent.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 192.168.0.1

TCP: Interfaces\{F46FA383-ABBB-4A7D-954C-E3A36BCFBB5B} : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{F46FA383-ABBB-4A7D-954C-E3A36BCFBB5B}\36163737F66756C6 : DHCPNameServer = 24.25.227.55 209.18.47.61 24.25.227.53

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe

x64-Run: [acevents] "C:\Program Files\ActivIdentity\ActivClient\acevents.exe"

x64-Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Cassovel\AppData\Roaming\Mozilla\Firefox\Profiles\ruvvtxuz.default\

FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/

FF - prefs.js: keyword.URL - hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=sf&tbid=80001&language=en&qkw=

FF - prefs.js: network.proxy.type - 0

FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll

FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\components\coFFPlgn.dll

FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll

FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npclntax_HBLiteSA.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npmfv.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Cassovel\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Users\Cassovel\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll

FF - plugin: C:\Users\Cassovel\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\Cassovel\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

FF - ExtSQL: 2012-10-21 16:51; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

FF - ExtSQL: !HIDDEN! 2011-07-22 17:01; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1402000.013\SymDS64.sys [2012-11-6 493216]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1402000.013\SymEFA64.sys [2012-11-6 1133216]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20121030.002\BHDrvx64.sys [2012-10-24 1385632]

R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1402000.013\ccSetx64.sys [2012-11-6 168096]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20121106.002\IDSviA64.sys [2012-11-6 513184]

R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1402000.013\Ironx64.sys [2012-11-6 224416]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1402000.013\symnets.sys [2012-11-6 432800]

R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/03/19 09:30:21];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2010-3-19 146928]

R2 ac.sharedstore;ActivIdentity Shared Store Service;C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [2012-6-20 277656]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-9-8 203776]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-3-19 13336]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe [2012-11-6 143928]

R2 sxuptp;SXUPTP Driver;C:\Windows\System32\drivers\sxuptp.sys [2009-7-3 291336]

R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-3-19 56344]

R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]

R3 LVUVC64;Logitech Webcam C210(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2010-3-19 763904]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-3-19 239616]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-10-18 102368]

S3 dgderdrv;dgderdrv;C:\Windows\System32\drivers\dgderdrv.sys [2010-9-14 20552]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-23 138912]

S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-11-21 48488]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-10-26 32768]

S3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\System32\drivers\lvpopf64.sys [2010-7-27 271712]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2012-10-18 203104]

S3 TFsExDisk;TFsExDisk;C:\Windows\System32\drivers\TFsExDisk.sys [2010-10-7 16392]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-20 59392]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-17 1255736]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2009-2-13 14464]

S4 D-Link SharePort Helper;D-Link SharePort Helper;C:\Program Files\D-Link\SharePort Utility\Spnuhelper.exe [2011-4-12 49152]

S4 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-11-07 09:27:37 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-11-07 07:55:39 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-11-07 07:55:27 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2012-11-07 07:36:07 776864 ----a-r- C:\Windows\System32\drivers\NISx64\1402000.013\srtsp64.sys

2012-11-07 07:36:07 493216 ----a-r- C:\Windows\System32\drivers\NISx64\1402000.013\SymDS64.sys

2012-11-07 07:36:07 432800 ----a-r- C:\Windows\System32\drivers\NISx64\1402000.013\symnets.sys

2012-11-07 07:36:07 37496 ----a-r- C:\Windows\System32\drivers\NISx64\1402000.013\srtspx64.sys

2012-11-07 07:36:07 23448 ----a-r- C:\Windows\System32\drivers\NISx64\1402000.013\SymELAM.sys

2012-11-07 07:36:07 224416 ----a-r- C:\Windows\System32\drivers\NISx64\1402000.013\Ironx64.sys

2012-11-07 07:36:07 168096 ----a-r- C:\Windows\System32\drivers\NISx64\1402000.013\ccSetx64.sys

2012-11-07 07:36:07 1133216 ----a-r- C:\Windows\System32\drivers\NISx64\1402000.013\SymEFA64.sys

2012-11-07 07:35:57 -------- d-----w- C:\Windows\System32\drivers\NISx64\1402000.013

2012-11-04 23:45:27 -------- d-----w- C:\FRST

2012-11-04 19:34:41 -------- d-----w- C:\Windows\Microsoft Antimalware

2012-10-27 04:52:01 -------- d-----w- C:\Users\Cassovel\AppData\Roaming\Malwarebytes

2012-10-27 04:51:53 -------- d-----w- C:\ProgramData\Malwarebytes

2012-10-27 04:51:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-10-22 12:25:24 -------- d-----w- C:\Users\Cassovel\AppData\Roaming\Tific

2012-10-22 12:25:23 -------- d-----w- C:\Users\Cassovel\AppData\Local\Symantec

2012-10-19 00:00:23 203104 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys

2012-10-19 00:00:23 102368 ----a-w- C:\Windows\System32\drivers\ssudbus.sys

2012-10-10 18:01:53 220160 ----a-w- C:\Windows\System32\wintrust.dll

2012-10-10 18:01:52 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-10-10 18:01:45 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-10-10 18:01:45 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-10-10 18:01:28 715776 ----a-w- C:\Windows\System32\kerberos.dll

2012-10-10 18:01:28 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll

2012-10-10 18:01:23 1464320 ----a-w- C:\Windows\System32\crypt32.dll

2012-10-10 18:01:23 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-10-10 18:01:22 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-10-10 18:01:22 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-10-10 18:01:22 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-10-10 18:01:21 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

.

==================== Find3M ====================

.

2012-11-07 07:55:13 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-11-07 07:36:47 177312 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS

2012-10-09 01:26:37 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-09 01:26:37 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-09-26 11:57:14 24576 ----a-w- C:\Windows\SysWow64\MASetupCleaner.exe

2012-09-26 11:57:14 172032 ----a-w- C:\Windows\SysWow64\muzapp.exe

2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys

2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys

2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe

2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll

2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll

2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll

2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll

2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe

2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe

2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

.

============= FINISH: 23:37:21.56 ===============

Link to post
Share on other sites

Good!

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Link to post
Share on other sites

Malwarebytes Anti-Malware (Trial) 1.65.1.1000

www.malwarebytes.org

Database version: v2012.11.08.10

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Cassovel :: CASSOVEL-PC [administrator]

Protection: Disabled

11/8/2012 1:05:42 PM

mbam-log-2012-11-08 (13-05-42).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 209774

Time elapsed: 1 minute(s), 50 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

following the original post that requested the TDSSKiller log, it will be in multiple posts because of the size:

07:57:52.0989 0404 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

07:57:53.0446 0404 ============================================================

07:57:53.0446 0404 Current date / time: 2012/11/09 07:57:53.0446

07:57:53.0446 0404 SystemInfo:

07:57:53.0446 0404

07:57:53.0446 0404 OS Version: 6.1.7601 ServicePack: 1.0

07:57:53.0446 0404 Product type: Workstation

07:57:53.0446 0404 ComputerName: CASSOVEL-PC

07:57:53.0446 0404 UserName: Cassovel

07:57:53.0446 0404 Windows directory: C:\Windows

07:57:53.0446 0404 System windows directory: C:\Windows

07:57:53.0447 0404 Running under WOW64

07:57:53.0447 0404 Processor architecture: Intel x64

07:57:53.0447 0404 Number of processors: 8

07:57:53.0447 0404 Page size: 0x1000

07:57:53.0447 0404 Boot type: Normal boot

07:57:53.0447 0404 ============================================================

07:57:53.0900 0404 BG loaded

07:57:54.0334 0404 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

07:57:54.0368 0404 ============================================================

07:57:54.0368 0404 \Device\Harddisk0\DR0:

07:57:54.0368 0404 MBR partitions:

07:57:54.0368 0404 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

07:57:54.0368 0404 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x730B6800

07:57:54.0368 0404 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x730E9000, BlocksNum 0x161D000

07:57:54.0368 0404 ============================================================

07:57:54.0454 0404 C: <-> \Device\Harddisk0\DR0\Partition2

07:57:54.0566 0404 D: <-> \Device\Harddisk0\DR0\Partition3

07:57:54.0567 0404 ============================================================

07:57:54.0567 0404 Initialize success

07:57:54.0567 0404 ============================================================

07:58:09.0286 3688 ============================================================

07:58:09.0286 3688 Scan started

07:58:09.0286 3688 Mode: Manual; SigCheck; TDLFS;

07:58:09.0286 3688 ============================================================

07:58:10.0180 3688 ================ Scan system memory ========================

07:58:10.0180 3688 System memory - ok

07:58:10.0181 3688 ================ Scan services =============================

07:58:10.0444 3688 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

07:58:10.0553 3688 1394ohci - ok

07:58:10.0660 3688 [ 9A9BFE6E4BF48E3F2F6313F42D491C90 ] ac.sharedstore C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe

07:58:10.0701 3688 ac.sharedstore - ok

07:58:10.0733 3688 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

07:58:10.0777 3688 ACPI - ok

07:58:10.0826 3688 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

07:58:10.0870 3688 AcpiPmi - ok

07:58:11.0006 3688 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

07:58:11.0044 3688 AdobeFlashPlayerUpdateSvc - ok

07:58:11.0090 3688 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

07:58:11.0139 3688 adp94xx - ok

07:58:11.0186 3688 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

07:58:11.0230 3688 adpahci - ok

07:58:11.0264 3688 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

07:58:11.0305 3688 adpu320 - ok

07:58:11.0331 3688 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

07:58:11.0412 3688 AeLookupSvc - ok

07:58:11.0461 3688 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

07:58:11.0509 3688 AFD - ok

07:58:11.0545 3688 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

07:58:11.0583 3688 agp440 - ok

07:58:11.0599 3688 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

07:58:11.0640 3688 ALG - ok

07:58:11.0682 3688 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

07:58:11.0719 3688 aliide - ok

07:58:11.0760 3688 [ 998021E7C3DE3E97E441ABACE498FFB6 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe

07:58:11.0802 3688 AMD External Events Utility - ok

07:58:11.0818 3688 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

07:58:11.0855 3688 amdide - ok

07:58:11.0875 3688 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

07:58:11.0915 3688 AmdK8 - ok

07:58:12.0104 3688 [ 250D5B746FFF9B7D88591EE60B63B3E4 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys

07:58:12.0295 3688 amdkmdag - ok

07:58:12.0322 3688 [ 781DAEC0C3E63950CCA53D193582F2E8 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys

07:58:12.0367 3688 amdkmdap - ok

07:58:12.0387 3688 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

07:58:12.0427 3688 AmdPPM - ok

07:58:12.0462 3688 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

07:58:12.0501 3688 amdsata - ok

07:58:12.0526 3688 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

07:58:12.0566 3688 amdsbs - ok

07:58:12.0583 3688 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

07:58:12.0618 3688 amdxata - ok

07:58:12.0655 3688 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

07:58:12.0732 3688 AppID - ok

07:58:12.0746 3688 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

07:58:12.0823 3688 AppIDSvc - ok

07:58:12.0854 3688 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

07:58:12.0927 3688 Appinfo - ok

07:58:13.0029 3688 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

07:58:13.0060 3688 Apple Mobile Device - ok

07:58:13.0082 3688 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys

07:58:13.0119 3688 arc - ok

07:58:13.0129 3688 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

07:58:13.0166 3688 arcsas - ok

07:58:13.0195 3688 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

07:58:13.0271 3688 AsyncMac - ok

07:58:13.0309 3688 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

07:58:13.0346 3688 atapi - ok

07:58:13.0382 3688 [ 77C149E6D702737B2E372DEE166FAEF8 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys

07:58:13.0419 3688 AtiHdmiService - ok

07:58:13.0465 3688 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

07:58:13.0556 3688 AudioEndpointBuilder - ok

07:58:13.0570 3688 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

07:58:13.0655 3688 AudioSrv - ok

07:58:13.0697 3688 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

07:58:13.0746 3688 AxInstSV - ok

07:58:13.0774 3688 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys

07:58:13.0822 3688 b06bdrv - ok

07:58:13.0850 3688 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

07:58:13.0894 3688 b57nd60a - ok

07:58:13.0947 3688 [ 01A24B415926BB5F772DBE12459D97DE ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE

07:58:13.0989 3688 BBSvc - ok

07:58:14.0035 3688 [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

07:58:14.0076 3688 BBUpdate - ok

07:58:14.0106 3688 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

07:58:14.0145 3688 BDESVC - ok

07:58:14.0152 3688 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

07:58:14.0231 3688 Beep - ok

07:58:14.0283 3688 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

07:58:14.0372 3688 BFE - ok

07:58:14.0518 3688 [ 652F4D186325B69FFE80EE18AE9ACC77 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20121030.002\BHDrvx64.sys

07:58:14.0591 3688 BHDrvx64 - ok

07:58:14.0618 3688 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll

07:58:14.0714 3688 BITS - ok

07:58:14.0731 3688 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

07:58:14.0770 3688 blbdrive - ok

07:58:14.0856 3688 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

07:58:14.0898 3688 Bonjour Service - ok

07:58:14.0937 3688 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

07:58:14.0975 3688 bowser - ok

07:58:14.0991 3688 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

07:58:15.0032 3688 BrFiltLo - ok

07:58:15.0040 3688 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

07:58:15.0081 3688 BrFiltUp - ok

07:58:15.0114 3688 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

07:58:15.0153 3688 Browser - ok

07:58:15.0183 3688 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

07:58:15.0226 3688 Brserid - ok

07:58:15.0241 3688 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

07:58:15.0286 3688 BrSerWdm - ok

07:58:15.0291 3688 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

07:58:15.0334 3688 BrUsbMdm - ok

07:58:15.0339 3688 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

07:58:15.0373 3688 BrUsbSer - ok

07:58:15.0388 3688 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

07:58:15.0430 3688 BTHMODEM - ok

07:58:15.0453 3688 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

07:58:15.0533 3688 bthserv - ok

07:58:15.0589 3688 [ 248C952C82DF1E23775432774CBB20F1 ] ccSet_NIS C:\Windows\system32\drivers\NISx64\1402000.013\ccSetx64.sys

07:58:15.0624 3688 ccSet_NIS - ok

07:58:15.0655 3688 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

07:58:15.0736 3688 cdfs - ok

07:58:15.0790 3688 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys

07:58:15.0832 3688 cdrom - ok

07:58:15.0867 3688 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

07:58:15.0942 3688 CertPropSvc - ok

07:58:15.0966 3688 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys

07:58:16.0010 3688 circlass - ok

07:58:16.0030 3688 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

07:58:16.0075 3688 CLFS - ok

07:58:16.0137 3688 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

07:58:16.0169 3688 clr_optimization_v2.0.50727_32 - ok

07:58:16.0207 3688 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

07:58:16.0242 3688 clr_optimization_v2.0.50727_64 - ok

07:58:16.0311 3688 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

07:58:16.0346 3688 clr_optimization_v4.0.30319_32 - ok

07:58:16.0377 3688 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

07:58:16.0411 3688 clr_optimization_v4.0.30319_64 - ok

07:58:16.0437 3688 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

07:58:16.0476 3688 CmBatt - ok

07:58:16.0513 3688 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

07:58:16.0551 3688 cmdide - ok

07:58:16.0605 3688 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys

07:58:16.0664 3688 CNG - ok

07:58:16.0689 3688 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

07:58:16.0724 3688 Compbatt - ok

07:58:16.0778 3688 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

07:58:16.0822 3688 CompositeBus - ok

07:58:16.0826 3688 COMSysApp - ok

07:58:16.0843 3688 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

07:58:16.0879 3688 crcdisk - ok

07:58:16.0918 3688 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll

07:58:16.0987 3688 CryptSvc - ok

07:58:17.0031 3688 [ DE28371013ED2ECCD4FF17F9526B9F27 ] D-Link SharePort Helper C:\Program Files\D-Link\SharePort Utility\Spnuhelper.exe

07:58:17.0050 3688 D-Link SharePort Helper ( UnsignedFile.Multi.Generic ) - warning

07:58:17.0050 3688 D-Link SharePort Helper - detected UnsignedFile.Multi.Generic (1)

07:58:17.0105 3688 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

07:58:17.0188 3688 DcomLaunch - ok

07:58:17.0207 3688 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

07:58:17.0287 3688 defragsvc - ok

07:58:17.0318 3688 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

07:58:17.0392 3688 DfsC - ok

07:58:17.0429 3688 [ DEF365F0F6E017888C4B869D3BA4B8E0 ] dgderdrv C:\Windows\system32\drivers\dgderdrv.sys

07:58:17.0459 3688 dgderdrv - ok

07:58:17.0504 3688 [ B9430166FEB246F6070A62B3554932C9 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys

07:58:17.0537 3688 dg_ssudbus - ok

07:58:17.0586 3688 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

07:58:17.0663 3688 Dhcp - ok

07:58:17.0685 3688 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

07:58:17.0760 3688 discache - ok

07:58:17.0799 3688 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys

07:58:17.0835 3688 Disk - ok

07:58:17.0870 3688 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

07:58:17.0909 3688 Dnscache - ok

07:58:17.0943 3688 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

07:58:18.0025 3688 dot3svc - ok

07:58:18.0066 3688 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

07:58:18.0144 3688 DPS - ok

07:58:18.0168 3688 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

07:58:18.0211 3688 drmkaud - ok

07:58:18.0258 3688 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

07:58:18.0323 3688 DXGKrnl - ok

07:58:18.0344 3688 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

07:58:18.0424 3688 EapHost - ok

07:58:18.0500 3688 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys

07:58:18.0608 3688 ebdrv - ok

07:58:18.0650 3688 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

07:58:18.0691 3688 eeCtrl - ok

07:58:18.0726 3688 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

07:58:18.0764 3688 EFS - ok

07:58:18.0828 3688 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

07:58:18.0878 3688 ehRecvr - ok

07:58:18.0898 3688 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

07:58:18.0937 3688 ehSched - ok

07:58:18.0962 3688 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

07:58:19.0011 3688 elxstor - ok

07:58:19.0073 3688 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilDrv11220 C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys

07:58:19.0104 3688 EraserUtilDrv11220 - ok

07:58:19.0145 3688 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

07:58:19.0176 3688 EraserUtilRebootDrv - ok

07:58:19.0205 3688 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

07:58:19.0242 3688 ErrDev - ok

07:58:19.0265 3688 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

07:58:19.0346 3688 EventSystem - ok

07:58:19.0372 3688 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

07:58:19.0450 3688 exfat - ok

07:58:19.0458 3688 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

07:58:19.0536 3688 fastfat - ok

07:58:19.0585 3688 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

07:58:19.0636 3688 Fax - ok

07:58:19.0650 3688 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys

07:58:19.0688 3688 fdc - ok

07:58:19.0710 3688 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

07:58:19.0785 3688 fdPHost - ok

07:58:19.0793 3688 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

07:58:19.0868 3688 FDResPub - ok

07:58:19.0880 3688 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

07:58:19.0917 3688 FileInfo - ok

07:58:19.0928 3688 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

07:58:20.0004 3688 Filetrace - ok

07:58:20.0013 3688 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

07:58:20.0051 3688 flpydisk - ok

07:58:20.0089 3688 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

07:58:20.0132 3688 FltMgr - ok

07:58:20.0183 3688 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll

07:58:20.0245 3688 FontCache - ok

07:58:20.0312 3688 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

07:58:20.0344 3688 FontCache3.0.0.0 - ok

07:58:20.0360 3688 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

07:58:20.0396 3688 FsDepends - ok

07:58:20.0437 3688 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys

07:58:20.0466 3688 fssfltr - ok

07:58:20.0553 3688 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

07:58:20.0618 3688 fsssvc - ok

07:58:20.0653 3688 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

07:58:20.0688 3688 Fs_Rec - ok

07:58:20.0735 3688 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

07:58:20.0784 3688 fvevol - ok

07:58:20.0814 3688 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

07:58:20.0852 3688 gagp30kx - ok

07:58:20.0910 3688 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

07:58:20.0944 3688 GamesAppService - ok

07:58:20.0978 3688 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

07:58:21.0010 3688 GEARAspiWDM - ok

07:58:21.0074 3688 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

07:58:21.0169 3688 gpsvc - ok

07:58:21.0244 3688 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

07:58:21.0275 3688 gupdate - ok

07:58:21.0288 3688 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

07:58:21.0319 3688 gupdatem - ok

07:58:21.0340 3688 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

07:58:21.0373 3688 gusvc - ok

07:58:21.0387 3688 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

07:58:21.0426 3688 hcw85cir - ok

07:58:21.0483 3688 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys

07:58:21.0528 3688 HDAudBus - ok

07:58:21.0539 3688 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys

07:58:21.0572 3688 HECIx64 - ok

07:58:21.0596 3688 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

07:58:21.0635 3688 HidBatt - ok

07:58:21.0651 3688 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

07:58:21.0693 3688 HidBth - ok

07:58:21.0701 3688 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

07:58:21.0744 3688 HidIr - ok

07:58:21.0763 3688 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll

07:58:21.0839 3688 hidserv - ok

07:58:21.0873 3688 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys

07:58:21.0910 3688 HidUsb - ok

07:58:21.0939 3688 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

07:58:22.0016 3688 hkmsvc - ok

07:58:22.0049 3688 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

07:58:22.0090 3688 HomeGroupListener - ok

07:58:22.0133 3688 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

07:58:22.0175 3688 HomeGroupProvider - ok

07:58:22.0250 3688 [ BE78357FB49759B79CCC01894BCFDDDB ] HP Health Check Service C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

07:58:22.0281 3688 HP Health Check Service - ok

07:58:22.0339 3688 [ 2DFB151FD34DF104DAC0ADF070EDA83C ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

07:58:22.0368 3688 HPDrvMntSvc.exe - ok

07:58:22.0455 3688 [ 1DAE5C46D42B02A6D5862E1482EFB390 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll

07:58:22.0478 3688 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning

07:58:22.0478 3688 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)

07:58:22.0491 3688 [ 99E8EEF42FE2F4AF29B08C3355DD7685 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll

07:58:22.0515 3688 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning

07:58:22.0515 3688 hpqddsvc - detected UnsignedFile.Multi.Generic (1)

07:58:22.0550 3688 [ 184C500CB9F69585F3FE85E1D2667CD8 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

07:58:22.0598 3688 hpqwmiex - ok

07:58:22.0638 3688 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

07:58:22.0676 3688 HpSAMD - ok

07:58:22.0739 3688 [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL

07:58:22.0783 3688 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning

07:58:22.0783 3688 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)

07:58:22.0812 3688 [ CF44B25AE808765D7308F412AD492DDB ] HTCAND64 C:\Windows\system32\Drivers\ANDROIDUSB.sys

07:58:22.0835 3688 HTCAND64 ( UnsignedFile.Multi.Generic ) - warning

07:58:22.0835 3688 HTCAND64 - detected UnsignedFile.Multi.Generic (1)

07:58:22.0894 3688 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

07:58:22.0985 3688 HTTP - ok

07:58:23.0018 3688 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

07:58:23.0054 3688 hwpolicy - ok

07:58:23.0098 3688 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

07:58:23.0140 3688 i8042prt - ok

07:58:23.0158 3688 [ 631FA8935163B01FC0C02966CB3ADB92 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys

07:58:23.0201 3688 iaStor - ok

07:58:23.0239 3688 [ 7493EA4DE41348F7D3EDBF9DB298F56A ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

07:58:23.0269 3688 IAStorDataMgrSvc - ok

07:58:23.0311 3688 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

07:58:23.0360 3688 iaStorV - ok

07:58:23.0416 3688 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

07:58:23.0469 3688 idsvc - ok

07:58:23.0525 3688 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20121108.001\IDSvia64.sys

07:58:23.0568 3688 IDSVia64 - ok

07:58:23.0590 3688 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

07:58:23.0626 3688 iirsp - ok

07:58:23.0667 3688 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

07:58:23.0753 3688 IKEEXT - ok

07:58:23.0833 3688 [ 3C4B4EE54FEBB09F7E9F58776DE96DCA ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

07:58:23.0933 3688 IntcAzAudAddService - ok

07:58:23.0950 3688 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

07:58:23.0985 3688 intelide - ok

07:58:24.0006 3688 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

07:58:24.0044 3688 intelppm - ok

07:58:24.0072 3688 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

07:58:24.0149 3688 IPBusEnum - ok

07:58:24.0184 3688 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

07:58:24.0262 3688 IpFilterDriver - ok

07:58:24.0310 3688 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

07:58:24.0399 3688 iphlpsvc - ok

07:58:24.0428 3688 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

07:58:24.0468 3688 IPMIDRV - ok

07:58:24.0493 3688 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

07:58:24.0573 3688 IPNAT - ok

07:58:24.0634 3688 [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

07:58:24.0687 3688 iPod Service - ok

07:58:24.0712 3688 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

07:58:24.0759 3688 IRENUM - ok

07:58:24.0803 3688 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

07:58:24.0840 3688 isapnp - ok

07:58:24.0877 3688 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

07:58:24.0921 3688 iScsiPrt - ok

07:58:24.0947 3688 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys

07:58:24.0982 3688 kbdclass - ok

07:58:25.0013 3688 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys

07:58:25.0051 3688 kbdhid - ok

07:58:25.0068 3688 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

07:58:25.0105 3688 KeyIso - ok

07:58:25.0138 3688 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

07:58:25.0175 3688 KSecDD - ok

07:58:25.0192 3688 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

07:58:25.0230 3688 KSecPkg - ok

07:58:25.0240 3688 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

07:58:25.0318 3688 ksthunk - ok

07:58:25.0345 3688 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

07:58:25.0427 3688 KtmRm - ok

07:58:25.0468 3688 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll

07:58:25.0547 3688 LanmanServer - ok

07:58:25.0574 3688 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

07:58:25.0653 3688 LanmanWorkstation - ok

07:58:25.0693 3688 [ 2238B91AC1A12CC6CC4C4FED41258B2A ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

07:58:25.0716 3688 LightScribeService ( UnsignedFile.Multi.Generic ) - warning

07:58:25.0716 3688 LightScribeService - detected UnsignedFile.Multi.Generic (1)

07:58:25.0736 3688 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

07:58:25.0815 3688 lltdio - ok

07:58:25.0834 3688 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

07:58:25.0918 3688 lltdsvc - ok

07:58:25.0944 3688 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

07:58:26.0021 3688 lmhosts - ok

07:58:26.0054 3688 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

07:58:26.0091 3688 LSI_FC - ok

07:58:26.0106 3688 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

07:58:26.0145 3688 LSI_SAS - ok

07:58:26.0159 3688 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

07:58:26.0198 3688 LSI_SAS2 - ok

07:58:26.0215 3688 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

07:58:26.0255 3688 LSI_SCSI - ok

07:58:26.0272 3688 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

07:58:26.0353 3688 luafv - ok

07:58:26.0398 3688 [ C586CC39820B6E7FE3657FED8329D300 ] lvpopf64 C:\Windows\system32\DRIVERS\lvpopf64.sys

07:58:26.0437 3688 lvpopf64 - ok

07:58:26.0441 3688 LVPr2M64 - ok

07:58:26.0485 3688 [ 0C85B2B6FB74B36A251792D45E0EF860 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys

07:58:26.0528 3688 LVRS64 - ok

07:58:26.0648 3688 [ FF3A488924B0032B1A9CA6948C1FA9E8 ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys

07:58:26.0827 3688 LVUVC64 - ok

07:58:26.0850 3688 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

07:58:26.0891 3688 Mcx2Svc - ok

07:58:26.0913 3688 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

07:58:26.0948 3688 megasas - ok

07:58:26.0979 3688 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

07:58:27.0021 3688 MegaSR - ok

07:58:27.0089 3688 Microsoft SharePoint Workspace Audit Service - ok

07:58:27.0113 3688 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

07:58:27.0193 3688 MMCSS - ok

07:58:27.0217 3688 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

07:58:27.0296 3688 Modem - ok

07:58:27.0322 3688 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

07:58:27.0365 3688 monitor - ok

07:58:27.0404 3688 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys

07:58:27.0441 3688 mouclass - ok

07:58:27.0467 3688 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

07:58:27.0506 3688 mouhid - ok

07:58:27.0540 3688 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

07:58:27.0577 3688 mountmgr - ok

07:58:27.0656 3688 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

07:58:27.0688 3688 MozillaMaintenance - ok

07:58:27.0721 3688 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

07:58:27.0760 3688 mpio - ok

07:58:27.0778 3688 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

07:58:27.0858 3688 mpsdrv - ok

07:58:27.0906 3688 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

07:58:28.0002 3688 MpsSvc - ok

07:58:28.0039 3688 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

07:58:28.0087 3688 MRxDAV - ok

07:58:28.0121 3688 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

07:58:28.0160 3688 mrxsmb - ok

07:58:28.0199 3688 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

07:58:28.0241 3688 mrxsmb10 - ok

07:58:28.0253 3688 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

07:58:28.0293 3688 mrxsmb20 - ok

07:58:28.0323 3688 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

07:58:28.0360 3688 msahci - ok

07:58:28.0394 3688 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

07:58:28.0434 3688 msdsm - ok

07:58:28.0448 3688 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

07:58:28.0492 3688 MSDTC - ok

07:58:28.0521 3688 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

07:58:28.0597 3688 Msfs - ok

07:58:28.0618 3688 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

07:58:28.0694 3688 mshidkmdf - ok

07:58:28.0737 3688 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

07:58:28.0780 3688 msisadrv - ok

07:58:28.0811 3688 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

07:58:28.0889 3688 MSiSCSI - ok

07:58:28.0894 3688 msiserver - ok

07:58:28.0913 3688 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

07:58:28.0993 3688 MSKSSRV - ok

07:58:29.0000 3688 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

07:58:29.0078 3688 MSPCLOCK - ok

07:58:29.0083 3688 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

07:58:29.0160 3688 MSPQM - ok

07:58:29.0197 3688 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

07:58:29.0244 3688 MsRPC - ok

07:58:29.0262 3688 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

07:58:29.0299 3688 mssmbios - ok

07:58:29.0315 3688 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

07:58:29.0394 3688 MSTEE - ok

07:58:29.0412 3688 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

07:58:29.0451 3688 MTConfig - ok

07:58:29.0465 3688 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

07:58:29.0503 3688 Mup - ok

07:58:29.0545 3688 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

07:58:29.0632 3688 napagent - ok

07:58:29.0662 3688 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

07:58:29.0715 3688 NativeWifiP - ok

07:58:29.0777 3688 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20121108.008\ENG64.SYS

07:58:29.0810 3688 NAVENG - ok

07:58:29.0866 3688 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20121108.008\EX64.SYS

07:58:29.0949 3688 NAVEX15 - ok

07:58:29.0993 3688 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys

07:58:30.0057 3688 NDIS - ok

07:58:30.0080 3688 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

07:58:30.0159 3688 NdisCap - ok

07:58:30.0178 3688 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

07:58:30.0257 3688 NdisTapi - ok

07:58:30.0292 3688 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

07:58:30.0370 3688 Ndisuio - ok

07:58:30.0411 3688 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

07:58:30.0490 3688 NdisWan - ok

07:58:30.0522 3688 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

07:58:30.0600 3688 NDProxy - ok

07:58:30.0650 3688 [ D5AC41AE382738483FAFFBD7E373D49A ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll

07:58:30.0673 3688 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

07:58:30.0673 3688 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

07:58:30.0698 3688 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

07:58:30.0777 3688 NetBIOS - ok

07:58:30.0817 3688 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

07:58:30.0897 3688 NetBT - ok

07:58:30.0918 3688 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

07:58:30.0957 3688 Netlogon - ok

07:58:30.0993 3688 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

07:58:31.0080 3688 Netman - ok

07:58:31.0102 3688 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

07:58:31.0192 3688 netprofm - ok

07:58:31.0233 3688 [ 254AF6DF67EAFA8C6E0AA0D316487673 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys

07:58:31.0286 3688 netr28x - ok

07:58:31.0316 3688 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

07:58:31.0350 3688 NetTcpPortSharing - ok

07:58:31.0375 3688 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

07:58:31.0412 3688 nfrd960 - ok

07:58:31.0475 3688 [ 4A9258B9597A31DB68EC9740F3A8A70B ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe

07:58:31.0506 3688 NIS - ok

07:58:31.0557 3688 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll

07:58:31.0634 3688 NlaSvc - ok

07:58:31.0660 3688 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

07:58:31.0736 3688 Npfs - ok

07:58:31.0779 3688 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

07:58:31.0859 3688 nsi - ok

07:58:31.0869 3688 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

07:58:31.0947 3688 nsiproxy - ok

07:58:32.0012 3688 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

07:58:32.0101 3688 Ntfs - ok

07:58:32.0116 3688 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

07:58:32.0195 3688 Null - ok

07:58:32.0216 3688 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

07:58:32.0257 3688 nvraid - ok

07:58:32.0291 3688 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

07:58:32.0330 3688 nvstor - ok

07:58:32.0373 3688 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

07:58:32.0412 3688 nv_agp - ok

07:58:32.0447 3688 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

07:58:32.0487 3688 ohci1394 - ok

07:58:32.0544 3688 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

07:58:32.0577 3688 ose - ok

07:58:32.0715 3688 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

07:58:32.0868 3688 osppsvc - ok

07:58:32.0900 3688 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

07:58:32.0945 3688 p2pimsvc - ok

07:58:32.0963 3688 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

07:58:33.0010 3688 p2psvc - ok

07:58:33.0034 3688 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys

07:58:33.0074 3688 Parport - ok

07:58:33.0109 3688 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

07:58:33.0147 3688 partmgr - ok

07:58:33.0162 3688 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

07:58:33.0212 3688 PcaSvc - ok

07:58:33.0223 3688 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

07:58:33.0263 3688 pci - ok

07:58:33.0303 3688 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

07:58:33.0338 3688 pciide - ok

07:58:33.0361 3688 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

07:58:33.0403 3688 pcmcia - ok

07:58:33.0424 3688 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

07:58:33.0462 3688 pcw - ok

07:58:33.0487 3688 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

07:58:33.0580 3688 PEAUTH - ok

07:58:33.0677 3688 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

07:58:33.0717 3688 PerfHost - ok

07:58:33.0781 3688 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

07:58:33.0886 3688 pla - ok

Link to post
Share on other sites