stuff2 Posted December 2, 2013 ID:760103 Share Posted December 2, 2013 HiI got a unwanted guest that will not go away. took over . please i need some help. I tried to do a re-install vista, nothing ran a program like this it show I ran tddkiller, roguekiller, others still there. here is txt. information off the vista. ============= . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 11/25/2013 9:16:15 PM System Uptime: 12/1/2013 3:26:16 PM (0 hours ago) . Motherboard: ASUSTek Computer INC. | | Acacia Processor: AMD Athlon 64 X2 Dual Core Processor 5200+ | Socket AM2 | 2700/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 456 GiB total, 412.216 GiB free. D: is FIXED (NTFS) - 9 GiB total, 1.267 GiB free. E: is CDROM () F: is Removable G: is Removable H: is Removable I: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . . ==== Installed Programs ====================== . Adobe Flash Player ActiveX Adobe Reader 8.1.0 Cards_Calendar_OrderGift_DoMorePlugout Compatibility Pack for the 2007 Office system CyberLink DVD Suite Deluxe Enhanced Multimedia Keyboard Solution Google Chrome Google Update Helper Hardware Diagnostic Tools Hewlett-Packard Active Check Hewlett-Packard Asset Agent for Health Check Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP Customer Experience Enhancements HP Customer Feedback HP Demo HP Easy Setup - Frontend HP On-Screen Cap/Num/Scroll Lock Indicator HP Photosmart Essential 2.5 HP Picasso Media Center Add-In HP Total Care Advisor HP Update HPPhotoSmartPhotobookWebPack1 Java SE Runtime Environment 6 Update 1 LabelPrint LightScribe System Software 1.10.23.1 LightScribeTemplateLabeler Microsoft .NET Framework 3.5 SP1 Microsoft Office Home and Student 60 day trial Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Works muvee autoProducer 6.1 My HP Games NVIDIA Drivers Power2Go PowerDirector PSSWCORE Python 2.5 Realtek High Definition Audio Driver Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Snapfish Picture Mover Soft Data Fax Modem with SmartCP Toolwiz Care Update for Microsoft .NET Framework 3.5 SP1 (KB963707) VideoToolkit01 WeatherBug Gadget Yahoo! Toolbar . ==== End Of File =========================== DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK Internet Explorer: 7.0.6001.18639 Run by zeeland at 15:27:43 on 2013-12-01 #Option MBR scan is disabled. Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3454.3018 [GMT -8:00] . AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe c:\Program Files\Microsoft Security Client\MsMpEng.exe c:\Program Files\Microsoft Security Client\MpCmdRun.exe C:\Windows\Explorer.EXE C:\Windows\helppane.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted . ============== Pseudo HJT Report =============== . ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter uRun: [ToolwizCareFree] "c:\program files\toolwizcarefree\ToolwizCares.exe" -autorun mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe mRun: [KBD] c:\hp\kbd\KbdStub.EXE mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe" mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.6.0_01\bin\jusched.exe" mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\snapfi~1.lnk - c:\program files\snapfish picture mover\SnapfishMediaDetector.exe mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll DPF: {8AD9C840-044E-11D1-B3E9-java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0001-java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome . ============= SERVICES / DRIVERS =============== . R0 BTOWSVF;BTOWSVF;c:\windows\system32\drivers\BTOWSVF.sys [2013-11-26 45952] R0 KSafeDISK;KSafeDISK;c:\windows\system32\drivers\KSafeDISK.sys [2013-11-26 48640] R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\drivers\netr73.sys [2008-2-27 464384] S0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-9-27 214696] S1 BTOWSFF;BTOWSFF;c:\windows\system32\drivers\BTOWSFF.sys [2013-11-26 27648] S1 MpKsl4057042a;MpKsl4057042a;c:\programdata\microsoft\microsoft antimalware\definition updates\{7af0674d-3bce-42a8-8af8-cdd11248f09c}\MpKsl4057042a.sys [2013-12-1 40392] S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-9-27 104768] S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-10-23 280288] . =============== Created Last 30 ================ . 2013-12-01 20:32:31 40392 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{7af0674d-3bce-42a8-8af8-cdd11248f09c}\MpKsl4057042a.sys 2013-12-01 20:12:48 62576 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{7af0674d-3bce-42a8-8af8-cdd11248f09c}\offreg.dll 2013-11-30 02:18:30 7772552 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{7af0674d-3bce-42a8-8af8-cdd11248f09c}\mpengine.dll 2013-11-30 02:17:56 719224 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll 2013-11-30 02:17:56 719224 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{928b0087-c1fc-4efc-bc57-4784ad9819db}\gapaengine.dll 2013-11-29 22:58:38 -------- d-----w- c:\windows\system32\MRT 2013-11-29 22:57:01 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2013-11-29 22:57:00 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2013-11-29 22:57:00 1695744 ----a-w- c:\windows\system32\gameux.dll 2013-11-28 18:07:28 -------- d-----w- C:\TDSSKiller_Quarantine 2013-11-28 17:43:01 7772552 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2013-11-28 17:33:39 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2013-11-28 17:33:39 49472 ----a-w- c:\windows\system32\netfxperf.dll 2013-11-28 17:33:39 297808 ----a-w- c:\windows\system32\mscoree.dll 2013-11-28 17:33:39 295264 ----a-w- c:\windows\system32\PresentationHost.exe 2013-11-28 17:33:39 1130824 ----a-w- c:\windows\system32\dfshim.dll 2013-11-27 20:32:00 -------- d-----w- c:\users\zeeland\appdata\roaming\QuickScan 2013-11-27 20:27:50 -------- d-----w- c:\users\zeeland\appdata\roaming\HpUpdate 2013-11-27 20:27:49 -------- d-----w- c:\windows\Hewlett-Packard 2013-11-27 20:27:34 17920 ----a-w- c:\windows\system32\netevent.dll 2013-11-27 20:27:34 125952 ----a-w- c:\windows\system32\srvsvc.dll 2013-11-27 20:27:30 378368 ----a-w- c:\windows\system32\winhttp.dll 2013-11-27 20:25:09 -------- d-----w- c:\users\zeeland\appdata\local\Hewlett-Packard 2013-11-27 15:51:27 454656 ----a-w- c:\program files\common files\system\msadc\msadce.dll 2013-11-27 15:39:56 97800 ----a-w- c:\windows\system32\infocardapi.dll 2013-11-27 15:39:55 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2013-11-27 15:39:54 622080 ----a-w- c:\windows\system32\icardagt.exe 2013-11-27 15:39:54 37384 ----a-w- c:\windows\system32\infocardcpl.cpl 2013-11-27 15:39:54 11264 ----a-w- c:\windows\system32\icardres.dll 2013-11-27 15:39:51 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll 2013-11-27 15:35:31 158720 ----a-w- c:\windows\system32\mscorier.dll 2013-11-27 15:35:25 83968 ----a-w- c:\windows\system32\mscories.dll 2013-11-27 15:33:37 24064 ----a-w- c:\windows\system32\nshhttp.dll 2013-11-27 15:33:34 411136 ----a-w- c:\windows\system32\drivers\http.sys 2013-11-27 15:33:33 31232 ----a-w- c:\windows\system32\httpapi.dll 2013-11-26 21:46:40 -------- d-----w- c:\program files\Microsoft Security Client 2013-11-26 21:24:54 48640 ----a-w- c:\windows\system32\drivers\KSafeDISK.sys 2013-11-26 21:24:53 45952 ----a-w- c:\windows\system32\drivers\BTOWSVF.sys 2013-11-26 21:24:53 27648 ----a-w- c:\windows\system32\drivers\BTOWSFF.sys 2013-11-26 21:24:53 -------- d--h--w- C:\TOOLWIZ 2013-11-26 21:24:52 -------- d-----w- c:\users\zeeland\appdata\local\ToolwizCareFree 2013-11-26 21:24:50 -------- d-----w- c:\program files\ToolwizCareFree 2013-11-26 21:15:58 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll 2013-11-26 21:15:56 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll 2013-11-26 21:15:50 801280 ----a-w- c:\windows\system32\NaturalLanguage6.dll 2013-11-26 21:12:35 -------- d-----w- c:\users\zeeland\appdata\local\Google 2013-11-26 21:12:11 -------- d-----w- c:\users\zeeland\appdata\roaming\Symantec 2013-11-26 18:13:52 168960 ----a-w- c:\program files\windows media player\wmplayer.exe 2013-11-26 18:12:59 302592 ----a-w- c:\windows\system32\wlansec.dll 2013-11-26 18:11:59 954288 ----a-w- c:\windows\system32\mfc40u.dll 2013-11-26 18:10:59 996352 ----a-w- c:\windows\system32\WMNetMgr.dll 2013-11-26 18:05:40 276992 ----a-w- c:\windows\system32\schannel.dll 2013-11-26 18:04:51 2730536 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll 2013-11-26 18:04:40 7772552 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e5c07f36-803f-42f4-8e05-0a389246cac0}\mpengine.dll 2013-11-26 18:04:37 230048 ------w- c:\windows\system32\MpSigStub.exe 2013-11-26 18:03:27 171520 ----a-w- c:\windows\system32\wintrust.dll 2013-11-26 18:03:09 98304 ----a-w- c:\windows\system32\cabview.dll 2013-11-26 05:21:30 -------- d-sh--we C:\Documents and Settings . ==================== Find3M ==================== . 2013-09-27 17:53:06 214696 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2013-09-27 17:53:06 104768 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys . ============= FINISH: 15:28:35.54 =============== Link to post Share on other sites More sharing options...
Maniac Posted December 3, 2013 ID:760447 Share Posted December 3, 2013 Hello stuff2 and ! My name is Borislav and I will be glad to help you solve your malware problem. Please note:If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.Make sure you read all of the instructions and fixes thoroughly before continuing with them.Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.Why do you think that your system is infected with Alureon? Please give me more details. Please download Malwarebytes Anti-Rootkit from hereUnzip the contents to a folder in a convenient location.Open the folder where the contents were unzipped and run mbar.exeFollow the instructions in the wizard to update and allow the program to scan your computer for threats.Click on the Cleanup button to remove any threats and reboot if prompted to do so.Wait while the system shuts down and the cleanup process is performed.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt Link to post Share on other sites More sharing options...
stuff2 Posted December 5, 2013 Author ID:760894 Share Posted December 5, 2013 Thanks for your replay. sorry I have to go between machines infected one would not let me in safemode. I could not download the root.kit on either one. it will take me a day to figure out what is going on. Sorry Link to post Share on other sites More sharing options...
stuff2 Posted December 5, 2013 Author ID:760916 Share Posted December 5, 2013 The scan came back with nothing wrong and this is the only log I saw in the folder. Microsoft essential show Trojandos/alureon.k was only partially removed. File system is: NTFSDisk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXEDCPU speed: 2.700000 GHzMemory total: 3621404672, free: 2614796288 Host not foundDownloaded database version: v2013.12.05.01Downloaded database version: v2013.10.11.02Initializing...======================------------ Kernel report ------------ 12/04/2013 19:13:11------------ Loaded modules -----------\SystemRoot\system32\ntkrnlpa.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\BOOTVID.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\drivers\acpi.sys\SystemRoot\system32\drivers\WMILIB.SYS\SystemRoot\system32\drivers\msisadrv.sys\SystemRoot\system32\drivers\pci.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\drivers\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\system32\drivers\pciide.sys\SystemRoot\system32\drivers\PCIIDEX.SYS\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\drivers\nvraid.sys\SystemRoot\system32\drivers\CLASSPNP.SYS\SystemRoot\system32\drivers\atapi.sys\SystemRoot\system32\drivers\ataport.SYS\SystemRoot\system32\DRIVERS\nvstor32.sys\SystemRoot\system32\DRIVERS\storport.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\system32\DRIVERS\MpFilter.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\msrpc.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\system32\Drivers\KSafeDISK.sys\SystemRoot\System32\drivers\ecache.sys\SystemRoot\system32\drivers\disk.sys\SystemRoot\system32\drivers\crcdisk.sys\SystemRoot\system32\Drivers\BTOWSVF.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\DRIVERS\tunmp.sys\SystemRoot\system32\DRIVERS\amdk8.sys\SystemRoot\system32\DRIVERS\i8042prt.sys\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\PS2.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\usbohci.sys\SystemRoot\system32\DRIVERS\USBPORT.SYS\SystemRoot\system32\DRIVERS\usbehci.sys\SystemRoot\system32\DRIVERS\ohci1394.sys\SystemRoot\system32\DRIVERS\1394BUS.SYS\SystemRoot\system32\DRIVERS\HSXHWBS2.sys\SystemRoot\system32\DRIVERS\ks.sys\SystemRoot\system32\DRIVERS\HSX_DP.sys\SystemRoot\system32\DRIVERS\HSX_CNXT.sys\SystemRoot\system32\drivers\modem.sys\SystemRoot\system32\DRIVERS\HDAudBus.sys\SystemRoot\system32\DRIVERS\nvmfdx32.sys\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\system32\DRIVERS\nvlddmkm.sys\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\system32\DRIVERS\msiscsi.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\DRIVERS\termdd.sys\SystemRoot\system32\DRIVERS\swenum.sys\SystemRoot\system32\DRIVERS\mssmbios.sys\SystemRoot\system32\DRIVERS\umbus.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\drivers\RTKVHDA.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\??\C:\Windows\system32\Drivers\BTOWSFF.sys\SystemRoot\System32\Drivers\Fs_Rec.SYS\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\System32\DRIVERS\rasacd.sys\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\smb.sys\SystemRoot\system32\drivers\afd.sys\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\DRIVERS\netr73.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\system32\DRIVERS\USBSTOR.SYS\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_diskdump.sys\SystemRoot\System32\Drivers\dump_nvstor32.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\system32\DRIVERS\monitor.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\cdd.dll\SystemRoot\system32\drivers\luafv.sys\SystemRoot\system32\drivers\spsys.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\nwifi.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\drivers\mrxdav.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\system32\DRIVERS\mdmxsdk.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\System32\drivers\tcpipreg.sys\SystemRoot\system32\DRIVERS\xaudio.sys\SystemRoot\system32\DRIVERS\NisDrvWFP.sys\SystemRoot\system32\DRIVERS\cdfs.sys\??\C:\Windows\system32\drivers\mbam.sys\??\C:\Windows\system32\drivers\mbamchameleon.sys\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys\WINDOWS\System32\ntdll.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk4\DR4Upper Device Object: 0xffffffff876d7190Upper Device Driver Name: \Driver\disk\Lower Device Name: \Device\0000005c\Lower Device Object: 0xffffffff876cd088Lower Device Driver Name: \Driver\USBSTOR\<<<1>>>Upper Device Name: \Device\Harddisk3\DR3Upper Device Object: 0xffffffff876cf190Upper Device Driver Name: \Driver\disk\Lower Device Name: \Device\0000005b\Lower Device Object: 0xffffffff876d9398Lower Device Driver Name: \Driver\USBSTOR\<<<1>>>Upper Device Name: \Device\Harddisk2\DR2Upper Device Object: 0xffffffff876cb190Upper Device Driver Name: \Driver\disk\Lower Device Name: \Device\0000005a\Lower Device Object: 0xffffffff876c3398Lower Device Driver Name: \Driver\USBSTOR\<<<1>>>Upper Device Name: \Device\Harddisk1\DR1Upper Device Object: 0xffffffff876d3190Upper Device Driver Name: \Driver\disk\Lower Device Name: \Device\00000059\Lower Device Object: 0xffffffff876c9398Lower Device Driver Name: \Driver\USBSTOR\<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xffffffff859f98e0Upper Device Driver Name: \Driver\disk\Lower Device Name: \Device\00000050\Lower Device Object: 0xffffffff846324f8Lower Device Driver Name: \Driver\nvstor32\<<<2>>>Physical Sector Size: 512Drive: 0, DevicePointer: 0xffffffff859f98e0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\--------- Disk Stack ------DevicePointer: 0xffffffff859f95d0, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xffffffff859f98e0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\DevicePointer: 0xffffffff846144a0, DeviceName: Unknown, DriverName: \Driver\ACPI\DevicePointer: 0xffffffff846324f8, DeviceName: \Device\00000050\, DriverName: \Driver\nvstor32\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesDone!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 1549F232 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 63 Numsec = 957200832 Partition file system is NTFS Partition is bootable Partition 1 type is HIDDEN (0x17) Partition is NOT ACTIVE. Partition starts at LBA: 976768065 Numsec = 5087 Partition is not bootableHidden partition VBR is not infected. Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 957200895 Numsec = 19567170 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 500107862016 bytesSector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-976753168-976773168)...Done!Physical Sector Size: 0Drive: 1, DevicePointer: 0xffffffff876d3190, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\--------- Disk Stack ------DevicePointer: 0xffffffff876cd3e8, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xffffffff876d3190, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\DevicePointer: 0xffffffff876c9398, DeviceName: \Device\00000059\, DriverName: \Driver\USBSTOR\------------ End ----------Physical Sector Size: 0Drive: 2, DevicePointer: 0xffffffff876cb190, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\--------- Disk Stack ------DevicePointer: 0xffffffff876b1208, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xffffffff876cb190, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\DevicePointer: 0xffffffff876c3398, DeviceName: \Device\0000005a\, DriverName: \Driver\USBSTOR\------------ End ----------Physical Sector Size: 0Drive: 3, DevicePointer: 0xffffffff876cf190, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\--------- Disk Stack ------DevicePointer: 0xffffffff876d53e8, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xffffffff876cf190, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\DevicePointer: 0xffffffff876d9398, DeviceName: \Device\0000005b\, DriverName: \Driver\USBSTOR\------------ End ----------Physical Sector Size: 0Drive: 4, DevicePointer: 0xffffffff876d7190, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\--------- Disk Stack ------DevicePointer: 0xffffffff876d9088, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xffffffff876d7190, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\DevicePointer: 0xffffffff876cd088, DeviceName: \Device\0000005c\, DriverName: \Driver\USBSTOR\------------ End ---------- Link to post Share on other sites More sharing options...
Maniac Posted December 5, 2013 ID:761068 Share Posted December 5, 2013 Thanks! For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive. Plug the flashdrive into the infected PC. Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Select English as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Select English as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.On the System Recovery Options menu you will get the following options:Startup Repair System Restore Windows Complete PC Restore Windows Memory Diagnostic Tool Command PromptSelect Command PromptIn the command window type in notepad and press Enter.The notepad opens. Under File menu select Open.Select "Computer" and find your flash drive letter and close the notepad.In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter Note: Replace letter e with the drive letter of your flash drive.The tool will start to run.When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply. Link to post Share on other sites More sharing options...
stuff2 Posted December 10, 2013 Author ID:762604 Share Posted December 10, 2013 I am lost I looked and looked hit and hit the F8 for the days, still no Advanced Boot Options.a screen comes on and offer; safe mode, network safe mode or safe mode with command prompts. I even went to safe mode with command prompts nothing no offer to repair machine. I even checked on a vista board to see how to find Advanced Boot Options. Looked like I was doing every thing right still nothing but safe mode. This is a friend computer and she has no disc around. Any ideas? Link to post Share on other sites More sharing options...
Maniac Posted December 11, 2013 ID:763331 Share Posted December 11, 2013 Try to run it in Regular mode. Please download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bitDouble-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. Link to post Share on other sites More sharing options...
stuff2 Posted December 11, 2013 Author ID:763451 Share Posted December 11, 2013 here is Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-12-2013Ran by zeeland (administrator) on DONNATANAKA-PC on 11-12-2013 12:06:10Running from C:\Users\zeeland\DesktopMicrosoft® Windows Vista™ Home Premium Service Pack 1 (X86) OS Language: English(US)Internet Explorer Version 7Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe(Conexant Systems, Inc.) C:\WINDOWS\System32\drivers\XAudio.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe(Realtek Semiconductor) C:\WINDOWS\RtHDVCpl.exe(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe(OsdMaestro) C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe(Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe(Toolwiz) C:\Program Files\ToolwizCareFree\ToolwizCares.exe() C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe(Toolwiz.com) C:\Program Files\ToolwizCareFree\ToolwizTools.exe(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe(Hewlett-Packard Company) C:\hp\KBD\kbd.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)HKLM\...\Run: [RtHDVCpl] - C:\WINDOWS\RtHDVCpl.exe [4874240 2008-01-15] (Realtek Semiconductor)HKLM\...\Run: [hpsysdrv] - C:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)HKLM\...\Run: [KBD] - C:\hp\KBD\KbdStub.exe [65536 2006-12-08] ()HKLM\...\Run: [OsdMaestro] - C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [118784 2007-02-15] (OsdMaestro)HKLM\...\Run: [NvSvc] - RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStartHKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartupHKLM\...\Run: [NvMediaCenter] - RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInitHKLM\...\Run: [HP Health Check Scheduler] - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exeHKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [40048 2007-05-11] (Adobe Systems Incorporated)HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [132760 2007-04-07] (Sun Microsystems, Inc.)HKLM\...\Run: [] - [x]HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\hpwuschd2.exe [49208 2011-10-28] (Hewlett-Packard)HKCU\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenterHKCU\...\Run: [ToolwizCareFree] - C:\Program Files\ToolwizCareFree\ToolwizCares.exe [5286160 2013-11-26] (Toolwiz)HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenterHKU\Default\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [ 2008-01-18] (Hewlett-Packard)HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenterHKU\Default User\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [ 2008-01-18] (Hewlett-Packard)HKU\Donna Tanaka\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenterHKU\Donna Tanaka\...\Run: [HPAdvisor] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [ 2008-01-18] (Hewlett-Packard)HKU\Guest\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenterHKU\Guest\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [ 2008-01-18] (Hewlett-Packard) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktopHKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktopHKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htmHKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktopHKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktopSearchScopes: HKLM - DefaultScope {508A4A7F-C702-4AE4-B67F-0343CD614D48} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdtSearchScopes: HKLM - {3A3F7E4B-FA3B-4DDF-9929-8994B6A30D65} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpdSearchScopes: HKLM - {508A4A7F-C702-4AE4-B67F-0343CD614D48} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdtSearchScopes: HKCU - DefaultScope {508A4A7F-C702-4AE4-B67F-0343CD614D48} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdtSearchScopes: HKCU - {3A3F7E4B-FA3B-4DDF-9929-8994B6A30D65} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpdSearchScopes: HKCU - {508A4A7F-C702-4AE4-B67F-0343CD614D48} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdtBHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cabHandler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 Chrome: =======CHR DefaultSearchKeyword: google.comCHR DefaultSearchProvider: GoogleCHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}CHR DefaultNewTabURL: {google:baseURL}_/chrome/newtab?{google:RLZ}{google:instantExtendedEnabledParameter}{google:ntpIsThemedParameter}ie={inputEncoding}CHR Extension: (Google Docs) - C:\Users\zeeland\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0CHR Extension: (Google Drive) - C:\Users\zeeland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0CHR Extension: (YouTube) - C:\Users\zeeland\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0CHR Extension: (Google Search) - C:\Users\zeeland\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0CHR Extension: (Google Wallet) - C:\Users\zeeland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0CHR Extension: (Bitdefender QuickScan) - C:\Users\zeeland\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.131_0CHR Extension: (Gmail) - C:\Users\zeeland\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 ========================== Services (Whitelisted) ================= R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [65536 2007-09-19] (Hewlett-Packard)R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== R1 BTOWSFF; C:\Windows\system32\Drivers\BTOWSFF.sys [27648 2013-11-26] (Toolwiz.com)R0 BTOWSVF; C:\Windows\System32\Drivers\BTOWSVF.sys [45952 2013-11-26] (Toolwiz.com)R0 KSafeDISK; C:\Windows\System32\Drivers\KSafeDISK.sys [48640 2013-11-26] (Toolwiz.com)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)S3 IpInIp; system32\DRIVERS\ipinip.sys [x]S3 MFE_RR; \??\C:\Users\zeeland\AppData\Local\Temp\mfe_rr.sys [x]S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] ==================== NetSvcs (Whitelisted) =================== Link to post Share on other sites More sharing options...
stuff2 Posted December 11, 2013 Author ID:763455 Share Posted December 11, 2013 part 2 it said my post was to long ==================== One Month Created Files and Folders ======== 2013-12-11 12:06 - 2013-12-11 12:06 - 00010113 _____ C:\Users\zeeland\Desktop\FRST.txt2013-12-11 12:06 - 2013-12-11 12:06 - 00000000 ____D C:\FRST2013-12-11 12:05 - 2013-12-11 12:05 - 01060135 _____ (Farbar) C:\Users\zeeland\Desktop\FRST.exe2013-12-08 15:27 - 2013-12-08 15:27 - 00000714 _____ C:\Windows\setupact.log2013-12-08 15:27 - 2013-12-08 15:27 - 00000000 _____ C:\Windows\setuperr.log2013-12-04 19:06 - 2013-12-04 19:21 - 00000000 ____D C:\Users\zeeland\Desktop\mbar2013-12-04 19:06 - 2013-12-04 19:21 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)2013-12-04 19:06 - 2013-12-04 19:13 - 00105176 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2013-12-04 19:06 - 2013-12-04 19:12 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2013-12-04 19:05 - 2013-12-04 19:05 - 12576792 _____ (Malwarebytes Corp.) C:\Users\zeeland\Downloads\mbar-1.07.0.1007 (1).exe2013-12-04 19:05 - 2013-12-04 19:05 - 12576792 _____ (Malwarebytes Corp.) C:\Users\zeeland\Desktop\mbar-1.07.0.1007.exe2013-12-04 19:03 - 2013-12-04 19:03 - 00000000 ____D C:\Users\zeeland\Desktop\help2013-12-04 18:16 - 2013-12-04 18:16 - 00000908 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2013-12-04 18:16 - 2013-12-04 18:16 - 00000000 ____D C:\Users\zeeland\AppData\Roaming\Malwarebytes2013-12-04 18:16 - 2013-12-04 18:16 - 00000000 ____D C:\ProgramData\Malwarebytes2013-12-04 18:16 - 2013-12-04 18:16 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware2013-12-04 18:16 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2013-12-04 18:15 - 2013-12-04 18:15 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\zeeland\Downloads\mbam-setup-1.75.0.1300.exe2013-12-04 18:08 - 2013-12-04 18:08 - 00001917 _____ C:\Users\zeeland\Desktop\aswMBR.txt2013-12-04 18:04 - 2013-12-04 18:04 - 00000104 _____ C:\Users\zeeland\Documents\Recycle Bin - Shortcut.lnk2013-12-01 15:29 - 2013-12-01 15:29 - 00002384 _____ C:\Users\zeeland\Desktop\attach.txt2013-12-01 15:29 - 2013-12-01 15:28 - 00010298 _____ C:\Users\zeeland\Desktop\dds.txt2013-12-01 15:28 - 2013-12-01 15:28 - 00081276 _____ C:\Users\zeeland\Downloads\2.xps2013-12-01 12:53 - 2013-12-01 12:53 - 00688992 ____R (Swearware) C:\Users\zeeland\Desktop\dds.com2013-12-01 12:53 - 2013-12-01 12:53 - 00688992 _____ (Swearware) C:\Users\zeeland\Downloads\dds.scr2013-12-01 12:32 - 2013-12-01 12:32 - 00000310 _____ C:\Users\zeeland\Downloads\RootkitRemover_20131201_123229.log2013-12-01 12:13 - 2013-12-01 12:13 - 00072192 _____ C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT2013-12-01 12:13 - 2013-12-01 12:13 - 00000951 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2013-12-01 12:13 - 2013-12-01 12:13 - 00000946 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk2013-12-01 12:13 - 2013-12-01 12:13 - 00000917 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk2013-12-01 12:13 - 2013-12-01 12:13 - 00000020 ___SH C:\Users\Guest\ntuser.ini2013-12-01 12:13 - 2013-12-01 12:13 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Snapfish2013-12-01 12:13 - 2013-12-01 12:13 - 00000000 ____D C:\Users\Guest\AppData\Local\VirtualStore2013-12-01 12:13 - 2013-12-01 12:13 - 00000000 ____D C:\Users\Guest2013-12-01 12:13 - 2008-02-27 13:58 - 00001034 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite Deluxe.lnk2013-12-01 12:13 - 2008-01-20 18:42 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance2013-12-01 12:13 - 2008-01-20 18:42 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories2013-11-29 18:53 - 2013-11-29 18:53 - 17245644 _____ C:\Users\zeeland\Downloads\fiction.xps2013-11-29 18:21 - 2013-11-29 18:21 - 00860176 _____ (Microsoft Corporation) C:\Users\zeeland\Downloads\mssstool32.exe2013-11-29 18:17 - 2013-11-29 18:17 - 00511248 _____ (Microsoft Corporation) C:\Users\zeeland\Downloads\nis_full.exe2013-11-29 15:00 - 2013-12-04 18:03 - 00000000 ____D C:\Program Files\Microsoft Silverlight2013-11-29 14:58 - 2013-11-29 14:58 - 00000000 ____D C:\Windows\system32\MRT2013-11-29 14:57 - 2011-03-03 06:56 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\Apphlpdm.dll2013-11-29 14:57 - 2011-03-03 05:01 - 04240384 _____ (Microsoft) C:\Windows\system32\GameUXLegacyGDFs.dll2013-11-29 14:57 - 2008-03-07 20:21 - 01695744 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll2013-11-29 14:56 - 2013-11-29 14:56 - 00000310 _____ C:\Users\zeeland\Downloads\RootkitRemover_20131129_145639.log2013-11-29 14:56 - 2013-11-29 14:56 - 00000310 _____ C:\Users\zeeland\Downloads\RootkitRemover_20131129_145621.log2013-11-29 14:56 - 2013-11-29 14:56 - 00000310 _____ C:\Users\zeeland\Downloads\RootkitRemover_20131129_145618.log2013-11-29 14:46 - 2013-11-29 14:46 - 00000680 _____ C:\Users\zeeland\AppData\Local\d3d9caps.dat2013-11-29 13:42 - 2013-11-29 13:42 - 01441838 _____ C:\Users\zeeland\Downloads\Daily Deal Millionaires.zip2013-11-28 19:13 - 2013-11-28 19:13 - 00283757 _____ C:\Users\zeeland\Desktop\3.xps2013-11-28 19:12 - 2013-11-28 19:12 - 00081276 _____ C:\Users\zeeland\Desktop\2.xps2013-11-28 19:11 - 2013-11-28 19:12 - 17245644 _____ C:\Users\zeeland\Desktop\fiction.xps2013-11-28 18:51 - 2013-11-28 18:51 - 13317370 _____ C:\Users\zeeland\Desktop\Tee_Profits.zip2013-11-28 18:33 - 2013-11-28 18:34 - 02990323 _____ C:\Users\zeeland\Downloads\KM.rar2013-11-28 18:26 - 2013-11-28 18:26 - 19236964 _____ C:\DONNATANAKA-PC_2013.11.28-1752.27_9B31A9DB-00BD-00A1-006A-00153AC32D20_816.zip2013-11-28 17:52 - 2013-11-28 18:26 - 00000000 ____D C:\Users\zeeland\Downloads\TrendMicro AntiThreat Toolkit2013-11-28 17:48 - 2013-11-28 17:49 - 23658800 _____ (Trend Micro Inc.) C:\Users\zeeland\Downloads\attk_ScanCleanOnline_gui_x86.exe2013-11-28 17:30 - 2013-11-28 17:30 - 03298896 _____ (Trend Micro Inc.) C:\Users\zeeland\Downloads\attk_collector_cli_x86 (1).exe2013-11-28 17:27 - 2013-11-28 17:27 - 03298896 _____ (Trend Micro Inc.) C:\Users\zeeland\Downloads\attk_collector_cli_x86.exe2013-11-28 17:24 - 2013-11-28 17:24 - 00000310 _____ C:\Users\zeeland\Downloads\RootkitRemover_20131128_172405.log2013-11-28 17:23 - 2013-11-28 17:23 - 00782640 _____ (McAfee, Inc.) C:\Users\zeeland\Downloads\rootkitremover.exe2013-11-28 17:20 - 2013-11-28 17:20 - 07103512 _____ (Bitdefender LLC) C:\Users\zeeland\Desktop\BootkitRemoval_x86.exe2013-11-28 17:13 - 2013-11-28 17:13 - 01258032 _____ C:\Users\zeeland\Downloads\avg_remover_bootkit (2).exe2013-11-28 17:13 - 2013-11-28 17:13 - 00000151 _____ C:\Users\zeeland\Documents\VirusRemover.log2013-11-28 17:12 - 2013-11-28 17:12 - 01258032 _____ C:\Users\zeeland\Downloads\avg_remover_bootkit (1).exe2013-11-28 17:09 - 2013-11-28 17:09 - 01258032 _____ C:\Users\zeeland\Downloads\avg_remover_bootkit.exe2013-11-28 17:03 - 2013-11-28 17:03 - 00044607 _____ C:\Users\zeeland\Downloads\bootkit_remover.zip2013-11-28 17:02 - 2013-12-04 18:08 - 00000512 _____ C:\Users\zeeland\Desktop\MBR.dat2013-11-28 17:02 - 2013-11-28 17:02 - 00002079 _____ C:\Users\zeeland\Downloads\aswMBR.txt2013-11-28 15:36 - 2013-11-28 15:36 - 04745728 _____ (AVAST Software) C:\Users\zeeland\Downloads\aswMBR.exe2013-11-28 15:33 - 2013-11-28 15:33 - 00235560 _____ C:\Users\zeeland\AppData\Local\census.cache2013-11-28 15:33 - 2013-11-28 15:33 - 00199427 _____ C:\Users\zeeland\AppData\Local\ars.cache2013-11-28 15:12 - 2013-11-28 15:12 - 02002320 _____ (Trend Micro Inc.) C:\Users\zeeland\Downloads\HousecallLauncher.exe2013-11-28 15:12 - 2013-11-28 15:12 - 00000036 _____ C:\Users\zeeland\AppData\Local\housecall.guid.cache2013-11-28 11:33 - 2013-11-28 11:33 - 00456799 _____ C:\Users\zeeland\Downloads\pg1155.txt2013-11-28 10:41 - 2013-11-28 18:26 - 00000332 _____ C:\Users\zeeland\Downloads\Result.txt2013-11-28 10:41 - 2013-11-28 10:41 - 00360587 _____ (Farbar) C:\Users\zeeland\Downloads\ListParts.exe2013-11-28 10:07 - 2013-11-28 10:07 - 00000000 ____D C:\TDSSKiller_Quarantine2013-11-28 10:04 - 2013-11-28 10:04 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\zeeland\Downloads\tdsskiller.exe2013-11-28 09:42 - 2013-11-28 09:42 - 00000000 ____D C:\Users\zeeland\AppData\Roaming\CyberLink2013-11-28 09:42 - 2013-11-28 09:42 - 00000000 ____D C:\Users\Public\CyberLink2013-11-28 09:42 - 2013-11-28 09:42 - 00000000 ____D C:\ProgramData\CyberLink2013-11-28 09:36 - 2013-11-28 09:41 - 389330944 _____ C:\Users\zeeland\Downloads\kav_rescue_10.iso2013-11-28 09:33 - 2009-11-08 10:55 - 01130824 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll2013-11-28 09:33 - 2009-11-08 10:55 - 00297808 _____ (Microsoft Corporation) C:\Windows\system32\mscoree.dll2013-11-28 09:33 - 2009-11-08 10:55 - 00295264 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHost.exe2013-11-28 09:33 - 2009-11-08 10:55 - 00099176 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHostProxy.dll2013-11-28 09:33 - 2009-11-08 10:55 - 00049472 _____ (Microsoft Corporation) C:\Windows\system32\netfxperf.dll2013-11-27 13:43 - 2013-11-27 13:44 - 89886059 _____ C:\Users\zeeland\Downloads\Unconfirmed 419508.crdownload2013-11-27 12:32 - 2013-11-27 12:32 - 00000000 ____D C:\Users\zeeland\AppData\Roaming\QuickScan2013-11-27 12:27 - 2013-11-27 12:28 - 00000000 ____D C:\Users\zeeland\AppData\Roaming\HpUpdate2013-11-27 12:27 - 2013-11-27 12:27 - 00000000 ____D C:\Windows\Hewlett-Packard2013-11-27 12:27 - 2010-09-06 08:24 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll2013-11-27 12:27 - 2010-09-06 08:23 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll2013-11-27 12:27 - 2009-08-24 04:16 - 00378368 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll2013-11-27 12:25 - 2013-11-27 12:25 - 00000000 ____D C:\Users\zeeland\AppData\Local\Hewlett-Packard2013-11-27 07:39 - 2008-06-19 17:14 - 00781344 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll2013-11-27 07:39 - 2008-06-19 17:14 - 00622080 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe2013-11-27 07:39 - 2008-06-19 17:14 - 00105016 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll2013-11-27 07:39 - 2008-06-19 17:14 - 00097800 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll2013-11-27 07:39 - 2008-06-19 17:14 - 00037384 _____ (Microsoft Corporation) C:\Windows\system32\infocardcpl.cpl2013-11-27 07:39 - 2008-06-19 17:14 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll2013-11-27 07:35 - 2008-07-27 10:03 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll2013-11-27 07:35 - 2008-07-27 10:03 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll2013-11-27 07:33 - 2010-02-20 15:39 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\nshhttp.dll2013-11-27 07:33 - 2010-02-20 15:37 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\httpapi.dll2013-11-27 07:33 - 2010-02-20 13:18 - 00411136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys2013-11-27 07:30 - 2013-11-27 07:30 - 90642704 _____ (Microsoft Corporation) C:\Users\zeeland\Desktop\msert.exe2013-11-26 13:53 - 2013-11-26 13:53 - 00002154 _____ C:\Windows\epplauncher.mif2013-11-26 13:48 - 2013-11-26 13:48 - 00000000 ____D C:\Users\zeeland\AppData\Roaming\Macromedia2013-11-26 13:46 - 2013-11-26 13:47 - 00000000 ____D C:\Program Files\Microsoft Security Client2013-11-26 13:46 - 2010-04-05 06:50 - 00208966 _____ C:\Windows\system32\WFP.TMF2013-11-26 13:37 - 2013-11-26 13:37 - 00869456 _____ C:\Users\zeeland\Downloads\Norton_Removal_Tool (1).exe2013-11-26 13:35 - 2013-11-26 13:35 - 00869456 _____ C:\Users\zeeland\Downloads\Norton_Removal_Tool.exe2013-11-26 13:24 - 2013-11-29 18:06 - 00000000 ___HD C:\TOOLWIZ2013-11-26 13:24 - 2013-11-27 12:42 - 00000000 ____D C:\Users\zeeland\AppData\Local\ToolwizCareFree2013-11-26 13:24 - 2013-11-26 13:24 - 00048640 _____ (Toolwiz.com) C:\Windows\system32\Drivers\KSafeDISK.sys2013-11-26 13:24 - 2013-11-26 13:24 - 00045952 _____ (Toolwiz.com) C:\Windows\system32\Drivers\BTOWSVF.sys2013-11-26 13:24 - 2013-11-26 13:24 - 00027648 _____ (Toolwiz.com) C:\Windows\system32\Drivers\BTOWSFF.sys2013-11-26 13:24 - 2013-11-26 13:24 - 00000877 _____ C:\Users\zeeland\Desktop\Toolwiz Care.lnk2013-11-26 13:24 - 2013-11-26 13:24 - 00000877 _____ C:\Users\Donna Tanaka\Desktop\Toolwiz Care.lnk2013-11-26 13:24 - 2013-11-26 13:24 - 00000000 ____D C:\Program Files\ToolwizCareFree2013-11-26 13:23 - 2013-11-26 13:23 - 07619344 _____ (ToolWiz) C:\Users\zeeland\Downloads\Setup_ToolwizCare.exe2013-11-26 13:17 - 2013-11-26 13:18 - 11125072 _____ (Microsoft Corporation) C:\Users\zeeland\Downloads\mseinstall.exe2013-11-26 13:15 - 2008-06-25 19:29 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\NaturalLanguage6.dll2013-11-26 13:15 - 2008-06-25 17:45 - 12240896 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons0007.dll2013-11-26 13:15 - 2008-06-25 17:45 - 02644480 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons0009.dll2013-11-26 13:13 - 2013-11-26 13:13 - 00000000 ____D C:\Users\zeeland\AppData\Roaming\Hewlett-Packard2013-11-26 13:12 - 2013-11-27 12:45 - 00072192 _____ C:\Users\zeeland\AppData\Local\GDIPFONTCACHEV1.DAT2013-11-26 13:12 - 2013-11-26 13:12 - 00000000 ____D C:\Users\zeeland\AppData\Roaming\Symantec2013-11-26 13:12 - 2013-11-26 13:12 - 00000000 ____D C:\Users\zeeland\AppData\Roaming\Snapfish2013-11-26 13:12 - 2013-11-26 13:12 - 00000000 ____D C:\Users\zeeland\AppData\Local\Google2013-11-26 13:11 - 2013-11-29 18:06 - 00000000 ____D C:\Users\zeeland2013-11-26 13:11 - 2013-11-26 13:12 - 00000000 ____D C:\Users\zeeland\AppData\Local\VirtualStore2013-11-26 13:11 - 2013-11-26 13:11 - 00000951 _____ C:\Users\zeeland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2013-11-26 13:11 - 2013-11-26 13:11 - 00000946 _____ C:\Users\zeeland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk2013-11-26 13:11 - 2013-11-26 13:11 - 00000917 _____ C:\Users\zeeland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk2013-11-26 13:11 - 2013-11-26 13:11 - 00000020 ___SH C:\Users\zeeland\ntuser.ini2013-11-26 13:11 - 2008-02-27 13:58 - 00001034 _____ C:\Users\zeeland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite Deluxe.lnk2013-11-26 13:11 - 2008-01-20 18:42 - 00000000 ___RD C:\Users\zeeland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance2013-11-26 13:11 - 2008-01-20 18:42 - 00000000 ___RD C:\Users\zeeland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories2013-11-26 10:13 - 2011-04-21 07:00 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2013-11-26 10:13 - 2011-04-21 07:00 - 00833024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2013-11-26 10:13 - 2011-04-21 06:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll2013-11-26 10:13 - 2011-04-21 06:58 - 03593728 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2013-11-26 10:13 - 2011-04-21 06:58 - 00671232 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll2013-11-26 10:13 - 2011-04-21 06:58 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2013-11-26 10:13 - 2011-04-21 06:58 - 00467456 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2013-11-26 10:13 - 2011-04-21 06:58 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2013-11-26 10:13 - 2011-04-21 06:57 - 06078976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2013-11-26 10:13 - 2011-04-21 06:57 - 00389120 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2013-11-26 10:13 - 2011-04-21 06:57 - 00380928 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2013-11-26 10:13 - 2011-04-21 06:57 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2013-11-26 10:13 - 2011-04-21 06:57 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll2013-11-26 10:13 - 2011-04-21 06:57 - 00193024 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll2013-11-26 10:13 - 2011-04-21 06:57 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\ieencode.dll2013-11-26 10:13 - 2011-04-21 05:28 - 00389632 _____ (Microsoft Corporation) C:\Windows\system32\html.iec2013-11-26 10:13 - 2011-04-21 05:08 - 01383424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2013-11-26 10:13 - 2011-02-22 04:51 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys2013-11-26 10:13 - 2011-02-16 07:29 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll2013-11-26 10:13 - 2011-02-16 05:24 - 00292864 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll2013-11-26 10:13 - 2010-12-28 06:57 - 00409600 _____ (Microsoft Corporation) C:\Windows\system32\odbc32.dll2013-11-26 10:13 - 2010-09-10 10:18 - 10626560 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll2013-11-26 10:13 - 2010-09-10 08:37 - 08147456 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL2013-11-26 10:13 - 2010-06-16 07:12 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll2013-11-26 10:13 - 2010-05-04 08:53 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2013-11-26 10:13 - 2010-04-16 08:10 - 00501760 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll2013-11-26 10:13 - 2010-02-25 20:03 - 02452872 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat2013-11-26 10:13 - 2009-08-14 08:29 - 00104960 _____ (Microsoft Corporation) C:\Windows\system32\netiohlp.dll2013-11-26 10:13 - 2009-08-14 06:16 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\NETSTAT.EXE2013-11-26 10:13 - 2009-08-14 06:16 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\ARP.EXE2013-11-26 10:13 - 2009-08-14 06:16 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\ROUTE.EXE2013-11-26 10:13 - 2009-08-14 06:16 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\MRINFO.EXE2013-11-26 10:13 - 2009-08-14 06:16 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\finger.exe2013-11-26 10:13 - 2009-08-14 06:16 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\TCPSVCS.EXE2013-11-26 10:13 - 2009-08-14 06:16 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\HOSTNAME.EXE2013-11-26 10:13 - 2009-06-15 07:20 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll2013-11-26 10:13 - 2008-06-18 19:31 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL2013-11-26 10:12 - 2011-07-06 06:56 - 00213504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys2013-11-26 10:12 - 2011-06-02 04:59 - 02042368 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2013-11-26 10:12 - 2011-04-29 04:49 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys2013-11-26 10:12 - 2011-04-29 04:49 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys2013-11-26 10:12 - 2011-04-29 04:49 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys2013-11-26 10:12 - 2011-04-29 04:49 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys2013-11-26 10:12 - 2011-04-21 05:16 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys2013-11-26 10:12 - 2011-04-14 06:24 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys2013-11-26 10:12 - 2011-03-10 08:12 - 01161728 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll2013-11-26 10:12 - 2011-03-10 08:12 - 01136640 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll2013-11-26 10:12 - 2011-03-02 06:49 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll2013-11-26 10:12 - 2011-03-02 06:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll2013-11-26 10:12 - 2011-02-18 05:31 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys2013-11-26 10:12 - 2011-02-16 07:35 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2013-11-26 10:12 - 2011-02-16 07:32 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2013-11-26 10:12 - 2010-12-20 07:39 - 00563200 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll2013-11-26 10:12 - 2010-12-14 07:49 - 01169408 _____ (Microsoft Corporation) C:\Windows\system32\sdclt.exe2013-11-26 10:12 - 2010-10-15 06:08 - 03600272 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe2013-11-26 10:12 - 2010-10-15 06:08 - 03548048 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe2013-11-26 10:12 - 2010-10-15 05:48 - 01205080 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll2013-11-26 10:12 - 2010-08-31 07:41 - 00954752 _____ (Microsoft Corporation) C:\Windows\system32\mfc40.dll2013-11-26 10:12 - 2010-08-26 08:07 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll2013-11-26 10:12 - 2010-08-17 05:32 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe2013-11-26 10:12 - 2010-06-28 08:15 - 01315840 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll2013-11-26 10:12 - 2010-05-27 11:16 - 00081920 _____ (Radius Inc.) C:\Windows\system32\iccvid.dll2013-11-26 10:12 - 2010-04-05 08:08 - 00317952 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL2013-11-26 10:12 - 2010-04-05 08:07 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll2013-11-26 10:12 - 2009-09-10 09:30 - 00213504 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll2013-11-26 10:12 - 2009-08-10 03:01 - 01399296 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll2013-11-26 10:12 - 2009-07-17 06:35 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\atl.dll2013-11-26 10:12 - 2009-07-11 11:32 - 00513024 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll2013-11-26 10:12 - 2009-07-11 11:32 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll2013-11-26 10:12 - 2009-07-11 11:32 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll2013-11-26 10:12 - 2009-07-11 11:29 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\L2SecHC.dll2013-11-26 10:12 - 2009-07-11 09:18 - 02501921 _____ C:\Windows\system32\wlan.tmf2013-11-26 10:12 - 2009-07-10 04:21 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\shsvcs.dll2013-11-26 10:12 - 2009-06-10 04:12 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\wkssvc.dll2013-11-26 10:12 - 2009-06-10 04:11 - 02868224 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll2013-11-26 10:12 - 2009-06-10 04:11 - 02386944 _____ (Microsoft Corporation) C:\Windows\system32\WMVCORE.DLL2013-11-26 10:12 - 2009-05-04 02:11 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\dnscacheugc.exe2013-11-26 10:12 - 2009-04-23 04:42 - 00636928 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll2013-11-26 10:12 - 2008-10-20 21:25 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll2013-11-26 10:12 - 2008-10-15 20:47 - 00466944 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll2013-11-26 10:12 - 2008-06-25 19:29 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\wmpeffects.dll2013-11-26 10:12 - 2008-06-05 19:27 - 00562176 _____ (Microsoft Corporation) C:\Windows\system32\msdtcprx.dll2013-11-26 10:12 - 2008-06-05 19:27 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\xolehlp.dll2013-11-26 10:12 - 2008-04-17 21:48 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\es.dll2013-11-26 10:12 - 2008-04-04 19:34 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\pacerprf.dll2013-11-26 10:12 - 2008-04-04 17:21 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys2013-11-26 10:11 - 2011-05-02 07:58 - 00738816 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll2013-11-26 10:11 - 2011-01-21 07:46 - 11582464 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll2013-11-26 10:11 - 2011-01-21 07:46 - 00351744 _____ (Microsoft Corporation) C:\Windows\system32\shlwapi.dll2013-11-26 10:11 - 2010-12-29 09:41 - 00429056 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll2013-11-26 10:11 - 2010-12-29 09:41 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll2013-11-26 10:11 - 2010-12-29 09:41 - 00153088 _____ (Microsoft Corporation) C:\Windows\system32\sbeio.dll2013-11-26 10:11 - 2010-12-29 09:39 - 00177664 _____ (Microsoft Corporation) C:\Windows\system32\mpg2splt.ax2013-11-26 10:11 - 2010-11-06 03:10 - 00357376 _____ (Microsoft Corporation) C:\Windows\system32\taskschd.dll2013-11-26 10:11 - 2010-11-06 03:10 - 00345088 _____ (Microsoft Corporation) C:\Windows\system32\wmicmiplugin.dll2013-11-26 10:11 - 2010-11-06 03:10 - 00270336 _____ (Microsoft Corporation) C:\Windows\system32\taskcomp.dll2013-11-26 10:11 - 2010-11-06 03:09 - 00603648 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll2013-11-26 10:11 - 2010-11-04 16:53 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\taskeng.exe2013-11-26 10:11 - 2010-10-28 04:56 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll2013-11-26 10:11 - 2010-10-18 06:01 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe2013-11-26 10:11 - 2010-08-31 07:41 - 00954288 _____ (Microsoft Corporation) C:\Windows\system32\mfc40u.dll2013-11-26 10:11 - 2010-08-20 07:21 - 00866816 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll2013-11-26 10:11 - 2010-06-18 08:43 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\rtutils.dll2013-11-26 10:11 - 2010-06-11 07:30 - 01257472 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll2013-11-26 10:11 - 2010-05-04 10:39 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\msshsq.dll2013-11-26 10:11 - 2010-04-16 08:10 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll2013-11-26 10:11 - 2010-02-18 06:11 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll2013-11-26 10:11 - 2010-02-18 03:52 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys2013-11-26 10:11 - 2010-01-21 07:59 - 00062464 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\system32\l3codeca.acm2013-11-26 10:11 - 2009-07-14 05:00 - 00313344 _____ (Microsoft Corporation) C:\Windows\system32\wmpdxm.dll2013-11-26 10:11 - 2009-07-14 04:59 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx2013-11-26 10:11 - 2009-07-14 04:59 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll2013-11-26 10:11 - 2009-07-14 04:58 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll2013-11-26 10:11 - 2009-07-14 00:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.tlb2013-11-26 10:11 - 2009-07-14 00:30 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\amcompat.tlb2013-11-26 10:11 - 2009-06-15 10:20 - 00439896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys2013-11-26 10:11 - 2009-06-15 07:24 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll2013-11-26 10:11 - 2009-06-15 07:24 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll2013-11-26 10:11 - 2009-06-15 07:23 - 01256448 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll2013-11-26 10:11 - 2009-06-15 07:21 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll2013-11-26 10:11 - 2009-06-15 04:57 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe2013-11-26 10:11 - 2009-03-16 19:38 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\amxread.dll2013-11-26 10:11 - 2009-03-16 19:38 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\apilogen.dll2013-11-26 10:11 - 2009-03-02 20:39 - 00551424 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll2013-11-26 10:11 - 2009-03-02 20:39 - 00183296 _____ (Microsoft Corporation) C:\Windows\system32\sdohlp.dll2013-11-26 10:11 - 2009-03-02 20:39 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\printfilterpipelineprxy.dll2013-11-26 10:11 - 2009-03-02 20:37 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\iasrecst.dll2013-11-26 10:11 - 2009-03-02 20:37 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\iasads.dll2013-11-26 10:11 - 2009-03-02 20:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\iasdatastore.dll2013-11-26 10:11 - 2009-03-02 19:04 - 00666624 _____ (Microsoft Corporation) C:\Windows\system32\printfilterpipelinesvc.exe2013-11-26 10:11 - 2009-03-02 18:38 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\iashost.exe2013-11-26 10:11 - 2009-02-13 00:49 - 00888832 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll2013-11-26 10:11 - 2008-10-28 22:29 - 02927104 _____ (Microsoft Corporation) C:\Windows\explorer.exe2013-11-26 10:11 - 2008-08-11 19:39 - 00443392 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll2013-11-26 10:11 - 2008-08-01 19:26 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll2013-11-26 10:11 - 2008-08-01 17:01 - 00625152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys2013-11-26 10:11 - 2008-06-25 19:29 - 00565248 _____ (Microsoft Corporation) C:\Windows\system32\emdmgmt.dll2013-11-26 10:11 - 2008-06-25 19:29 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\dataclen.dll2013-11-26 10:11 - 2008-05-19 18:07 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys2013-11-26 10:11 - 2008-05-09 17:33 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys2013-11-26 10:11 - 2008-02-28 23:14 - 00019000 _____ (Microsoft Corporation) C:\Windows\system32\kd1394.dll2013-11-26 10:11 - 2008-02-28 23:11 - 00988216 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe2013-11-26 10:11 - 2008-02-28 23:11 - 00927288 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe2013-11-26 10:11 - 2008-02-28 22:53 - 00378368 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll2013-11-26 10:11 - 2008-02-28 22:53 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll2013-11-26 10:11 - 2008-02-28 22:53 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll2013-11-26 10:11 - 2008-02-28 22:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\kbd106n.dll2013-11-26 10:11 - 2008-02-28 20:12 - 00318464 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe2013-11-26 10:11 - 2008-02-28 20:12 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\srdelayed.exe2013-11-26 10:11 - 2008-02-21 21:05 - 00615992 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll2013-11-26 10:10 - 2011-04-20 06:47 - 00375808 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll2013-11-26 10:10 - 2011-04-20 06:44 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll2013-11-26 10:10 - 2010-12-17 08:43 - 02067456 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll2013-11-26 10:10 - 2010-12-17 07:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe2013-11-26 10:10 - 2010-08-31 07:40 - 00531968 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll2013-11-26 10:10 - 2010-06-16 07:56 - 00098192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS2013-11-26 10:10 - 2010-06-16 07:55 - 00902032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys2013-11-26 10:10 - 2010-06-16 07:55 - 00220040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys2013-11-26 10:10 - 2010-06-16 07:11 - 00438272 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL2013-11-26 10:10 - 2010-06-16 07:10 - 00595456 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL2013-11-26 10:10 - 2010-06-16 07:09 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL2013-11-26 10:10 - 2009-12-28 04:35 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\tsbyuv.dll2013-11-26 10:10 - 2009-12-28 04:32 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\msvfw32.dll2013-11-26 10:10 - 2009-12-28 04:32 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\msvidc32.dll2013-11-26 10:10 - 2009-12-28 04:32 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\msyuv.dll2013-11-26 10:10 - 2009-12-28 04:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msrle32.dll2013-11-26 10:10 - 2009-12-28 04:31 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\mciavi32.dll2013-11-26 10:10 - 2009-12-28 04:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\iyuv_32.dll2013-11-26 10:10 - 2009-12-28 04:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\avifil32.dll2013-11-26 10:10 - 2009-12-28 04:28 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\avicap32.dll2013-11-26 10:10 - 2009-10-07 04:41 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\raschap.dll2013-11-26 10:10 - 2009-10-07 04:41 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll2013-11-26 10:10 - 2009-09-04 04:24 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\msasn1.dll2013-11-26 10:10 - 2009-08-10 05:05 - 00351232 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll2013-11-26 10:10 - 2009-04-23 04:43 - 00784896 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll2013-11-26 10:10 - 2009-04-02 04:37 - 00604672 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL2013-11-26 10:10 - 2008-06-22 17:59 - 00996352 _____ (Microsoft Corporation) C:\Windows\system32\WMNetMgr.dll2013-11-26 10:10 - 2008-06-22 17:58 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\logagent.exe2013-11-26 10:10 - 2008-05-08 13:59 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll2013-11-26 10:10 - 2008-05-08 13:59 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll2013-11-26 10:10 - 2008-05-08 13:59 - 00155648 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe2013-11-26 10:10 - 2008-05-08 13:59 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\wshext.dll2013-11-26 10:10 - 2008-05-08 13:58 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx2013-11-26 10:10 - 2008-05-08 13:58 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe2013-11-26 10:05 - 2011-04-29 06:54 - 00276992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll2013-11-26 10:04 - 2013-11-19 02:21 - 00230048 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe2013-11-26 10:03 - 2010-01-14 16:04 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cabview.dll2013-11-26 10:03 - 2009-12-23 04:43 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll2013-11-26 10:02 - 2013-11-26 10:02 - 00001973 _____ C:\Users\Public\Desktop\Google Chrome.lnk2013-11-26 10:01 - 2013-12-11 12:02 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2013-11-26 10:01 - 2013-12-04 19:11 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2013-11-26 10:01 - 2013-11-26 10:02 - 00000000 ____D C:\Users\Donna Tanaka\AppData\Local\Google2013-11-26 10:01 - 2013-11-26 10:02 - 00000000 ____D C:\Program Files\Google2013-11-26 10:01 - 2013-11-26 10:01 - 00000000 ____D C:\Users\Donna Tanaka\AppData\Local\Deployment2013-11-26 10:01 - 2013-11-26 10:01 - 00000000 ____D C:\Users\Donna Tanaka\AppData\Local\Apps\2.02013-11-26 09:57 - 2013-11-26 09:57 - 00000680 _____ C:\Users\Donna Tanaka\AppData\Local\d3d9caps.dat2013-11-25 21:29 - 2013-11-25 21:29 - 00072192 _____ C:\Users\Donna Tanaka\AppData\Local\GDIPFONTCACHEV1.DAT2013-11-25 21:29 - 2013-11-25 21:29 - 00000951 _____ C:\Users\Donna Tanaka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2013-11-25 21:29 - 2013-11-25 21:29 - 00000946 _____ C:\Users\Donna Tanaka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk2013-11-25 21:29 - 2013-11-25 21:29 - 00000917 _____ C:\Users\Donna Tanaka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk2013-11-25 21:29 - 2013-11-25 21:29 - 00000044 _____ C:\Windows\system\hpsysdrv.dat2013-11-25 21:29 - 2013-11-25 21:29 - 00000000 ____D C:\Users\Donna Tanaka\AppData\Roaming\Symantec2013-11-25 21:29 - 2013-11-25 21:29 - 00000000 ____D C:\Users\Donna Tanaka\AppData\Roaming\Snapfish2013-11-25 21:29 - 2013-11-25 21:29 - 00000000 ____D C:\Users\Donna Tanaka\AppData\Local\VirtualStore2013-11-25 21:27 - 2013-11-25 21:27 - 00000000 ____D C:\Users\Donna Tanaka\AppData\Roaming\Macromedia2013-11-25 21:26 - 2013-11-25 21:30 - 00000000 ____D C:\Users\Donna Tanaka\AppData\Roaming\Hewlett-Packard2013-11-25 21:25 - 2013-11-25 21:25 - 00001853 _____ C:\Users\Public\Desktop\Internet & Digital Services.lnk2013-11-25 21:25 - 2013-11-25 21:25 - 00001834 __RSH C:\Windows\system32\Drivers\103C_HP_CPC_KJ375AA-ABA s3400f_YC_0Pavi_QMXU810_E82NAv3PrA1_49_IAcacia_SASUSTek Computer INC._V1.02_B5.11_T080212_WUH1_L409_M3454_J500_7AMD_8Athlon 64 X2 Dual Core_92.7_#080429_N10DE03EF_Z14F12F20_G10DE03D0.MRK2013-11-25 21:25 - 2008-02-27 14:08 - 00002117 _____ C:\Users\Public\Desktop\eBay.lnk2013-11-25 21:25 - 2008-02-27 14:08 - 00002047 _____ C:\Users\Public\Desktop\MSN.lnk2013-11-25 21:24 - 2013-11-25 21:29 - 00000000 ____D C:\Users\Donna Tanaka2013-11-25 21:24 - 2013-11-25 21:24 - 00000020 ___SH C:\Users\Donna Tanaka\ntuser.ini2013-11-25 21:24 - 2008-02-27 13:58 - 00001034 _____ C:\Users\Donna Tanaka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite Deluxe.lnk2013-11-25 21:24 - 2008-01-20 18:42 - 00000000 ___RD C:\Users\Donna Tanaka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance2013-11-25 21:24 - 2008-01-20 18:42 - 00000000 ___RD C:\Users\Donna Tanaka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories2013-11-25 21:21 - 2013-12-11 12:06 - 01964121 _____ C:\Windows\WindowsUpdate.log ==================== One Month Modified Files and Folders ======= 2013-12-11 12:06 - 2013-12-11 12:06 - 00010113 _____ C:\Users\zeeland\Desktop\FRST.txt2013-12-11 12:06 - 2013-12-11 12:06 - 00000000 ____D C:\FRST2013-12-11 12:06 - 2013-11-25 21:21 - 01964121 _____ C:\Windows\WindowsUpdate.log2013-12-11 12:05 - 2013-12-11 12:05 - 01060135 _____ (Farbar) C:\Users\zeeland\Desktop\FRST.exe2013-12-11 12:02 - 2013-11-26 10:01 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2013-12-11 12:02 - 2006-11-02 05:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT2013-12-11 12:02 - 2006-11-02 04:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A02013-12-11 12:02 - 2006-11-02 04:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A02013-12-08 15:27 - 2013-12-08 15:27 - 00000714 _____ C:\Windows\setupact.log2013-12-08 15:27 - 2013-12-08 15:27 - 00000000 _____ C:\Windows\setuperr.log2013-12-08 15:27 - 2006-11-02 05:01 - 00016780 _____ C:\Windows\Tasks\SCHEDLGU.TXT2013-12-04 19:21 - 2013-12-04 19:06 - 00000000 ____D C:\Users\zeeland\Desktop\mbar2013-12-04 19:21 - 2013-12-04 19:06 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)2013-12-04 19:13 - 2013-12-04 19:06 - 00105176 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2013-12-04 19:12 - 2013-12-04 19:06 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2013-12-04 19:11 - 2013-11-26 10:01 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2013-12-04 19:05 - 2013-12-04 19:05 - 12576792 _____ (Malwarebytes Corp.) C:\Users\zeeland\Downloads\mbar-1.07.0.1007 (1).exe2013-12-04 19:05 - 2013-12-04 19:05 - 12576792 _____ (Malwarebytes Corp.) C:\Users\zeeland\Desktop\mbar-1.07.0.1007.exe2013-12-04 19:03 - 2013-12-04 19:03 - 00000000 ____D C:\Users\zeeland\Desktop\help2013-12-04 18:16 - 2013-12-04 18:16 - 00000908 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2013-12-04 18:16 - 2013-12-04 18:16 - 00000000 ____D C:\Users\zeeland\AppData\Roaming\Malwarebytes2013-12-04 18:16 - 2013-12-04 18:16 - 00000000 ____D C:\ProgramData\Malwarebytes2013-12-04 18:16 - 2013-12-04 18:16 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware2013-12-04 18:15 - 2013-12-04 18:15 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\zeeland\Downloads\mbam-setup-1.75.0.1300.exe2013-12-04 18:08 - 2013-12-04 18:08 - 00001917 _____ C:\Users\zeeland\Desktop\aswMBR.txt2013-12-04 18:08 - 2013-11-28 17:02 - 00000512 _____ C:\Users\zeeland\Desktop\MBR.dat2013-12-04 18:04 - 2013-12-04 18:04 - 00000104 _____ C:\Users\zeeland\Documents\Recycle Bin - Shortcut.lnk2013-12-04 18:03 - 2013-11-29 15:00 - 00000000 ____D C:\Program Files\Microsoft Silverlight2013-12-01 15:29 - 2013-12-01 15:29 - 00002384 _____ C:\Users\zeeland\Desktop\attach.txt2013-12-01 15:28 - 2013-12-01 15:29 - 00010298 _____ C:\Users\zeeland\Desktop\dds.txt2013-12-01 15:28 - 2013-12-01 15:28 - 00081276 _____ C:\Users\zeeland\Downloads\2.xps2013-12-01 12:53 - 2013-12-01 12:53 - 00688992 ____R (Swearware) C:\Users\zeeland\Desktop\dds.com2013-12-01 12:53 - 2013-12-01 12:53 - 00688992 _____ (Swearware) C:\Users\zeeland\Downloads\dds.scr2013-12-01 12:32 - 2013-12-01 12:32 - 00000310 _____ C:\Users\zeeland\Downloads\RootkitRemover_20131201_123229.log2013-12-01 12:13 - 2013-12-01 12:13 - 00072192 _____ C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT2013-12-01 12:13 - 2013-12-01 12:13 - 00000951 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2013-12-01 12:13 - 2013-12-01 12:13 - 00000946 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk2013-12-01 12:13 - 2013-12-01 12:13 - 00000917 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk2013-12-01 12:13 - 2013-12-01 12:13 - 00000020 ___SH C:\Users\Guest\ntuser.ini2013-12-01 12:13 - 2013-12-01 12:13 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Snapfish2013-12-01 12:13 - 2013-12-01 12:13 - 00000000 ____D C:\Users\Guest\AppData\Local\VirtualStore2013-12-01 12:13 - 2013-12-01 12:13 - 00000000 ____D C:\Users\Guest2013-11-29 18:53 - 2013-11-29 18:53 - 17245644 _____ C:\Users\zeeland\Downloads\fiction.xps2013-11-29 18:21 - 2013-11-29 18:21 - 00860176 _____ (Microsoft Corporation) C:\Users\zeeland\Downloads\mssstool32.exe2013-11-29 18:17 - 2013-11-29 18:17 - 00511248 _____ (Microsoft Corporation) C:\Users\zeeland\Downloads\nis_full.exe2013-11-29 18:06 - 2013-11-26 13:24 - 00000000 ___HD C:\TOOLWIZ2013-11-29 18:06 - 2013-11-26 13:11 - 00000000 ____D C:\Users\zeeland2013-11-29 14:58 - 2013-11-29 14:58 - 00000000 ____D C:\Windows\system32\MRT2013-11-29 14:56 - 2013-11-29 14:56 - 00000310 _____ C:\Users\zeeland\Downloads\RootkitRemover_20131129_145639.log2013-11-29 14:56 - 2013-11-29 14:56 - 00000310 _____ C:\Users\zeeland\Downloads\RootkitRemover_20131129_145621.log2013-11-29 14:56 - 2013-11-29 14:56 - 00000310 _____ C:\Users\zeeland\Downloads\RootkitRemover_20131129_145618.log2013-11-29 14:46 - 2013-11-29 14:46 - 00000680 _____ C:\Users\zeeland\AppData\Local\d3d9caps.dat2013-11-29 13:42 - 2013-11-29 13:42 - 01441838 _____ C:\Users\zeeland\Downloads\Daily Deal Millionaires.zip2013-11-28 19:13 - 2013-11-28 19:13 - 00283757 _____ C:\Users\zeeland\Desktop\3.xps2013-11-28 19:12 - 2013-11-28 19:12 - 00081276 _____ C:\Users\zeeland\Desktop\2.xps2013-11-28 19:12 - 2013-11-28 19:11 - 17245644 _____ C:\Users\zeeland\Desktop\fiction.xps2013-11-28 18:51 - 2013-11-28 18:51 - 13317370 _____ C:\Users\zeeland\Desktop\Tee_Profits.zip2013-11-28 18:34 - 2013-11-28 18:33 - 02990323 _____ C:\Users\zeeland\Downloads\KM.rar2013-11-28 18:26 - 2013-11-28 18:26 - 19236964 _____ C:\DONNATANAKA-PC_2013.11.28-1752.27_9B31A9DB-00BD-00A1-006A-00153AC32D20_816.zip2013-11-28 18:26 - 2013-11-28 17:52 - 00000000 ____D C:\Users\zeeland\Downloads\TrendMicro AntiThreat Toolkit2013-11-28 18:26 - 2013-11-28 10:41 - 00000332 _____ C:\Users\zeeland\Downloads\Result.txt2013-11-28 17:49 - 2013-11-28 17:48 - 23658800 _____ (Trend Micro Inc.) C:\Users\zeeland\Downloads\attk_ScanCleanOnline_gui_x86.exe2013-11-28 17:30 - 2013-11-28 17:30 - 03298896 _____ (Trend Micro Inc.) C:\Users\zeeland\Downloads\attk_collector_cli_x86 (1).exe2013-11-28 17:27 - 2013-11-28 17:27 - 03298896 _____ (Trend Micro Inc.) C:\Users\zeeland\Downloads\attk_collector_cli_x86.exe2013-11-28 17:24 - 2013-11-28 17:24 - 00000310 _____ C:\Users\zeeland\Downloads\RootkitRemover_20131128_172405.log2013-11-28 17:23 - 2013-11-28 17:23 - 00782640 _____ (McAfee, Inc.) C:\Users\zeeland\Downloads\rootkitremover.exe2013-11-28 17:20 - 2013-11-28 17:20 - 07103512 _____ (Bitdefender LLC) C:\Users\zeeland\Desktop\BootkitRemoval_x86.exe2013-11-28 17:13 - 2013-11-28 17:13 - 01258032 _____ C:\Users\zeeland\Downloads\avg_remover_bootkit (2).exe2013-11-28 17:13 - 2013-11-28 17:13 - 00000151 _____ C:\Users\zeeland\Documents\VirusRemover.log2013-11-28 17:12 - 2013-11-28 17:12 - 01258032 _____ C:\Users\zeeland\Downloads\avg_remover_bootkit (1).exe2013-11-28 17:09 - 2013-11-28 17:09 - 01258032 _____ C:\Users\zeeland\Downloads\avg_remover_bootkit.exe2013-11-28 17:03 - 2013-11-28 17:03 - 00044607 _____ C:\Users\zeeland\Downloads\bootkit_remover.zip2013-11-28 17:02 - 2013-11-28 17:02 - 00002079 _____ C:\Users\zeeland\Downloads\aswMBR.txt2013-11-28 15:36 - 2013-11-28 15:36 - 04745728 _____ (AVAST Software) C:\Users\zeeland\Downloads\aswMBR.exe2013-11-28 15:33 - 2013-11-28 15:33 - 00235560 _____ C:\Users\zeeland\AppData\Local\census.cache2013-11-28 15:33 - 2013-11-28 15:33 - 00199427 _____ C:\Users\zeeland\AppData\Local\ars.cache2013-11-28 15:12 - 2013-11-28 15:12 - 02002320 _____ (Trend Micro Inc.) C:\Users\zeeland\Downloads\HousecallLauncher.exe2013-11-28 15:12 - 2013-11-28 15:12 - 00000036 _____ C:\Users\zeeland\AppData\Local\housecall.guid.cache2013-11-28 11:33 - 2013-11-28 11:33 - 00456799 _____ C:\Users\zeeland\Downloads\pg1155.txt2013-11-28 10:41 - 2013-11-28 10:41 - 00360587 _____ (Farbar) C:\Users\zeeland\Downloads\ListParts.exe2013-11-28 10:24 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\rescache2013-11-28 10:17 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Microsoft.NET2013-11-28 10:07 - 2013-11-28 10:07 - 00000000 ____D C:\TDSSKiller_Quarantine2013-11-28 10:04 - 2013-11-28 10:04 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\zeeland\Downloads\tdsskiller.exe2013-11-28 09:42 - 2013-11-28 09:42 - 00000000 ____D C:\Users\zeeland\AppData\Roaming\CyberLink2013-11-28 09:42 - 2013-11-28 09:42 - 00000000 ____D C:\Users\Public\CyberLink2013-11-28 09:42 - 2013-11-28 09:42 - 00000000 ____D C:\ProgramData\CyberLink2013-11-28 09:42 - 2006-11-02 03:18 - 00000000 ___RD C:\Users\Public2013-11-28 09:41 - 2013-11-28 09:36 - 389330944 _____ C:\Users\zeeland\Downloads\kav_rescue_10.iso2013-11-27 13:44 - 2013-11-27 13:43 - 89886059 _____ C:\Users\zeeland\Downloads\Unconfirmed 419508.crdownload2013-11-27 12:45 - 2013-11-26 13:12 - 00072192 _____ C:\Users\zeeland\AppData\Local\GDIPFONTCACHEV1.DAT2013-11-27 12:45 - 2006-11-02 04:47 - 00286144 _____ C:\Windows\system32\FNTCACHE.DAT2013-11-27 12:42 - 2013-11-26 13:24 - 00000000 ____D C:\Users\zeeland\AppData\Local\ToolwizCareFree2013-11-27 12:42 - 2008-02-27 14:13 - 00000000 ____D C:\Windows\SMINST2013-11-27 12:32 - 2013-11-27 12:32 - 00000000 ____D C:\Users\zeeland\AppData\Roaming\QuickScan2013-11-27 12:28 - 2013-11-27 12:27 - 00000000 ____D C:\Users\zeeland\AppData\Roaming\HpUpdate2013-11-27 12:27 - 2013-11-27 12:27 - 00000000 ____D C:\Windows\Hewlett-Packard2013-11-27 12:27 - 2008-02-27 13:52 - 00000000 ____D C:\Program Files\HP2013-11-27 12:25 - 2013-11-27 12:25 - 00000000 ____D C:\Users\zeeland\AppData\Local\Hewlett-Packard2013-11-27 08:41 - 2006-11-02 02:33 - 00690960 _____ C:\Windows\system32\PerfStringBackup.INI2013-11-27 08:34 - 2006-11-02 04:37 - 00000000 ____D C:\Windows\system32\XPSViewer2013-11-27 08:34 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Movie Maker2013-11-27 07:49 - 2008-02-27 14:01 - 00000000 ____D C:\Program Files\Microsoft Works2013-11-27 07:32 - 2006-11-02 03:18 - 00000000 ____D C:\Program Files\Common Files\microsoft shared2013-11-27 07:30 - 2013-11-27 07:30 - 90642704 _____ (Microsoft Corporation) C:\Users\zeeland\Desktop\msert.exe2013-11-26 13:53 - 2013-11-26 13:53 - 00002154 _____ C:\Windows\epplauncher.mif2013-11-26 13:48 - 2013-11-26 13:48 - 00000000 ____D C:\Users\zeeland\AppData\Roaming\Macromedia2013-11-26 13:47 - 2013-11-26 13:46 - 00000000 ____D C:\Program Files\Microsoft Security Client2013-11-26 13:41 - 2008-02-27 14:10 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared2013-11-26 13:37 - 2013-11-26 13:37 - 00869456 _____ C:\Users\zeeland\Downloads\Norton_Removal_Tool (1).exe2013-11-26 13:35 - 2013-11-26 13:35 - 00869456 _____ C:\Users\zeeland\Downloads\Norton_Removal_Tool.exe2013-11-26 13:24 - 2013-11-26 13:24 - 00048640 _____ (Toolwiz.com) C:\Windows\system32\Drivers\KSafeDISK.sys2013-11-26 13:24 - 2013-11-26 13:24 - 00045952 _____ (Toolwiz.com) C:\Windows\system32\Drivers\BTOWSVF.sys2013-11-26 13:24 - 2013-11-26 13:24 - 00027648 _____ (Toolwiz.com) C:\Windows\system32\Drivers\BTOWSFF.sys2013-11-26 13:24 - 2013-11-26 13:24 - 00000877 _____ C:\Users\zeeland\Desktop\Toolwiz Care.lnk2013-11-26 13:24 - 2013-11-26 13:24 - 00000877 _____ C:\Users\Donna Tanaka\Desktop\Toolwiz Care.lnk2013-11-26 13:24 - 2013-11-26 13:24 - 00000000 ____D C:\Program Files\ToolwizCareFree2013-11-26 13:23 - 2013-11-26 13:23 - 07619344 _____ (ToolWiz) C:\Users\zeeland\Downloads\Setup_ToolwizCare.exe2013-11-26 13:18 - 2013-11-26 13:17 - 11125072 _____ (Microsoft Corporation) C:\Users\zeeland\Downloads\mseinstall.exe2013-11-26 13:13 - 2013-11-26 13:13 - 00000000 ____D C:\Users\zeeland\AppData\Roaming\Hewlett-Packard2013-11-26 13:12 - 2013-11-26 13:12 - 00000000 ____D C:\Users\zeeland\AppData\Roaming\Symantec2013-11-26 13:12 - 2013-11-26 13:12 - 00000000 ____D C:\Users\zeeland\AppData\Roaming\Snapfish2013-11-26 13:12 - 2013-11-26 13:12 - 00000000 ____D C:\Users\zeeland\AppData\Local\Google2013-11-26 13:12 - 2013-11-26 13:11 - 00000000 ____D C:\Users\zeeland\AppData\Local\VirtualStore2013-11-26 13:11 - 2013-11-26 13:11 - 00000951 _____ C:\Users\zeeland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2013-11-26 13:11 - 2013-11-26 13:11 - 00000946 _____ C:\Users\zeeland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk2013-11-26 13:11 - 2013-11-26 13:11 - 00000917 _____ C:\Users\zeeland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk2013-11-26 13:11 - 2013-11-26 13:11 - 00000020 ___SH C:\Users\zeeland\ntuser.ini2013-11-26 10:02 - 2013-11-26 10:02 - 00001973 _____ C:\Users\Public\Desktop\Google Chrome.lnk2013-11-26 10:02 - 2013-11-26 10:01 - 00000000 ____D C:\Users\Donna Tanaka\AppData\Local\Google2013-11-26 10:02 - 2013-11-26 10:01 - 00000000 ____D C:\Program Files\Google2013-11-26 10:01 - 2013-11-26 10:01 - 00000000 ____D C:\Users\Donna Tanaka\AppData\Local\Deployment2013-11-26 10:01 - 2013-11-26 10:01 - 00000000 ____D C:\Users\Donna Tanaka\AppData\Local\Apps\2.02013-11-26 09:57 - 2013-11-26 09:57 - 00000680 _____ C:\Users\Donna Tanaka\AppData\Local\d3d9caps.dat2013-11-26 09:57 - 2008-02-27 13:37 - 00000000 ___HD C:\hp2013-11-25 21:30 - 2013-11-25 21:26 - 00000000 ____D C:\Users\Donna Tanaka\AppData\Roaming\Hewlett-Packard2013-11-25 21:30 - 2008-02-27 14:04 - 00000000 ____D C:\ProgramData\Hewlett-Packard2013-11-25 21:29 - 2013-11-25 21:29 - 00072192 _____ C:\Users\Donna Tanaka\AppData\Local\GDIPFONTCACHEV1.DAT2013-11-25 21:29 - 2013-11-25 21:29 - 00000951 _____ C:\Users\Donna Tanaka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2013-11-25 21:29 - 2013-11-25 21:29 - 00000946 _____ C:\Users\Donna Tanaka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk2013-11-25 21:29 - 2013-11-25 21:29 - 00000917 _____ C:\Users\Donna Tanaka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk2013-11-25 21:29 - 2013-11-25 21:29 - 00000044 _____ C:\Windows\system\hpsysdrv.dat2013-11-25 21:29 - 2013-11-25 21:29 - 00000000 ____D C:\Users\Donna Tanaka\AppData\Roaming\Symantec2013-11-25 21:29 - 2013-11-25 21:29 - 00000000 ____D C:\Users\Donna Tanaka\AppData\Roaming\Snapfish2013-11-25 21:29 - 2013-11-25 21:29 - 00000000 ____D C:\Users\Donna Tanaka\AppData\Local\VirtualStore2013-11-25 21:29 - 2013-11-25 21:24 - 00000000 ____D C:\Users\Donna Tanaka2013-11-25 21:29 - 2008-02-27 13:51 - 00000000 ____D C:\ProgramData\NVIDIA2013-11-25 21:29 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\system2013-11-25 21:27 - 2013-11-25 21:27 - 00000000 ____D C:\Users\Donna Tanaka\AppData\Roaming\Macromedia2013-11-25 21:25 - 2013-11-25 21:25 - 00001853 _____ C:\Users\Public\Desktop\Internet & Digital Services.lnk2013-11-25 21:25 - 2013-11-25 21:25 - 00001834 __RSH C:\Windows\system32\Drivers\103C_HP_CPC_KJ375AA-ABA s3400f_YC_0Pavi_QMXU810_E82NAv3PrA1_49_IAcacia_SASUSTek Computer INC._V1.02_B5.11_T080212_WUH1_L409_M3454_J500_7AMD_8Athlon 64 X2 Dual Core_92.7_#080429_N10DE03EF_Z14F12F20_G10DE03D0.MRK2013-11-25 21:25 - 2008-02-27 14:05 - 00000000 ___RD C:\Program Files\Online Services2013-11-25 21:25 - 2006-11-02 04:37 - 00000000 ____D C:\Windows\system32\restore2013-11-25 21:24 - 2013-11-25 21:24 - 00000020 ___SH C:\Users\Donna Tanaka\ntuser.ini2013-11-25 21:21 - 2006-11-02 03:18 - 00000000 __RHD C:\Users\Default2013-11-25 21:16 - 2008-02-27 13:37 - 00000000 ____D C:\Windows\Panther2013-11-19 02:21 - 2013-11-26 10:04 - 00230048 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe Some content of TEMP:====================C:\Users\Donna Tanaka\AppData\Local\Temp\swt-win32-3333.dllC:\Users\Donna Tanaka\AppData\Local\Temp\symlcsv1.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legitC:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-12-04 18:15 ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
stuff2 Posted December 11, 2013 Author ID:763457 Share Posted December 11, 2013 here is the second scan Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-12-2013Ran by zeeland at 2013-12-11 12:06:55Running from C:\Users\zeeland\DesktopBoot Mode: Normal========================================================== ==================== Security Center ======================== AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} ==================== Installed Programs ====================== Adobe Flash Player ActiveX (Version: 9.0.45.0)Adobe Reader 8.1.0 (Version: 8.1.0)Cards_Calendar_OrderGift_DoMorePlugout (Version: 1.00.0000)Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)CyberLink DVD Suite Deluxe (Version: 5.5.1126)Enhanced Multimedia Keyboard SolutionGoogle Chrome (Version: 31.0.1650.57)Google Update Helper (Version: 1.3.21.165)Hardware Diagnostic Tools (Version: 5.1.4708.19)Hewlett-Packard Active Check (Version: 1.1.11.0)Hewlett-Packard Asset Agent for Health Check (Version: 2.0.62.5)HP Customer Experience Enhancements (Version: 5.6.0.2499)HP Customer Feedback (Version: 1.0.0)HP Demo (Version: 4.1.0)HP Easy Setup - Frontend (Version: 5.6.0.2542)HP On-Screen Cap/Num/Scroll Lock IndicatorHP Photosmart Essential 2.5 (Version: 1.02.0000)HP Photosmart Essential 2.5 (Version: 2.5)HP Picasso Media Center Add-In (Version: 1.0.0)HP Total Care Advisor (Version: 1.6.12.2542)HP Update (Version: 5.005.000.002)HPPhotoSmartPhotobookWebPack1 (Version: 1.00.0000)Java SE Runtime Environment 6 Update 1 (Version: 1.6.0.10)LabelPrint (Version: 2.2.2329)LightScribe System Software 1.10.23.1 (Version: 1.10.23.1)LightScribeTemplateLabeler (Version: 1.10.23.1)Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)Microsoft .NET Framework 3.5 SP1Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)Microsoft Office Home and Student 60 day trialMicrosoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)Microsoft Security Client (Version: 4.4.0304.0)Microsoft Security Essentials (Version: 4.4.304.0)Microsoft Silverlight (Version: 5.1.20913.0)Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)Microsoft Works (Version: 9.7.0621)muvee autoProducer 6.1 (Version: 6.10.050)My HP Games (Version: HPCMPQ1902)NVIDIA DriversPower2Go (Version: 5.6.3610)PowerDirector (Version: 6.5.2420)PSSWCORE (Version: 2.02.0000)Python 2.5 (Version: 2.5.150)Realtek High Definition Audio DriverSnapfish Picture Mover (Version: 1.9.0.16)Soft Data Fax Modem with SmartCP (Version: 7.74.00)Toolwiz Care (Version: 3.1.0.5100)Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)VideoToolkit01 (Version: 100.0.128.000)WeatherBug Gadget (Version: 1.0.0.6)Yahoo! Toolbar ==================== Restore Points ========================= 26-11-2013 05:25:15 Scripted restore26-11-2013 18:04:20 Windows Update26-11-2013 21:24:42 Toolwiz Care(3.1.0.5100)26-11-2013 21:46:25 Windows Update26-11-2013 21:51:10 Windows Update26-11-2013 22:00:06 Windows Update27-11-2013 15:30:51 Windows Update28-11-2013 17:32:32 Windows Update28-11-2013 17:41:50 Windows Update29-11-2013 21:44:14 Windows Update29-11-2013 22:57:36 Windows Update29-11-2013 23:18:11 Windows Update30-11-2013 02:15:41 Windows Update30-11-2013 02:18:22 Windows Update05-12-2013 01:52:34 Windows Update05-12-2013 03:15:28 Windows Update ==================== Hosts content: ========================== 2006-11-02 02:23 - 2006-09-18 13:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost::1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {14BE614B-BFEE-4332-84E9-5577E2FF7E50} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-11-26] (Google Inc.)Task: {1C4F2298-1498-4526-8383-4F6CB5437ED0} - System32\Tasks\ExtendedServicePlan => C:\Program Files\Hewlett-Packard\SDP\RemEngine.exe [2007-12-17] ()Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMMTask: {29FBD9BE-9C1F-4EB9-8151-B9F090620079} - System32\Tasks\PC-Doctor\Scheduled Maintenance => C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe [2007-10-04] (PC-Doctor, Inc.)Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UITask: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPagesTask: {3FE2FF18-EFF6-4249-8E42-C61ABC6F52BB} - System32\Tasks\ServicePlan => C:\Program Files\Hewlett-Packard\SDP\RemEngine.exe [2007-12-17] ()Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\WINDOWS\System32\RacAgent.exe [2008-01-20] (Microsoft Corporation)Task: {5B1F54CC-7F50-4B7D-9C33-86B5E427E135} - System32\Tasks\PC-Doctor\Scheduled Maintenance Swap => C:\Program Files\PC-Doctor 5 for Windows\task_swap.bat [2008-02-27] ()Task: {73F25119-D79E-4FEA-9265-72C3292D2848} - System32\Tasks\IntenetServiceOffers => C:\Program Files\Hewlett-Packard\SDP\RemEngine.exe [2007-12-17] ()Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => C:\WINDOWS\System32\pla.dll [2008-01-20] (Microsoft Corporation)Task: {C2518D44-021D-40B8-B161-22170A16F23A} - System32\Tasks\ToolwizCareFree => C:\Program Files\ToolwizCareFree\ToolwizCares.exe [2013-11-26] (Toolwiz)Task: {C2E45A30-41F1-45B2-9C0B-CB35B473A2A4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-11-26] (Google Inc.)Task: {D58921BA-0D80-4346-99BA-796CEA5807DD} - System32\Tasks\RecoveryCD => C:\Program Files\Hewlett-Packard\SDP\RemEngine.exe [2007-12-17] ()Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\WINDOWS\System32\gatherWirelessInfo.vbs [2008-01-20] ()Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (12/11/2013 00:03:14 PM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/04/2013 06:11:56 PM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/04/2013 06:04:53 PM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/04/2013 05:50:28 PM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/01/2013 03:28:17 PM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/01/2013 03:27:20 PM) (Source: EventSystem) (User: )Description: d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c Error: (12/01/2013 00:14:28 PM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/01/2013 00:07:35 PM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/29/2013 06:07:59 PM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/29/2013 03:07:59 PM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors:=============Error: (12/11/2013 00:03:15 PM) (Source: Service Control Manager) (User: )Description: Parallel port driver%%1058 Error: (12/11/2013 00:03:07 PM) (Source: Microsoft Antimalware) (User: )Description: %Trojan:DOS/Alureon.K60 has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following:%Trojan:DOS/Alureon.K603 Name: Trojan:DOS/Alureon.K ID: 2147660148 Severity: %Trojan:DOS/Alureon.K600 Category: %Trojan:DOS/Alureon.K602 Path: 4.4.0304.02 Detection Origin: 4.4.0304.04 Detection Type: 4.4.0304.08 Detection Source: %Trojan:DOS/Alureon.K608 User: {C18C25C1-0222-4014-8C0F-D028060F7894}9 Process Name: %Trojan:DOS/Alureon.K609 Action: {C18C25C1-0222-4014-8C0F-D028060F7894}1 Action Status: {C18C25C1-0222-4014-8C0F-D028060F7894}8 Error Code: {C18C25C1-0222-4014-8C0F-D028060F7894}3 Error description: {C18C25C1-0222-4014-8C0F-D028060F7894}4 Signature Version: 2013-12-11T20:02:28.122Z1 Engine Version: 2013-12-11T20:02:28.122Z2 Error: (12/11/2013 00:02:16 PM) (Source: HTTP) (User: )Description: \Device\Http\ReqQueueKerberos Error: (12/08/2013 03:27:34 PM) (Source: HTTP) (User: )Description: \Device\Http\ReqQueueKerberos Error: (12/04/2013 08:05:26 PM) (Source: DCOM) (User: )Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED} Error: (12/04/2013 08:05:03 PM) (Source: DCOM) (User: )Description: {6295DF2D-35EE-11D1-8707-00C04FD93327} Error: (12/04/2013 07:21:49 PM) (Source: mbamchameleon) (User: )Description: PROGRAM FILES\MICROSOFT SECURITY CLIENT\MPCMDRUN.EXE Error: (12/04/2013 07:21:49 PM) (Source: mbamchameleon) (User: )Description: PROGRAM FILES\MICROSOFT SECURITY CLIENT\MPCMDRUN.EXE Error: (12/04/2013 07:21:49 PM) (Source: mbamchameleon) (User: )Description: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSSECES.EXE Error: (12/04/2013 07:21:49 PM) (Source: mbamchameleon) (User: )Description: 1\PROGRAM FILES\MICROSOFT SECURITY CLIENT\NISSRV.EXE Microsoft Office Sessions:=========================Error: (12/11/2013 00:03:14 PM) (Source: WinMgmt)(User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/04/2013 06:11:56 PM) (Source: WinMgmt)(User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/04/2013 06:04:53 PM) (Source: WinMgmt)(User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/04/2013 05:50:28 PM) (Source: WinMgmt)(User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/01/2013 03:28:17 PM) (Source: WinMgmt)(User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/01/2013 03:27:20 PM) (Source: EventSystem)(User: )Description: d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c Error: (12/01/2013 00:14:28 PM) (Source: WinMgmt)(User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/01/2013 00:07:35 PM) (Source: WinMgmt)(User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/29/2013 06:07:59 PM) (Source: WinMgmt)(User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/29/2013 03:07:59 PM) (Source: WinMgmt)(User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 CodeIntegrity Errors:=================================== Date: 2013-12-11 12:06:52.968 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2013-12-11 12:06:52.906 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2013-12-11 12:06:52.832 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2013-12-11 12:06:52.769 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2013-12-11 12:06:51.589 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2013-12-11 12:06:51.529 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2013-12-11 12:06:51.465 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2013-12-11 12:06:51.400 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2013-12-11 12:06:51.341 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2013-12-11 12:06:51.281 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 34%Total physical RAM: 3453.64 MBAvailable physical RAM: 2251.72 MBTotal Pagefile: 7097.76 MBAvailable Pagefile: 5898.94 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1912.92 MB ==================== Drives ================================ Drive c: (HP) (Fixed) (Total:456.43 GB) (Free:407.07 GB) NTFS ==>[Drive with boot components (obtained from BCD)]Drive d: (FACTORY_IMAGE) (Fixed) (Total:9.33 GB) (Free:1.27 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 466 GB) (Disk ID: 1549F232)Partition 1: (Active) - (Size=456 GB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=2544 KB) - (Type=17) ATTENTION ===> Suspicious partition bootkit on partition 2Partition 3: (Not Active) - (Size=9 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
Maniac Posted December 11, 2013 ID:763493 Share Posted December 11, 2013 Thanks! Step 1 Please download the latest version of TDSSKiller from here and save it to your Desktop.Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters. Put a checkmark beside loaded modules. A reboot will be needed to apply the changes. Do it.TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.Then click on Change parameters in TDSSKiller.Check all boxes then click OK. Click the Start Scan button. The scan should take no longer than 2 minutes.If a suspicious object is detected, the default action will be Skip, click on Continue. If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options. Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.Step 2 Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here Please visit this webpage and read the ComboFix User's Guide:Once you've read the article and are ready to use the program you can download it directly from the link below.Important! - Please make sure you save combofix to your desktop and do not run it from your browserDirect download link for: ComboFix.exePlease make sure you disable your security applications before running ComboFix.Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.Please copy/paste the contents or attach that log file to your next reply.If needed the file can be located here: C:\combofix.txtNOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.In your next reply, post the following log files:TDSSKiller logComboFix log Link to post Share on other sites More sharing options...
stuff2 Posted December 17, 2013 Author ID:765611 Share Posted December 17, 2013 Thank you so much for your help. I am now using a libarary computer. I think both computers are have some problem with trojanscan not open virus, or dowload one or send to some bogus page. when i do get one to run it comes back from a full scan in 30 seconds or less.even in safe mode having the same problems. I will still keep tring it's it putting a drain on me. I am sorry it looks like it will be slow going tackling this one.I do have a tddsskiller log I will send that one to you as soon as I can. - Link to post Share on other sites More sharing options...
Maniac Posted December 18, 2013 ID:765793 Share Posted December 18, 2013 Thanks for letting me know! Link to post Share on other sites More sharing options...
stuff2 Posted December 24, 2013 Author ID:768400 Share Posted December 24, 2013 I did the killer tdsskiller and the combo fix 2 or more times they were no logs made at all. I looked around and no logs. I even tried in safe mode same I even tried it on my laptop it just crash or frozen. If nothing else I was thinking about erasing hard drive, reformatting did not get rid of it before.. Link to post Share on other sites More sharing options...
Maniac Posted December 25, 2013 ID:768812 Share Posted December 25, 2013 Please download Rkill by Grinler from one of the links below and save it to your desktop. Link 1 Link 2On Windows XP double-click on the Rkill desktop icon to run the tool.On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As AdministratorA black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.Do not reboot the computer, you will need to run the application again. Link to post Share on other sites More sharing options...
stuff2 Posted December 27, 2013 Author ID:769224 Share Posted December 27, 2013 Hi tdds needed to be reboot to work. so I just did the combofix nether one produce a log. I did them a couple of times, it froze, or it did reboot but windows said it needed to shot down and it did.I do not what to say. Link to post Share on other sites More sharing options...
Maniac Posted December 27, 2013 ID:769409 Share Posted December 27, 2013 Don't run them several times. Follow my instructions. https://forums.malwarebytes.org/index.php?showtopic=137642&p=768812 Link to post Share on other sites More sharing options...
stuff2 Posted December 29, 2013 Author ID:770132 Share Posted December 29, 2013 comfix must have rebooted I had to take care of something else when i got back the log in screen was on, i log back in waited a box pop up and sad windows have to shout down. I left it there an just waited not sure what i was waiting for. that was it. tdsskiller I no log pop up below is the report i copy and paste below. trojan still there.. 14:54:26.0179 0x125c ============================================================14:54:26.0179 0x125c Current date / time: 2013/12/28 14:54:26.017914:54:26.0179 0x125c SystemInfo:14:54:26.0179 0x125c 14:54:26.0179 0x125c OS Version: 6.0.6002 ServicePack: 2.014:54:26.0179 0x125c Product type: Workstation14:54:26.0179 0x125c ComputerName: DONNATANAKA-PC14:54:26.0179 0x125c UserName: zeeland14:54:26.0179 0x125c Windows directory: C:\Windows14:54:26.0179 0x125c System windows directory: C:\Windows14:54:26.0179 0x125c Processor architecture: Intel x8614:54:26.0180 0x125c Number of processors: 214:54:26.0180 0x125c Page size: 0x100014:54:26.0180 0x125c Boot type: Normal boot14:54:26.0180 0x125c ============================================================14:54:26.0306 0x125c KLMD registered as C:\Windows\system32\drivers\00753558.sys14:54:26.0405 0x125c System UUID: {9E7FC0FF-1A65-040B-BE06-621358B97DDF}14:54:26.0849 0x125c Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000005014:54:26.0867 0x125c ============================================================14:54:26.0867 0x125c \Device\Harddisk0\DR0:14:54:26.0867 0x125c MBR partitions:14:54:26.0867 0x125c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x390DB9C014:54:26.0867 0x125c \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x390DB9FF, BlocksNum 0x12A924214:54:26.0867 0x125c ============================================================14:54:26.0899 0x125c C: <-> \Device\Harddisk0\DR0\Partition114:54:26.0949 0x125c D: <-> \Device\Harddisk0\DR0\Partition214:54:26.0949 0x125c ============================================================14:54:26.0949 0x125c Initialize success14:54:26.0949 0x125c ============================================================14:54:34.0218 0x12ac ============================================================14:54:34.0218 0x12ac Scan started14:54:34.0218 0x12ac Mode: Manual; SigCheck; TDLFS; 14:54:34.0218 0x12ac ============================================================14:54:34.0218 0x12ac KSN ping started14:54:34.0267 0x12ac KSN ping finished: false14:54:38.0278 0x12ac ================ Scan system memory ========================14:54:38.0279 0x12ac System memory - ok14:54:38.0279 0x12ac ================ Scan services =============================14:54:38.0407 0x12ac 22475791 - ok14:54:38.0456 0x12ac [ 82B296AE1892FE3DBEE00C9CF92F8AC7, 54B22BA63E1DA616B546992141B0C3117BA057283B8F60CB9BECE203661FEBF3 ] ACPI C:\Windows\system32\drivers\acpi.sys14:54:38.0547 0x12ac ACPI - ok14:54:38.0873 0x12ac [ 04F0FCAC69C7C71A3AC4EB97FAFC8303, FBBDD38574A1F66A5AA12B82E34FDE60B870180C4B7100C15757539DC869ED4B ] adp94xx C:\Windows\system32\drivers\adp94xx.sys14:54:38.0895 0x12ac adp94xx - ok14:54:38.0917 0x12ac [ 60505E0041F7751BDBB80F88BF45C2CE, 1DE16042B8ABD7B643189E836DE273832EE743FD66AFBB641E8049C4E0CD04D8 ] adpahci C:\Windows\system32\drivers\adpahci.sys14:54:38.0931 0x12ac adpahci - ok14:54:38.0960 0x12ac [ 8A42779B02AEC986EAB64ECFC98F8BD7, B89938EFF4E81FA44197D2D839EBD3340DDE01FBC79605049C088621784C1B91 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys14:54:38.0970 0x12ac adpu160m - ok14:54:39.0000 0x12ac [ 241C9E37F8CE45EF51C3DE27515CA4E5, 1A03E93DD8C1F3640C96124A14A3D0F4E349B06CCA2118CE40B8AE201A4030A7 ] adpu320 C:\Windows\system32\drivers\adpu320.sys14:54:39.0010 0x12ac adpu320 - ok14:54:39.0043 0x12ac [ 9D1FDA9E086BA64E3C93C9DE32461BCF, 200FD0BFC811EC8993AF9FC78F58823ECC717063F438B627FBCDD6BD7790CAA8 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll14:54:39.0072 0x12ac AeLookupSvc - ok14:54:39.0112 0x12ac [ 3911B972B55FEA0478476B2E777B29FA, 62545B90C7DD3F73777E62CD8264E611A4D71B6956CABFD2D820D25F41F471FD ] AFD C:\Windows\system32\drivers\afd.sys14:54:39.0130 0x12ac AFD - ok14:54:39.0187 0x12ac [ 13F9E33747E6B41A3FF305C37DB0D360, 066DD6060B1CF93F85BBAAA52848C801128CD294E8B7EACD912E0EF219DBFBC2 ] agp440 C:\Windows\system32\drivers\agp440.sys14:54:39.0195 0x12ac agp440 - ok14:54:39.0214 0x12ac [ AE1FDF7BF7BB6C6A70F67699D880592A, B831BF156FC49287A19FC149383D437B1034EA6F42CE9D761EB90ABD0F8D96B1 ] aic78xx C:\Windows\system32\drivers\djsvs.sys14:54:39.0224 0x12ac aic78xx - ok14:54:39.0244 0x12ac [ A1545B731579895D8CC44FC0481C1192, 6B0EE833BA39C142D625A03586CCD8F6C9C3136C603CE5DF5BAC1AA3423E3E7F ] ALG C:\Windows\System32\alg.exe14:54:39.0268 0x12ac ALG - ok14:54:39.0290 0x12ac [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91, 0EADB6AE21FEDAB55D41F41B638198B556CC2BE2EE57F6C8B40EB044A318319F ] aliide C:\Windows\system32\drivers\aliide.sys14:54:39.0297 0x12ac aliide - ok14:54:39.0321 0x12ac [ C47344BC706E5F0B9DCE369516661578, 689C9CDAF6F38227F1C34359CAEB3C7798F318EDFD4B7FE532FBE3C8E4EE3DC8 ] amdagp C:\Windows\system32\drivers\amdagp.sys14:54:39.0329 0x12ac amdagp - ok14:54:39.0355 0x12ac [ 9B78A39A4C173FDBC1321E0DD659B34C, 2CA66EB68AD7A317D91C13B8CFD4E8CA985926A610D19595B613F5553B145C7B ] amdide C:\Windows\system32\drivers\amdide.sys14:54:39.0362 0x12ac amdide - ok14:54:39.0385 0x12ac [ 18F29B49AD23ECEE3D2A826C725C8D48, 0FA08882301D218E367E63E1966B6406220EE94BAE7E7DAD6E55EB70BF6FED7F ] AmdK7 C:\Windows\system32\drivers\amdk7.sys14:54:39.0408 0x12ac AmdK7 - ok14:54:39.0461 0x12ac [ 93AE7F7DD54AB986A6F1A1B37BE7442D, ECE0ABA2DECEED94AC678240A4B604F04022F0740F2295CBD07D25F5917E878A ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys14:54:39.0518 0x12ac AmdK8 - ok14:54:39.0550 0x12ac [ C6D704C7F0434DC791AAC37CAC4B6E14, 35CF7D1895F97637E0C678A39F3049B871BCA9526D379C7793ED33B87D2EAC4C ] Appinfo C:\Windows\System32\appinfo.dll14:54:39.0563 0x12ac Appinfo - ok14:54:39.0621 0x12ac [ 5D2888182FB46632511ACEE92FDAD522, 2E53231ACAF9B2FB7993DBC1CD15C06D7B0CCE0D08DAFF7B0CC13A2040028A75 ] arc C:\Windows\system32\drivers\arc.sys14:54:39.0632 0x12ac arc - ok14:54:39.0680 0x12ac [ 5E2A321BD7C8B3624E41FDEC3E244945, 9D47FF6C823868F2267FEFAB5851D3CD2BC3F619A2D6EFF803EA22DB0509C450 ] arcsas C:\Windows\system32\drivers\arcsas.sys14:54:39.0690 0x12ac arcsas - ok14:54:39.0723 0x12ac [ 53B202ABEE6455406254444303E87BE1, 4C91CA8DD345FEDD74A6AF2C07580717703F979B7DE2532B1D00B9F6896DDE70 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys14:54:39.0749 0x12ac AsyncMac - ok14:54:39.0817 0x12ac [ 1F05B78AB91C9075565A9D8A4B880BC4, 737BE9F9376DAB0CCDFED93EA6D67F0C432367EA63CD772A453485BE769AF3BD ] atapi C:\Windows\system32\drivers\atapi.sys14:54:39.0827 0x12ac atapi - ok14:54:39.0908 0x12ac [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll14:54:39.0940 0x12ac AudioEndpointBuilder - ok14:54:39.0965 0x12ac [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] Audiosrv C:\Windows\System32\Audiosrv.dll14:54:39.0998 0x12ac Audiosrv - ok14:54:40.0017 0x12ac [ 67E506B75BD5326A3EC7B70BD014DFB6, 3B07243970CAB4E93A858BEA6E31F56AD0157C42D624F3FEB469E68EEEF65669 ] Beep C:\Windows\system32\drivers\Beep.sys14:54:40.0043 0x12ac Beep - ok14:54:40.0102 0x12ac [ C789AF0F724FDA5852FB9A7D3A432381, 4B0F7A3A8F2D45E49630D24F2630B8014BCDB793B9C6E83FD2B2863A54F62BF5 ] BFE C:\Windows\System32\bfe.dll14:54:40.0170 0x12ac BFE - ok14:54:40.0247 0x12ac [ 93952506C6D67330367F7E7934B6A02F, 1D9A6B10B9489C1A32F730E22CC399BFF0796E3FCB3BA52BE45ED487CAC59EBD ] BITS C:\Windows\System32\qmgr.dll14:54:40.0327 0x12ac BITS - ok14:54:40.0342 0x12ac [ D4DF28447741FD3D953526E33A617397, E7239BA432090F8AC7DF453DB876507CD4419ECA964D289408A1B2B353618693 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys14:54:40.0367 0x12ac blbdrive - ok14:54:40.0399 0x12ac [ 35F376253F687BDE63976CCB3F2108CA, C5EF6301D7BC067050038DB75D961681D1CBE418285AD60167C1334B0B54DFE9 ] bowser C:\Windows\system32\DRIVERS\bowser.sys14:54:40.0417 0x12ac bowser - ok14:54:40.0440 0x12ac [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys14:54:40.0465 0x12ac BrFiltLo - ok14:54:40.0479 0x12ac [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys14:54:40.0504 0x12ac BrFiltUp - ok14:54:40.0530 0x12ac [ A3629A0C4226F9E9C72FAAEEBC3AD33C, FB4D2738B64AADA52B95A6CF7ED4CDBFE4DD4BEBCAF1AE9CE64317F97DB38DDF ] Browser C:\Windows\System32\browser.dll14:54:40.0553 0x12ac Browser - ok14:54:40.0697 0x12ac [ B304E75CFF293029EDDF094246747113, CB6B219B186C3511A0DE3CDE7F7B8966A9E32D808A952CA8C5B42B3A3A17BFB0 ] Brserid C:\Windows\system32\drivers\brserid.sys14:54:40.0764 0x12ac Brserid - ok14:54:40.0789 0x12ac [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys14:54:40.0833 0x12ac BrSerWdm - ok14:54:40.0842 0x12ac [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys14:54:40.0913 0x12ac BrUsbMdm - ok14:54:40.0925 0x12ac [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys14:54:40.0963 0x12ac BrUsbSer - ok14:54:40.0972 0x12ac [ AD07C1EC6665B8B35741AB91200C6B68, DCE1305A30D6713222A01C1F1D03ED0ADABE23C742CE1E82BB142531B82A3FF7 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys14:54:41.0015 0x12ac BTHMODEM - ok14:54:41.0079 0x12ac [ 9026258E6FD965982CBB090569AD7042, A9D0BC5273D165B6320602EF03CAA8A88ED20D07C2F3395E7EB401027B69234F ] BTOWSFF C:\Windows\system32\Drivers\BTOWSFF.sys14:54:41.0103 0x12ac BTOWSFF - ok14:54:41.0158 0x12ac [ E12F2E9E0CF646FEBCB948EDDF76CAB4, D865B4642777DB97000BB11FEA34E871917D749E04CCFD62DC61F980246E99F2 ] BTOWSVF C:\Windows\system32\Drivers\BTOWSVF.sys14:54:41.0166 0x12ac BTOWSVF - ok14:54:41.0229 0x12ac catchme - ok14:54:41.0246 0x12ac [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys14:54:41.0272 0x12ac cdfs - ok14:54:41.0307 0x12ac [ 6B4BFFB9BECD728097024276430DB314, 4451EFEAD37B05C8A3CB610B6D72E73B55D3D1E1CC1B17405598C1EDAA93C2D5 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys14:54:41.0327 0x12ac cdrom - ok14:54:41.0378 0x12ac [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] CertPropSvc C:\Windows\System32\certprop.dll14:54:41.0419 0x12ac CertPropSvc - ok14:54:41.0436 0x12ac [ E5D4133F37219DBCFE102BC61072589D, 74C7F8C53D9C71CE3C8B33BC0331948571318402B0A8E1AC4552360504092A46 ] circlass C:\Windows\system32\drivers\circlass.sys14:54:41.0463 0x12ac circlass - ok14:54:41.0510 0x12ac [ D7659D3B5B92C31E84E53C1431F35132, 6BFE644AD9890A8CEEDCC4B97ADD564AD57202FBC5D21599469E0C4B31BB27C6 ] CLFS C:\Windows\system32\CLFS.sys14:54:41.0538 0x12ac CLFS - ok14:54:41.0612 0x12ac [ 8EE772032E2FE80A924F3B8DD5082194, B743DF91563A22CC15D9B44105804B5866A29D3DFC156DBE88DFAFEF903B94C0 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe14:54:41.0622 0x12ac clr_optimization_v2.0.50727_32 - ok14:54:41.0649 0x12ac [ 0CA25E686A4928484E9FDABD168AB629, C2CB2333CAB40CDF93219870E66700F957188C86A1B1A004BC4652953091E5C5 ] cmdide C:\Windows\system32\drivers\cmdide.sys14:54:41.0657 0x12ac cmdide - ok14:54:41.0686 0x12ac [ 6AFEF0B60FA25DE07C0968983EE4F60A, E4037EF9EDE57A1039AB814EBCE9A8B12C9A084E7FAC6296212ACF2394DD37B6 ] Compbatt C:\Windows\system32\drivers\compbatt.sys14:54:41.0694 0x12ac Compbatt - ok14:54:41.0700 0x12ac COMSysApp - ok14:54:41.0711 0x12ac [ 741E9DFF4F42D2D8477D0FC1DC0DF871, 06EA43D771E3455F943AB624CC00C2259FE5E561164908630755E933EF44A522 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys14:54:41.0720 0x12ac crcdisk - ok14:54:41.0742 0x12ac [ 1F07BECDCA750766A96CDA811BA86410, F4E36F0003184BCB36D59B23AC903421AD8C0A1FD2D6315E06375235ABC9A0AD ] Crusoe C:\Windows\system32\drivers\crusoe.sys14:54:41.0769 0x12ac Crusoe - ok14:54:41.0818 0x12ac [ FB27772BEAF8E1D28CCD825C09DA939B, D074A314FB3E6B2248F2DB0A734B98A110F618804449E055B4178BF414826982 ] CryptSvc C:\Windows\system32\cryptsvc.dll14:54:41.0842 0x12ac CryptSvc - ok14:54:41.0899 0x12ac [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] DcomLaunch C:\Windows\system32\rpcss.dll14:54:41.0963 0x12ac DcomLaunch - ok14:54:42.0005 0x12ac [ 622C41A07CA7E6DD91770F50D532CB6C, 2A9040949CB45F9970FDE930278F30D2F08E957290CB3D4DC4F2CA94F3D444D2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys14:54:42.0021 0x12ac DfsC - ok14:54:42.0160 0x12ac [ 2CC3DCFB533A1035B13DCAB6160AB38B, C88C91F662ADE248EEE3B568E70C2BC2D5075B7D9B7D3C63E83D011C5F7812B0 ] DFSR C:\Windows\system32\DFSR.exe14:54:42.0308 0x12ac DFSR - ok14:54:42.0390 0x12ac [ 9028559C132146FB75EB7ACF384B086A, 35159D86706441ED94895B4629411B4445FCB4526AFD1F7036EE647931B7A94D ] Dhcp C:\Windows\System32\dhcpcsvc.dll14:54:42.0441 0x12ac Dhcp - ok14:54:42.0469 0x12ac [ 5D4AEFC3386920236A548271F8F1AF6A, 11B74D6800EC6F7AAEFB0B6A9F2E8376C7C3B8DB677F03AC3743CB004CA96B08 ] disk C:\Windows\system32\drivers\disk.sys14:54:42.0478 0x12ac disk - ok14:54:42.0544 0x12ac [ 57D762F6F5974AF0DA2BE88A3349BAAA, D9E7DC8F9FB7837F88BBB95B52147AA80E688FB9762EEA99B8046D9C6AD48F3C ] Dnscache C:\Windows\System32\dnsrslvr.dll14:54:42.0571 0x12ac Dnscache - ok14:54:42.0617 0x12ac [ 324FD74686B1EF5E7C19A8AF49E748F6, DC6EB4304555B60DD17E04D20DFE4E279718E4041A9310DE29E678834BB22C5B ] dot3svc C:\Windows\System32\dot3svc.dll14:54:42.0639 0x12ac dot3svc - ok14:54:42.0678 0x12ac [ A622E888F8AA2F6B49E9BC466F0E5DEF, 3DED7F22A29AD2F8C927DFA0FD87FDE5ED0BDCAC7260BD9F71D8EA34328C772A ] DPS C:\Windows\system32\dps.dll14:54:42.0703 0x12ac DPS - ok14:54:42.0754 0x12ac [ 97FEF831AB90BEE128C9AF390E243F80, A7F4118603E2D5DDDB117EF7C058684EA5B37690EFAB2BEBA570EEF9C36281BE ] drmkaud C:\Windows\system32\drivers\drmkaud.sys14:54:42.0769 0x12ac drmkaud - ok14:54:42.0873 0x12ac [ FB85F7F69E9B109820409243F578CC4D, FBE0426E51B83DD973EC08ABA4E69E99F54B1C44995E0FD42B68A07549D52D7F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys14:54:42.0928 0x12ac DXGKrnl - ok14:54:42.0949 0x12ac [ 5425F74AC0C1DBD96A1E04F17D63F94C, AD133CEDCDEA75420C75A91BB4CF7152475D46ED7B7703E3BAE5F9946D610292 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys14:54:42.0985 0x12ac E1G60 - ok14:54:43.0003 0x12ac [ C0B95E40D85CD807D614E264248A45B9, 30421DAF1722A225222268CB8BA4FE60CB76C6FD0C9157B0F53FC1368F806A4E ] EapHost C:\Windows\System32\eapsvc.dll14:54:43.0021 0x12ac EapHost - ok14:54:43.0073 0x12ac [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371, F3E9CF5D8E9124CB06F08454C5F0E510DE19A92780151FB2F8A58A0905D59B8F ] Ecache C:\Windows\system32\drivers\ecache.sys14:54:43.0096 0x12ac Ecache - ok14:54:43.0153 0x12ac [ 9BE3744D295A7701EB425332014F0797, 1A139EE9232581E466591C5EBEF41E4BF1F82D99C1959F1C68C879B240E9F46D ] ehRecvr C:\Windows\ehome\ehRecvr.exe14:54:43.0173 0x12ac ehRecvr - ok14:54:43.0183 0x12ac [ AD1870C8E5D6DD340C829E6074BF3C3F, 064D07106A1BBE80294F1913354832F2B67D22274BB4D36C81D2D83C96FE0B88 ] ehSched C:\Windows\ehome\ehsched.exe14:54:43.0198 0x12ac ehSched - ok14:54:43.0226 0x12ac [ C27C4EE8926E74AA72EFCAB24C5242C3, F1EBF78CCE9BA76AFD0478BC66B67CA44DEAF3C380369BFCE91BD8F678C8608A ] ehstart C:\Windows\ehome\ehstart.dll14:54:43.0237 0x12ac ehstart - ok14:54:43.0267 0x12ac [ 23B62471681A124889978F6295B3F4C6, A90C521F06125B86A26EA625B0E7F811AF7D328E1313165E7AD4A83596A23819 ] elxstor C:\Windows\system32\drivers\elxstor.sys14:54:43.0289 0x12ac elxstor - ok14:54:43.0355 0x12ac [ 4E6B23DFC917EA39306B529B773950F4, C4BA77632B4BD46C4C1797F7F57399DB506D3EB6E5A0A36C269A793DAA3445C2 ] EMDMgmt C:\Windows\system32\emdmgmt.dll14:54:43.0428 0x12ac EMDMgmt - ok14:54:43.0476 0x12ac [ 3DB974F3935483555D7148663F726C61, C288CFC04213B0340ABEC752C0A7B308B29122B5F51E68387BA1D9E9D7166FDD ] ErrDev C:\Windows\system32\drivers\errdev.sys14:54:43.0501 0x12ac ErrDev - ok14:54:43.0552 0x12ac [ 67058C46504BC12D821F38CF99B7B28F, E8D19F305F78BCA1DA8425315F2C77A377CD51E3CC54323DC2FF355120EA097D ] EventSystem C:\Windows\system32\es.dll14:54:43.0578 0x12ac EventSystem - ok14:54:43.0682 0x12ac [ 22B408651F9123527BCEE54B4F6C5CAE, 31AF9649333A9496A9224001266D1B68CE2A31B9FB182A755D127FC5492AA6B2 ] exfat C:\Windows\system32\drivers\exfat.sys14:54:43.0698 0x12ac exfat - ok14:54:43.0726 0x12ac [ 1E9B9A70D332103C52995E957DC09EF8, 7E709D545D4025A2E9F3489CF2A231040904CB53E3E4EEAC15A22468FAB2A5B3 ] fastfat C:\Windows\system32\drivers\fastfat.sys14:54:43.0750 0x12ac fastfat - ok14:54:43.0784 0x12ac [ AFE1E8B9782A0DD7FB46BBD88E43F89A, B4CBE1DC3430F2F3485F49007C71293D5B86E9C405741EA00A67B00A38BE1F8D ] fdc C:\Windows\system32\DRIVERS\fdc.sys14:54:43.0810 0x12ac fdc - ok14:54:43.0864 0x12ac [ 6629B5F0E98151F4AFDD87567EA32BA3, 8CC02D5E0639CDF74B2F85DB56D6199E1858F1A58465ED1D8B25C968E986132C ] fdPHost C:\Windows\system32\fdPHost.dll14:54:43.0892 0x12ac fdPHost - ok14:54:43.0911 0x12ac [ 89ED56DCE8E47AF40892778A5BD31FD2, 924360875796C3DDDDA8097FDF53F6846B227F7413766F00AEDD981EFD691BF9 ] FDResPub C:\Windows\system32\fdrespub.dll14:54:43.0960 0x12ac FDResPub - ok14:54:43.0997 0x12ac [ A8C0139A884861E3AAE9CFE73B208A9F, 3B021D148A2989AAA46AE58E5FED8A2DCA25E9212C2FA7F922880EF5A077E49B ] FileInfo C:\Windows\system32\drivers\fileinfo.sys14:54:44.0007 0x12ac FileInfo - ok14:54:44.0041 0x12ac [ 0AE429A696AECBC5970E3CF2C62635AE, 1ECC315C099D17835788B68F0DE00EC98DC5AEE8F329D739E0DB90A898F22244 ] Filetrace C:\Windows\system32\drivers\filetrace.sys14:54:44.0072 0x12ac Filetrace - ok14:54:44.0110 0x12ac [ 85B7CF99D532820495D68D747FDA9EBD, 682D35D219D1AFBE51CF0AB03F2D3E15C940F5AF291C1A611A19F4D279143F3C ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys14:54:44.0138 0x12ac flpydisk - ok14:54:44.0217 0x12ac [ 01334F9EA68E6877C4EF05D3EA8ABB05, 82F8AA6AD2B5077898773D4A5814819EAF0E872FFD95894E06FEDAB6EE92CF99 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys14:54:44.0230 0x12ac FltMgr - ok14:54:44.0326 0x12ac [ C7FBDD1ED42F82BFA35167A5C9803EA3, 372FF71070D5ECE17342466A690737A0622E93C98DBED8172C49B0854F0012B7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe14:54:44.0334 0x12ac FontCache3.0.0.0 - ok14:54:44.0360 0x12ac [ 65EA8B77B5851854F0C55C43FA51A198, 150BE6C195094DBEAC4FD73CC1C31FF59B77A73944574E244D280EE2DE69DC2F ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys14:54:44.0376 0x12ac Fs_Rec - ok14:54:44.0429 0x12ac [ 34582A6E6573D54A07ECE5FE24A126B5, 5F45DC38F8015AD90616EAD3B57820CCD284938A96B2C4E1FF5FC7BDEE8A848D ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys14:54:44.0437 0x12ac gagp30kx - ok14:54:44.0573 0x12ac [ 44D07E5A444692E9B6A5CDD7401B4402, 1D8EAA49750CFFB89B758D65813E0608C8973D8509BC4E05A8BA74B24737DEFF ] GameConsoleService C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe14:54:44.0585 0x12ac GameConsoleService - ok14:54:44.0637 0x12ac [ CD5D0AEEE35DFD4E986A5AA1500A6E66, DCED5126837292593F1C1B35DF18E3B631D6C0C6D0742B77C7B7742C55A7825F ] gpsvc C:\Windows\System32\gpsvc.dll14:54:44.0698 0x12ac gpsvc - ok14:54:44.0772 0x12ac [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe14:54:44.0782 0x12ac gupdate - ok14:54:44.0796 0x12ac [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe14:54:44.0804 0x12ac gupdatem - ok14:54:44.0981 0x12ac [ 062452B7FFD68C8C042A6261FE8DFF4A, DD9873502456D3C058C6177AC223B28C71370E624FA0814C17EA3D93201F2B56 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys14:54:45.0036 0x12ac HDAudBus - ok14:54:45.0061 0x12ac [ 1338520E78D90154ED6BE8F84DE5FCEB, 8531F1C5856983EBDA4C2B70162645ECE72FFFBA9FE7A28BCEDDF2169B7ECF9D ] HidBth C:\Windows\system32\drivers\hidbth.sys14:54:45.0138 0x12ac HidBth - ok14:54:45.0168 0x12ac [ FF3160C3A2445128C5A6D9B076DA519E, DC1A70C80CD55F33B3AD5A21E86AF7C3086D8CC2DC6148C058E74A871E0BAD4A ] HidIr C:\Windows\system32\drivers\hidir.sys14:54:45.0212 0x12ac HidIr - ok14:54:45.0245 0x12ac [ 84067081F3318162797385E11A8F0582, 11E32E3800CFCA37354388243F88D0239D622891BAC5483518A2BE5D1CA19015 ] hidserv C:\Windows\System32\hidserv.dll14:54:45.0258 0x12ac hidserv - ok14:54:45.0275 0x12ac [ 3C64042B95E583B366BA4E5D2450235E, B431F9692D66188AFEE372F312581178B14F49D763F8D1100D264623A239002A ] HidUsb C:\Windows\system32\drivers\hidusb.sys14:54:45.0319 0x12ac HidUsb - ok14:54:45.0361 0x12ac [ D8AD255B37DA92434C26E4876DB7D418, C901EADDD93FC90C8F29F4B6DE808F8E4F486C877FC0AA27DA4ACDE17E28899D ] hkmsvc C:\Windows\system32\kmsvc.dll14:54:45.0391 0x12ac hkmsvc - ok14:54:45.0483 0x12ac [ 0D26C438E2938A3E6BDD91173BC96FF0, 69FAB9328BC9B49F0A1A3758FDEC31E71C5ED0948D3F5D76992A2E15C2B96511 ] HP Health Check Service c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe14:54:45.0496 0x12ac HP Health Check Service - detected UnsignedFile.Multi.Generic ( 1 )14:54:45.0623 0x12ac HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning14:54:45.0650 0x12ac [ 16EE7B23A009E00D835CDB79574A91A6, 964AFE7D2F7E48C7DE7FDAB48F57ADC4AD44A0B2A9A03071E0E8D334007E5572 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys14:54:45.0656 0x12ac HpCISSs - ok14:54:45.0717 0x12ac [ 88749FBF8BEB18C90E7D6626C8C1910B, 8CCCCF75EE8D7C8F052DE48DCE7099BFA9D29E9D94E9EEB8C84F0EEE73CC2EDD ] HSF_DP C:\Windows\system32\DRIVERS\HSX_DP.sys14:54:45.0783 0x12ac HSF_DP - ok14:54:45.0851 0x12ac [ FE440536BD98AF772130DC3A6FE1915F, F890A4336E6BC11A5D0A7D49CFD0626FFC2131E81260AE3E2501BCD29434C131 ] HSXHWBS2 C:\Windows\system32\DRIVERS\HSXHWBS2.sys14:54:45.0871 0x12ac HSXHWBS2 - ok14:54:45.0931 0x12ac [ F870AA3E254628EBEAFE754108D664DE, B0444E7D246AA1982094030ACB991690F6A7DD3FB07B1BB6A1BC0F3AA9718A70 ] HTTP C:\Windows\system32\drivers\HTTP.sys14:54:45.0953 0x12ac HTTP - ok14:54:45.0985 0x12ac [ C6B032D69650985468160FC9937CF5B4, 4D5A944C70037F35A9DBA4F49F174455FA80ED7EAEDAA143F0A2C0E05AE585D8 ] i2omp C:\Windows\system32\drivers\i2omp.sys14:54:45.0992 0x12ac i2omp - ok14:54:46.0021 0x12ac [ 22D56C8184586B7A1F6FA60BE5F5A2BD, D96A2962848C1F59B143BFEC22EC48BD1C5A75D0EBCFD7FB965E66B85FF7D8CA ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys14:54:46.0038 0x12ac i8042prt - ok14:54:46.0088 0x12ac [ 54155EA1B0DF185878E0FC9EC3AC3A14, 344A0793499261D2E4FF2FCCC70501329485F8E299EBC68953D07BA86F0D4729 ] iaStorV C:\Windows\system32\drivers\iastorv.sys14:54:46.0102 0x12ac iaStorV - ok14:54:46.0176 0x12ac [ 98477B08E61945F974ED9FDC4CB6BDAB, C7E8F661F6FBF6AB493E950D2E70363496E155B1838CE7B490B981BD840B04FC ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe14:54:46.0261 0x12ac idsvc - ok14:54:46.0296 0x12ac [ 2D077BF86E843F901D8DB709C95B49A5, 78FF558A881F307858F5C7C74A748B8B2562AF3CAC7EA8639945609001D790CE ] iirsp C:\Windows\system32\drivers\iirsp.sys14:54:46.0304 0x12ac iirsp - ok14:54:46.0363 0x12ac [ 9908D8A397B76CD8D31D0D383C5773C9, FFA6996BE9F11A81CB63C849C2400EB44A07706D1EEB7A3502D4110DAC3684A2 ] IKEEXT C:\Windows\System32\ikeext.dll14:54:46.0418 0x12ac IKEEXT - ok14:54:46.0578 0x12ac [ EDC37B918E583A5A813C53D4F5588255, 169DF53DB9B06914A84B3706662DBFCDCC58FCCF64A6DA5ED2BBE9C2DAE37C5B ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys14:54:46.0656 0x12ac IntcAzAudAddService - ok14:54:46.0700 0x12ac [ 83AA759F3189E6370C30DE5DC5590718, 7406FE41EA8FB80052517318CB72E2641E92E579FAFAF5E8DDDFF0BF8DAE773A ] intelide C:\Windows\system32\drivers\intelide.sys14:54:46.0707 0x12ac intelide - ok14:54:46.0762 0x12ac [ 224191001E78C89DFA78924C3EA595FF, E4EC9CAAEEEAEB30E13F4A8023AF687F29514667380DDFD638BBFFF1D5FC2563 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys14:54:46.0784 0x12ac intelppm - ok14:54:46.0807 0x12ac [ 9AC218C6E6105477484C6FDBE7D409A4, FF30D09CD2A0F5BBEC309E953370F194B6F26BF4227E627B594AAA48B0F5D3C2 ] IPBusEnum C:\Windows\system32\ipbusenum.dll14:54:46.0839 0x12ac IPBusEnum - ok14:54:46.0858 0x12ac [ 62C265C38769B864CB25B4BCF62DF6C3, CAF6BCE967104233E216464E4729B0275C3BD426D812F404AB0EE83A7F2063D8 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys14:54:46.0880 0x12ac IpFilterDriver - ok14:54:46.0910 0x12ac [ 1998BD97F950680BB55F55A7244679C2, A4E8BB4C6B2AF4800BD5E0BA8725FD0927F8FB6751AEBF6DD16B59C414CCB9D8 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll14:54:46.0926 0x12ac iphlpsvc - ok14:54:46.0932 0x12ac IpInIp - ok14:54:46.0977 0x12ac [ B25AAF203552B7B3491139D582B39AD1, EA9C38F512F40FF12975A6719E6FE4D7EA93A4B2497103E0FDA5A4CD6033C0A6 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys14:54:47.0019 0x12ac IPMIDRV - ok14:54:47.0046 0x12ac [ 8793643A67B42CEC66490B2A0CF92D68, 8B1ED1314E4C6623824DD6B9C15A0F7F996F4D243BF0B305421251BE40850907 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys14:54:47.0069 0x12ac IPNAT - ok14:54:47.0098 0x12ac [ 109C0DFB82C3632FBD11949B73AEEAC9, 73B01426100256B7110DF0B74483AF1B62FC209612EEC29A7BF6DC31A7FBEFB6 ] IRENUM C:\Windows\system32\drivers\irenum.sys14:54:47.0119 0x12ac IRENUM - ok14:54:47.0163 0x12ac [ 6C70698A3E5C4376C6AB5C7C17FB0614, 10FBCBA5A74AF5D136B152FD4D3DFA2A1F2CEBC3F979D5BA6DB98B3DCB2F7A07 ] isapnp C:\Windows\system32\drivers\isapnp.sys14:54:47.0171 0x12ac isapnp - ok14:54:47.0267 0x12ac [ 232FA340531D940AAC623B121A595034, 90C93F04D8A0094EEBD118F10223605B8169DA5F24C466F503CED5C014BD17B1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys14:54:47.0279 0x12ac iScsiPrt - ok14:54:47.0297 0x12ac [ BCED60D16156E428F8DF8CF27B0DF150, 4934E9AB8A8A548548F0C63517F2BF4DE84B05E5C9C7C2AA6C1517B8F9C340D4 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys14:54:47.0305 0x12ac iteatapi - ok14:54:47.0351 0x12ac [ 06FA654504A498C30ADCA8BEC4E87E7E, 651BC35A0A3D504573BBAB40DE81929BB18C9FC0CD7944FEAE0E99CD7658EA88 ] iteraid C:\Windows\system32\drivers\iteraid.sys14:54:47.0358 0x12ac iteraid - ok14:54:47.0397 0x12ac [ 37605E0A8CF00CBBA538E753E4344C6E, B9A9FFDCE45B0830E277CF322C28ACB49372C16144B0F676B283BE5DAE9A7F30 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys14:54:47.0405 0x12ac kbdclass - ok14:54:47.0443 0x12ac [ 18247836959BA67E3511B62846B9C2E0, 9623FF990A1C11A707C358CC9FDD4306C2992A8C766A50DAFC9534A283AA011D ] kbdhid C:\Windows\system32\drivers\kbdhid.sys14:54:47.0468 0x12ac kbdhid - ok14:54:47.0505 0x12ac [ 3978F3540329E16C0AC3BCF677E5669F, 2CC9F1C9D9E33F8A0DA72490D74BED9E746FB142EDF78DE2F2A33A34B76D9868 ] KeyIso C:\Windows\system32\lsass.exe14:54:47.0516 0x12ac KeyIso - ok14:54:47.0582 0x12ac [ B630D5631B8BEB259DEA049EBC4FC57B, BBC005A49CE9B46EE4591D139863A83DB6C35BB6D294E30BFF1E444C5FFAFEE8 ] KSafeDISK C:\Windows\system32\Drivers\KSafeDISK.sys14:54:47.0591 0x12ac KSafeDISK - ok14:54:47.0708 0x12ac [ 86165728AF9BF72D6442A894FDFB4F8B, 97A95C1856C761C93F43B177995749E45FA066C7FF6E93E6C3F34C1593ED2FB7 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys14:54:47.0738 0x12ac KSecDD - ok14:54:47.0778 0x12ac [ 8078F8F8F7A79E2E6B494523A828C585, BB399993166853F0C01B7508649ECD7E7473238267BA8333D0441128FE656347 ] KtmRm C:\Windows\system32\msdtckrm.dll14:54:47.0833 0x12ac KtmRm - ok14:54:47.0857 0x12ac [ 1BF5EEBFD518DD7298434D8C862F825D, F41C79410345C40B346EB5EDEA397ECD29ECB9B921AC3E19F9453E52A7B9288A ] LanmanServer C:\Windows\System32\srvsvc.dll14:54:47.0881 0x12ac LanmanServer - ok14:54:47.0924 0x12ac [ 1DB69705B695B987082C8BAEC0C6B34F, D395B272F6B69D4A9FC3CDEFD812EF0DBFECF3C1B1C787C7CC1E1A1B091B8DB3 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll14:54:47.0945 0x12ac LanmanWorkstation - ok14:54:48.0043 0x12ac [ 9039717A906DA0AE38420918801D9AB3, 5CB3954061393821E062EFF454B5992E570FE8970A8C1C6C84B7B0B0D7D83EC4 ] LightScribeService c:\Program Files\Common Files\LightScribe\LSSrvc.exe14:54:48.0053 0x12ac LightScribeService - ok14:54:48.0106 0x12ac [ D1C5883087A0C3F1344D9D55A44901F6, 608D67357AFDDD538D2C12C93EB0793ECA4EB3AF2BAB779E881C41F50E4AB911 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys14:54:48.0168 0x12ac lltdio - ok14:54:48.0225 0x12ac [ 2D5A428872F1442631D0959A34ABFF63, E532C6ECFFB936EFF744CA57BDC6394C89E797B6B0822D04F1F3F35D9BDDD4F0 ] lltdsvc C:\Windows\System32\lltdsvc.dll14:54:48.0274 0x12ac lltdsvc - ok14:54:48.0299 0x12ac [ 35D40113E4A5B961B6CE5C5857702518, 453097AEF46ED48107395D9A1696AAC259FD6CEA8A655D38C5E246FDDAB81664 ] lmhosts C:\Windows\System32\lmhsvc.dll14:54:48.0354 0x12ac lmhosts - ok14:54:48.0377 0x12ac [ C7E15E82879BF3235B559563D4185365, 98C9268ADF6BAEB0522BB84BE6C98D0D6D5EB4BD27BB61412D208232164C8435 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys14:54:48.0389 0x12ac LSI_FC - ok14:54:48.0437 0x12ac [ EE01EBAE8C9BF0FA072E0FF68718920A, 655924440E611278998226299645BC72B3627A8A057286DC8D65A162CFBBE484 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys14:54:48.0469 0x12ac LSI_SAS - ok14:54:48.0494 0x12ac [ 912A04696E9CA30146A62AFA1463DD5C, 1D336D47B9D1C8449F29CDB776C092235E3D70CE53D9440970533E376EB004D3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys14:54:48.0506 0x12ac LSI_SCSI - ok14:54:48.0531 0x12ac [ 8F5C7426567798E62A3B3614965D62CC, 659810257D942C5F4168E1247868CDA990F2324AC9ACAA9A6211F64B7AC9EC6E ] luafv C:\Windows\system32\drivers\luafv.sys14:54:48.0577 0x12ac luafv - ok14:54:48.0609 0x12ac [ 4470E3C1E0C3378E4CAB137893C12C3A, CA8E66356F0E671D5454E561E7EAD74DE25DCF53BE452369F96ECACFA8709489 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys14:54:48.0620 0x12ac MBAMProtector - ok14:54:48.0718 0x12ac [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe14:54:48.0745 0x12ac MBAMScheduler - ok14:54:48.0792 0x12ac [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe14:54:48.0830 0x12ac MBAMService - ok14:54:48.0848 0x12ac [ AEF9BABB8A506BC4CE0451A64AADED46, D5608A703EA7E97F11ED4D029B4B820440B0C9317DB7D7DC0152253CD723DC07 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll14:54:48.0864 0x12ac Mcx2Svc - ok14:54:48.0956 0x12ac [ 0CEA2D0D3FA284B85ED5B68365114F76, E6FF0EC98FDC3F628438B613C356C237E68686E3B5B17A58A60C16F4B9A2B968 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys14:54:48.0992 0x12ac mdmxsdk - ok14:54:49.0021 0x12ac [ 0001CE609D66632FA17B84705F658879, D5F9758BDC2B733307B565A74B33F5581FB425A5A9F32CCFA307DA1569EBD6CD ] megasas C:\Windows\system32\drivers\megasas.sys14:54:49.0031 0x12ac megasas - ok14:54:49.0059 0x12ac [ C252F32CD9A49DBFC25ECF26EBD51A99, 47EC8F475AB62A00FAF989CD2C3ABDF2922588F75CC15C83CD99A62EF6400FB0 ] MegaSR C:\Windows\system32\drivers\megasr.sys14:54:49.0112 0x12ac MegaSR - ok14:54:49.0128 0x12ac MFE_RR - ok14:54:49.0150 0x12ac [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] MMCSS C:\Windows\system32\mmcss.dll14:54:49.0187 0x12ac MMCSS - ok14:54:49.0224 0x12ac [ E13B5EA0F51BA5B1512EC671393D09BA, 5B380D1B435D809CA201FD5ED075D42F3C6BA1A4EEDBC4040F7E3329F05A334A ] Modem C:\Windows\system32\drivers\modem.sys14:54:49.0253 0x12ac Modem - ok14:54:49.0322 0x12ac [ 0A9BB33B56E294F686ABB7C1E4E2D8A8, 1E8031D51E074FDFB53E98E26DABF313B901C028D01196BFD402EED5D0A89595 ] monitor C:\Windows\system32\DRIVERS\monitor.sys14:54:49.0365 0x12ac monitor - ok14:54:49.0414 0x12ac [ 5BF6A1326A335C5298477754A506D263, CC7F58E5955A448F6CE28D6D8EB98C7479E11F931B5C733CFE71A29B2E95923D ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys14:54:49.0424 0x12ac mouclass - ok14:54:49.0465 0x12ac [ 93B8D4869E12CFBE663915502900876F, 7464DE60FAAD8793D855F1F86C3C865B3A3EE41C19A3E926D1BE4426E67F5EC2 ] mouhid C:\Windows\system32\drivers\mouhid.sys14:54:49.0494 0x12ac mouhid - ok14:54:49.0525 0x12ac [ BDAFC88AA6B92F7842416EA6A48E1600, 2CA8A7BB260016D6B7953980A94C45A3C5D41F7DC7E73EEFB1C18EA144749503 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys14:54:49.0535 0x12ac MountMgr - ok14:54:49.0616 0x12ac [ E77DC03DD3C8E5A388BF9EED2A28F3D1, ED0DAA975D1EC35CE036F02596218E15CC6A054167628D12A0A5AD91B841F422 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys14:54:49.0652 0x12ac MpFilter - ok14:54:49.0739 0x12ac [ 511D011289755DD9F9A7579FB0B064E6, 1FD0D0D5B6E08FE06F7A5D0821BCD859B0F98A6DEA58AAB7FB6C95B64212FFC8 ] mpio C:\Windows\system32\drivers\mpio.sys14:54:49.0779 0x12ac mpio - ok14:54:49.0829 0x12ac [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E, 62055C0DCEB69873B8961AB17DBD002F44319A44CB05EC3A61421A0C6D4736CD ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys14:54:49.0872 0x12ac mpsdrv - ok14:54:49.0964 0x12ac [ 5DE62C6E9108F14F6794060A9BDECAEC, 655E6645CC4A1EDBE5F51F5F80C7B504DD956851E788A6E4E4E08CDCDCE160D9 ] MpsSvc C:\Windows\system32\mpssvc.dll14:54:50.0038 0x12ac MpsSvc - ok14:54:50.0064 0x12ac [ 4FBBB70D30FD20EC51F80061703B001E, 72907A0CA5CFF82F40C02A65CD8EFD51D7CFC33BE67DE572D1ACF4FD3B248F0A ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys14:54:50.0071 0x12ac Mraid35x - ok14:54:50.0110 0x12ac [ 82CEA0395524AACFEB58BA1448E8325C, 16E37990A291C848DE35F48EA7E09AE5B258AE589EB08A3FA2C60DC1278DE182 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys14:54:50.0122 0x12ac MRxDAV - ok14:54:50.0157 0x12ac [ 1E94971C4B446AB2290DEB71D01CF0C2, 4701AA1B419AEF735CB2DA34532B0F1844433272C36D79F4EB55807E39B923D1 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys14:54:50.0169 0x12ac mrxsmb - ok14:54:50.0237 0x12ac [ 4FCCB34D793B116423209C0F8B7A3B03, 7A483AEB691ADBE82779F12F0BB1CCCBFFD7E92902EC1ADC99AB7D129F887143 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys14:54:50.0278 0x12ac mrxsmb10 - ok14:54:50.0294 0x12ac [ C3CB1B40AD4A0124D617A1199B0B9D7C, B975A39DE6D324C6274B6E3B883F36082A958F028335CEB3A37F44481EB284B3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys14:54:50.0306 0x12ac mrxsmb20 - ok14:54:50.0321 0x12ac [ 28023E86F17001F7CD9B15A5BC9AE07D, FC7EAA592C5F796E3BCD7F7EF261709CD899B33FC8486E594A480F143D0D6320 ] msahci C:\Windows\system32\drivers\msahci.sys14:54:50.0329 0x12ac msahci - ok14:54:50.0344 0x12ac [ 4468B0F385A86ECDDAF8D3CA662EC0E7, EAEDC9CDD2EEC5000AF8190A4BE7729282576C3F88E64FDF57F455F5CECC81C9 ] msdsm C:\Windows\system32\drivers\msdsm.sys14:54:50.0353 0x12ac msdsm - ok14:54:50.0369 0x12ac [ FD7520CC3A80C5FC8C48852BB24C6DED, C3F3D7A07FAB9AF38A2A00BF0DF6EEE18CA8FE26277BEC9D8ADB793F2CD5EC1F ] MSDTC C:\Windows\System32\msdtc.exe14:54:50.0395 0x12ac MSDTC - ok14:54:50.0412 0x12ac [ A9927F4A46B816C92F461ACB90CF8515, 753284F726F9B4D3E7322C75532244CA43714F00717C2019391FB36DEE0738C0 ] Msfs C:\Windows\system32\drivers\Msfs.sys14:54:50.0433 0x12ac Msfs - ok14:54:50.0453 0x12ac [ 0F400E306F385C56317357D6DEA56F62, C48FA8193787359902D20D869F5F602CD66D3C5D061A58DDB72F51EED433C4BC ] msisadrv C:\Windows\system32\drivers\msisadrv.sys14:54:50.0460 0x12ac msisadrv - ok14:54:50.0481 0x12ac [ 85466C0757A23D9A9AECDC0755203CB2, 79141B8DF9D7470466872AF03A85C3D3976512BFDBDB8B92A22225DC8EFD70A6 ] MSiSCSI C:\Windows\system32\iscsiexe.dll14:54:50.0507 0x12ac MSiSCSI - ok14:54:50.0513 0x12ac msiserver - ok14:54:50.0527 0x12ac [ D8C63D34D9C9E56C059E24EC7185CC07, D0CBFB8D57E6D908679DC0488ED659CA35B92626DEA890873E165F051A1AD2AE ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys14:54:50.0550 0x12ac MSKSSRV - ok14:54:50.0594 0x12ac [ B0F49DA36F30922F5DDC3B623B778FCE, EE025AEFA4A2095AFEABFB3A49639DA77D78068A3F5EEDA6C15D34853AFD5609 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe14:54:50.0602 0x12ac MsMpSvc - ok14:54:50.0632 0x12ac [ 1D373C90D62DDB641D50E55B9E78D65E, 1D4897A96EA54D6FAC7916D69B4E88CAE1397C38CC8FAE08554772808476357B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys14:54:50.0656 0x12ac MSPCLOCK - ok14:54:50.0668 0x12ac [ B572DA05BF4E098D4BBA3A4734FB505B, B7923F204CEADD0F62C2FE4B7CF8C56DAB70F88093B15C5692D0E61490CF4BAA ] MSPQM C:\Windows\system32\drivers\MSPQM.sys14:54:50.0690 0x12ac MSPQM - ok14:54:50.0760 0x12ac [ B49456D70555DE905C311BCDA6EC6ADB, 8E40586B3A1FAE9996459E0261726C9DD6A8D5F575604868C45604613385C92F ] MsRPC C:\Windows\system32\drivers\MsRPC.sys14:54:50.0773 0x12ac MsRPC - ok14:54:50.0797 0x12ac [ E384487CB84BE41D09711C30CA79646C, 520391DEE14D4D6C1EA99C7D31DD95D56B44D54CA3CD8E5C9855E9C0A04F026C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys14:54:50.0806 0x12ac mssmbios - ok14:54:50.0823 0x12ac [ 7199C1EEC1E4993CAF96B8C0A26BD58A, DD02DF8ED7AF5BB88BD2A91F38CE4C52432CB8044BDCBC41C320CD22B10B8A3B ] MSTEE C:\Windows\system32\drivers\MSTEE.sys14:54:50.0864 0x12ac MSTEE - ok14:54:50.0886 0x12ac [ 6A57B5733D4CB702C8EA4542E836B96C, 080FB0B01E949D24CDD6876125B3A72DA9F88845D8B9A1A425BCA99E7ACF6821 ] Mup C:\Windows\system32\Drivers\mup.sys14:54:50.0894 0x12ac Mup - ok14:54:50.0941 0x12ac [ E4EAF0C5C1B41B5C83386CF212CA9584, 5946C3DCE65A0DB164169A1775DFCA544AF4E1895ADF6916BB1653F373F8D9AF ] napagent C:\Windows\system32\qagentRT.dll14:54:50.0982 0x12ac napagent - ok14:54:51.0061 0x12ac [ 85C44FDFF9CF7E72A40DCB7EC06A4416, DC37C99C458CA69B33BFD3894187089E947F4F9C01EC2ED024FA8614989E0956 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys14:54:51.0114 0x12ac NativeWifiP - ok14:54:51.0172 0x12ac [ 1357274D1883F68300AEADD15D7BBB42, EE6352CBF0D9D633816F338159CDA27F1A805C3DDC3402D8605B50D8F3CD3300 ] NDIS C:\Windows\system32\drivers\ndis.sys14:54:51.0225 0x12ac NDIS - ok14:54:51.0232 0x12ac [ 0E186E90404980569FB449BA7519AE61, DE41791D9D3074007D6DD1D3933E7A2A13E3789D0AD4F029105B58279622FC1B ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys14:54:51.0248 0x12ac NdisTapi - ok14:54:51.0294 0x12ac [ D6973AA34C4D5D76C0430B181C3CD389, 7C303F3D6BFF8B82E39998135B444837091AB1F9EB8F28D013E5EF45DB237EFC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys14:54:51.0315 0x12ac Ndisuio - ok14:54:51.0370 0x12ac [ 818F648618AE34F729FDB47EC68345C3, 5FC8F9237BD7FCE3C62D5BDDD49DC104BE2BECDC2FA8CDC1DB8F1891CBAA9140 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys14:54:51.0389 0x12ac NdisWan - ok14:54:51.0429 0x12ac [ 71DAB552B41936358F3B541AE5997FB3, 30A8B3E33CBF04FC047254E404C0321F9028F2640036AA8AC1EA0A5E64551684 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys14:54:51.0447 0x12ac NDProxy - ok14:54:51.0472 0x12ac [ BCD093A5A6777CF626434568DC7DBA78, 2A283DD93230361204EA0897864EAF0224CB8C02E025AE2E4237B07A598B3EBD ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys14:54:51.0494 0x12ac NetBIOS - ok14:54:51.0547 0x12ac [ ECD64230A59CBD93C85F1CD1CAB9F3F6, 83650D756C1F2768A2AAAFC7924F2A4316ABAEB1708F4B05803CDDD699B5AB6F ] netbt C:\Windows\system32\DRIVERS\netbt.sys14:54:51.0570 0x12ac netbt - ok14:54:51.0602 0x12ac [ 3978F3540329E16C0AC3BCF677E5669F, 2CC9F1C9D9E33F8A0DA72490D74BED9E746FB142EDF78DE2F2A33A34B76D9868 ] Netlogon C:\Windows\system32\lsass.exe14:54:51.0613 0x12ac Netlogon - ok14:54:51.0697 0x12ac [ C8052711DAECC48B982434C5116CA401, 417DEB86D157DD3F0B4678410FE27FDD3E8FA04AB03AF398F6C02BF207070B35 ] Netman C:\Windows\System32\netman.dll14:54:51.0728 0x12ac Netman - ok14:54:51.0786 0x12ac [ 2EF3BBE22E5A5ACD1428EE387A0D0172, 55DB91EDD0339D2434C06445F8A716A48EA90925B0FF7EBF45BB79D4B54B80BF ] netprofm C:\Windows\System32\netprofm.dll14:54:51.0839 0x12ac netprofm - ok14:54:51.0896 0x12ac [ 847B64E9069946556BCFCDCE638566D8, D8173151001EC27D3B98278C85BEC99271DA72D0F679600A070E634BD687BC61 ] netr73 C:\Windows\system32\DRIVERS\netr73.sys14:54:51.0961 0x12ac netr73 - ok14:54:52.0010 0x12ac [ D6C4E4A39A36029AC0813D476FBD0248, A0907D98580D1CD3007365CBBB53E84BEF39001E05912776F68EB0564B54B6EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe14:54:52.0021 0x12ac NetTcpPortSharing - ok14:54:52.0040 0x12ac [ 2E7FB731D4790A1BC6270ACCEFACB36E, EE9A00B694E8A3A5842CDC56C7BA1364317AC8134E046A0059661D057094B1A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys14:54:52.0049 0x12ac nfrd960 - ok14:54:52.0077 0x12ac [ 32FF06EC6D946EF791D98D6C838A3090, 319BDD491CB22D0CCCCE76A2854CF469D7AF046289F9C56CD03AE3D3CBC0275E ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys14:54:52.0090 0x12ac NisDrv - ok14:54:52.0131 0x12ac [ 42D33042371BFB1A7D40834590CAFD30, 53DA3618EC10293B2DF686E291A4EF6ACBBD41D116EC762D54106D201A784E87 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe14:54:52.0151 0x12ac NisSrv - ok14:54:52.0211 0x12ac [ 2997B15415F9BBE05B5A4C1C85E0C6A2, 5455536515FE740E18E090329FDCC40288724372AD18ACDB2CB4BB9D85CF681E ] NlaSvc C:\Windows\System32\nlasvc.dll14:54:52.0251 0x12ac NlaSvc - ok14:54:52.0302 0x12ac [ D36F239D7CCE1931598E8FB90A0DBC26, DF9397411D0CE5A87E3346D4E6E25BEC537A21BCE196CC55FD999CD08FC4A637 ] Npfs C:\Windows\system32\drivers\Npfs.sys14:54:52.0323 0x12ac Npfs - ok14:54:52.0375 0x12ac [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD, 15CA178518EB3D457AA4C109D97A8490821590842AE4E9841703B5A55870C8F6 ] nsi C:\Windows\system32\nsisvc.dll14:54:52.0405 0x12ac nsi - ok14:54:52.0434 0x12ac [ 609773E344A97410CE4EBF74A8914FCF, 90B9CBD2B62854DD503DE4A910CB987D402368EB99882FE20FFB6DEACD70F2BD ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys14:54:52.0463 0x12ac nsiproxy - ok14:54:52.0571 0x12ac [ 6A4A98CEE84CF9E99564510DDA4BAA47, 18C3D8C0F12761D3B7FC43D9413CF4C4CEBF8CA9BEC521381F40D241B35EA779 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys14:54:52.0624 0x12ac Ntfs - ok14:54:52.0660 0x12ac [ E875C093AEC0C978A90F30C9E0DFBB72, D3A480CD7EF374EFBC1BB831B33B81534774DDDBB0FB338BEE1D444949FD8DE7 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys14:54:52.0712 0x12ac ntrigdigi - ok14:54:52.0731 0x12ac [ C5DBBCDA07D780BDA9B685DF333BB41E, 3652893DFF05469A273C3073D8D0A9D6D6BBDEC7855FEA8EAB768F95BA674108 ] Null C:\Windows\system32\drivers\Null.sys14:54:52.0760 0x12ac Null - ok14:54:52.0875 0x12ac [ D668632606D1CEBF0B6EC64C1DF7ED6F, 3409D6D7318902CAAED5AEEEA4C293BA809017BCCADC538938942380C52B923F ] NVENETFD C:\Windows\system32\DRIVERS\nvmfdx32.sys14:54:52.0948 0x12ac NVENETFD - ok14:54:53.0392 0x12ac [ 1924B437D113E909ABB7F11623884D77, 3B129653433624371CAA6D6931E42FC97B4E9BF9206D66F108BD7286BD451941 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys14:54:53.0759 0x12ac nvlddmkm - ok14:54:53.0805 0x12ac [ 2EDF9E7751554B42CBB60116DE727101, 37A0AA78E83DBB5A788F7F067EB71DDF6CCC72A66BB41B209E1A5E2F68F8AF9B ] nvraid C:\Windows\system32\drivers\nvraid.sys14:54:53.0814 0x12ac nvraid - ok14:54:53.0838 0x12ac [ 6F5BB0B40D251351A913B61BA9D64B3F, 69004AA640F59FF44F3EEAD3A0F9BF50850B161675BA9B837299649F92FBC0F6 ] nvrd32 C:\Windows\system32\drivers\nvrd32.sys14:54:53.0849 0x12ac nvrd32 - ok14:54:53.0865 0x12ac [ C44EE36DD84FA95EB81D79C374756003, 1BBFA4A473CA0B19346EA458430377B1979BB533ECDAB2297D7E767DF9BD3682 ] nvsmu C:\Windows\system32\drivers\nvsmu.sys14:54:53.0887 0x12ac nvsmu - ok14:54:53.0907 0x12ac [ ABED0C09758D1D97DB0042DBB2688177, 84B9BF886EF9181915E8AB6D971446BC681E6DE4485DBECD62838EAFA10E7F46 ] nvstor C:\Windows\system32\drivers\nvstor.sys14:54:53.0915 0x12ac nvstor - ok14:54:53.0968 0x12ac [ 1A649B87A7B7C1220A2B16B121F2198E, A434863836F45707DB6AF1D46C642EB32753E6A1BC568E4F6FB12C265E664EB9 ] nvstor32 C:\Windows\system32\DRIVERS\nvstor32.sys14:54:53.0979 0x12ac nvstor32 - ok14:54:54.0019 0x12ac [ 18BBDF913916B71BD54575BDB6EEAC0B, 5FBA165149AB09E869DCE35622E91CFC964BDD22B31A5E76CF12F1565402B207 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys14:54:54.0033 0x12ac nv_agp - ok14:54:54.0039 0x12ac NwlnkFlt - ok14:54:54.0047 0x12ac NwlnkFwd - ok14:54:54.0088 0x12ac [ 6F310E890D46E246E0E261A63D9B36B4, 7050B0C43CC0DF2DDAD3EB8D2FF9EEE425A627C68654CBB154D55A4B1A47AA08 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys14:54:54.0108 0x12ac ohci1394 - ok14:54:54.0166 0x12ac [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2pimsvc C:\Windows\system32\p2psvc.dll14:54:54.0203 0x12ac p2pimsvc - ok14:54:54.0228 0x12ac [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2psvc C:\Windows\system32\p2psvc.dll14:54:54.0299 0x12ac p2psvc - ok14:54:54.0331 0x12ac [ 0FA9B5055484649D63C303FE404E5F4D, ABF357001A5E7B21621560E74FA538E2D899C5111A6AAC784B5B12D9D819C6CD ] Parport C:\Windows\system32\drivers\parport.sys14:54:54.0371 0x12ac Parport - ok14:54:54.0443 0x12ac [ 57389FA59A36D96B3EB09D0CB91E9CDC, 05A3E2B155789990517CCFDC57FC3D1E9A596E4F31D86350B8BF0C043DE5EE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys14:54:54.0452 0x12ac partmgr - ok14:54:54.0501 0x12ac [ 4F9A6A8A31413180D0FCB279AD5D8112, DCE48BC6E3447403521BB9FBF727E629DEE45B69B8AE8CFEE1A67FECAE3CB9D3 ] Parvdm C:\Windows\system32\drivers\parvdm.sys14:54:54.0538 0x12ac Parvdm - ok14:54:54.0582 0x12ac [ C6276AD11F4BB49B58AA1ED88537F14A, 409E956AF994640DF8D062E5E41F87A6EE7EEE0335C191B582722A49322357CE ] PcaSvc C:\Windows\System32\pcasvc.dll14:54:54.0615 0x12ac PcaSvc - ok14:54:54.0676 0x12ac [ 941DC1D19E7E8620F40BBC206981EFDB, 156142A8B587131D2D47074CBFD0A31F69B3C27A8C74C8C4F29DFE7B53BBA802 ] pci C:\Windows\system32\drivers\pci.sys14:54:54.0687 0x12ac pci - ok14:54:54.0732 0x12ac [ 1636D43F10416AEB483BC6001097B26C, 36E61A993693A46538FE0F726D67BB28886F61D53384AD600D1282296A27662E ] pciide C:\Windows\system32\drivers\pciide.sys14:54:54.0740 0x12ac pciide - ok14:54:54.0790 0x12ac [ E6F3FB1B86AA519E7698AD05E58B04E5, 2C4B45DDD3B980C9DAA6F039CAEFCD6E84A4D5BB43AFBA73C0C42B5556C1303C ] pcmcia C:\Windows\system32\drivers\pcmcia.sys14:54:54.0800 0x12ac pcmcia - ok14:54:54.0860 0x12ac [ 6349F6ED9C623B44B52EA3C63C831A92, 9EAA3ABD396870123107D6E1B758F56FDA378BD28B28DB8415AA470D24294F92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys14:54:54.0971 0x12ac PEAUTH - ok14:54:55.0096 0x12ac [ B1689DF169143F57053F795390C99DB3, 887B8C76B34CABC68067C0F27CC4EEF02457A53634C96FE5B0FE9B99453BDBEF ] pla C:\Windows\system32\pla.dll14:54:55.0218 0x12ac pla - ok14:54:55.0256 0x12ac [ C5E7F8A996EC0A82D508FD9064A5569E, 416A93816CDF12DD42DEA796D37E6E2000D3172AAAB20D3EAD3B715DACD4B61F ] PlugPlay C:\Windows\system32\umpnpmgr.dll14:54:55.0290 0x12ac PlugPlay - ok14:54:55.0392 0x12ac [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll14:54:55.0422 0x12ac PNRPAutoReg - ok14:54:55.0445 0x12ac [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPsvc C:\Windows\system32\p2psvc.dll14:54:55.0539 0x12ac PNRPsvc - ok14:54:55.0593 0x12ac [ D0494460421A03CD5225CCA0059AA146, FC30E90522C63F2A66D89381705712D2CDF07B2E029DF40C2DEBB2353E763E90 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll14:54:55.0624 0x12ac PolicyAgent - ok14:54:55.0672 0x12ac [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1, 6E4B188A4BFDBBCA51347BCCE2873F2D0F858398851B9B5129CB9F36A02E4354 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys14:54:55.0694 0x12ac PptpMiniport - ok14:54:55.0746 0x12ac [ 2027293619DD0F047C584CF2E7DF4FFD, B7C172CCD08D8A30483D27536355ED1E5009B33629355B426470AFBA8542B394 ] Processor C:\Windows\system32\drivers\processr.sys14:54:55.0769 0x12ac Processor - ok14:54:55.0798 0x12ac [ 0508FAA222D28835310B7BFCA7A77346, 3AE2340C6E365F137CC00D9560069501DD2724756EA9EBF7A6CDFFC91B43709C ] ProfSvc C:\Windows\system32\profsvc.dll14:54:55.0822 0x12ac ProfSvc - ok14:54:55.0849 0x12ac [ 3978F3540329E16C0AC3BCF677E5669F, 2CC9F1C9D9E33F8A0DA72490D74BED9E746FB142EDF78DE2F2A33A34B76D9868 ] ProtectedStorage C:\Windows\system32\lsass.exe14:54:55.0859 0x12ac ProtectedStorage - ok14:54:55.0908 0x12ac [ 390C204CED3785609AB24E9C52054A84, D997A9EAAE4A7FED9C2FEBD1AA7D1171431B9C9D56F8BFB587DCAE26203FF4D2 ] Ps2 C:\Windows\system32\DRIVERS\PS2.sys14:54:55.0915 0x12ac Ps2 - ok14:54:55.0959 0x12ac [ 99514FAA8DF93D34B5589187DB3AA0BA, 4DDE5EC0C721B22E1D7D55ED3514B60EA07435C232A3A931BB49C7F486B52C18 ] PSched C:\Windows\system32\DRIVERS\pacer.sys14:54:55.0993 0x12ac PSched - ok14:54:56.0078 0x12ac [ 0A6DB55AFB7820C99AA1F3A1D270F4F6, 8B7D44A7698B95FE34CBBE4FAB2F01EC1F5BA86C2B19672F99767E650E99BF1C ] ql2300 C:\Windows\system32\drivers\ql2300.sys14:54:56.0123 0x12ac ql2300 - ok14:54:56.0149 0x12ac [ 81A7E5C076E59995D54BC1ED3A16E60B, A2988F065F93C41B3B389BFF3BB3FD69F768C2AF249C2356F315CC92E5C9E128 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys14:54:56.0158 0x12ac ql40xx - ok14:54:56.0193 0x12ac [ E9ECAE663F47E6CB43962D18AB18890F, F1A05320CAED9E745AA36A6DA9B64C48AAEDE888B42B249840CEB31448F7F432 ] QWAVE C:\Windows\system32\qwave.dll14:54:56.0215 0x12ac QWAVE - ok14:54:56.0235 0x12ac [ 9F5E0E1926014D17486901C88ECA2DB7, 67CDFB99AB546DCEEF20507EAC07DD52FFB51BFDFE9416ABEDDC1201B60D720E ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys14:54:56.0246 0x12ac QWAVEdrv - ok14:54:56.0271 0x12ac [ 147D7F9C556D259924351FEB0DE606C3, E41EBA5F3098C6CF2BE4C0060A5F4BF161C3677D983B7A0D70ACC12FC3CFEFD7 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys14:54:56.0292 0x12ac RasAcd - ok14:54:56.0313 0x12ac [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F, 6A410ABCCD2211EFF511CDBF22E4152B57D2996336EBE711DFF71904AF232DB2 ] RasAuto C:\Windows\System32\rasauto.dll14:54:56.0349 0x12ac RasAuto - ok14:54:56.0374 0x12ac [ A214ADBAF4CB47DD2728859EF31F26B0, A24F37F55E2C018B1B4FA2C568A01AAAAEA1220833ED24A93378386174A70A32 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys14:54:56.0397 0x12ac Rasl2tp - ok14:54:56.0448 0x12ac [ 75D47445D70CA6F9F894B032FBC64FCF, 9112EA5D25F867136858524C7965ACCEDC02675D1E2985B950598D89CCF25E14 ] RasMan C:\Windows\System32\rasmans.dll14:54:56.0502 0x12ac RasMan - ok14:54:56.0551 0x12ac [ 509A98DD18AF4375E1FC40BC175F1DEF, CC7C278CA298CE102D871E34C176E73F903D6687D1E8B5AFAB8772C7DE1A60B1 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys14:54:56.0567 0x12ac RasPppoe - ok14:54:56.0587 0x12ac [ 2005F4A1E05FA09389AC85840F0A9E4D, D8A664073FDE82F9AB324347024CDB7043635C84EB11C24C59AB384C52F0FD94 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys14:54:56.0600 0x12ac RasSstp - ok14:54:56.0679 0x12ac [ B14C9D5B9ADD2F84F70570BBBFAA7935, 3D533767A50554B86C769DF4D8841B3EA680B3807E85EA3533BDA9B649548269 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys14:54:56.0700 0x12ac rdbss - ok14:54:56.0723 0x12ac [ 89E59BE9A564262A3FB6C4F4F1CD9899, 6F948FB0E73495CA60B7B19E758268495EC8A084C475EC59AD7940AA619570BB ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys14:54:56.0744 0x12ac RDPCDD - ok14:54:56.0795 0x12ac [ FBC0BACD9C3D7F6956853F64A66E252D, 7672B10C7039295B152C02C96903E869FF2C0A88A2C3FA89BAE9F1D593B43569 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys14:54:56.0824 0x12ac rdpdr - ok14:54:56.0831 0x12ac [ 9D91FE5286F748862ECFFA05F8A0710C, 33F37F1B207151A5564BF051BBF16F35D8C5A0F426CCA078A51F125BF09E487B ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys14:54:56.0854 0x12ac RDPENCDD - ok14:54:56.0929 0x12ac [ 30BFBDFB7F95559EDE971F9DDB9A00BA, 1BDD3FD0ABCF5EA2C4D2618E76AC782894E5A7132700BA4C4226E1F9C7CE547B ] RDPWD C:\Windows\system32\drivers\RDPWD.sys14:54:56.0949 0x12ac RDPWD - ok14:54:57.0049 0x12ac [ BCDD6B4804D06B1F7EBF29E53A57ECE9, 8A961CCD0A0265E03D9952C733B593B02B5CF64E308D6B420276D2D6B20F86FC ] RemoteAccess C:\Windows\System32\mprdim.dll14:54:57.0082 0x12ac RemoteAccess - ok14:54:57.0122 0x12ac [ 9E6894EA18DAFF37B63E1005F83AE4AB, 5D6DF994D297C875D547C7B111A571AA90D582DAECADE18A53F65AD988819E67 ] RemoteRegistry C:\Windows\system32\regsvc.dll14:54:57.0141 0x12ac RemoteRegistry - ok14:54:57.0170 0x12ac [ 5123F83CBC4349D065534EEB6BBDC42B, 92A3F38EA924D83D601BB93E3750F9DBC2DD963FB7ACF2A0E776297E21815225 ] RpcLocator C:\Windows\system32\locator.exe14:54:57.0195 0x12ac RpcLocator - ok14:54:57.0229 0x12ac [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] RpcSs C:\Windows\system32\rpcss.dll14:54:57.0278 0x12ac RpcSs - ok14:54:57.0318 0x12ac [ 9C508F4074A39E8B4B31D27198146FAD, 84913471E5A6C297B1EDABE45EF3FE7D2C4410EF04370F615109FD9E2690FFDB ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys14:54:57.0354 0x12ac rspndr - ok14:54:57.0383 0x12ac [ 3978F3540329E16C0AC3BCF677E5669F, 2CC9F1C9D9E33F8A0DA72490D74BED9E746FB142EDF78DE2F2A33A34B76D9868 ] SamSs C:\Windows\system32\lsass.exe14:54:57.0393 0x12ac SamSs - ok14:54:57.0429 0x12ac [ 3CE8F073A557E172B330109436984E30, CEC281C6076FAA1E34372CF419C6308E73811316606B8D0D9055B7D8952BDC88 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys14:54:57.0437 0x12ac sbp2port - ok14:54:57.0451 0x12ac [ 77B7A11A0C3D78D3386398FBBEA1B632, A3D290AB793BDC2F84C7B963300DFCE81CFE082A0FFF7489E8E5B14714892C00 ] SCardSvr C:\Windows\System32\SCardSvr.dll14:54:57.0476 0x12ac SCardSvr - ok14:54:57.0602 0x12ac [ 1A58069DB21D05EB2AB58EE5753EBE8D, EED8111EB613F4C93D1638C74FDB0A6DC6694E1B108DCD0D794B5B5F9B8C6EE4 ] Schedule C:\Windows\system32\schedsvc.dll14:54:57.0660 0x12ac Schedule - ok14:54:57.0700 0x12ac [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] SCPolicySvc C:\Windows\System32\certprop.dll14:54:57.0716 0x12ac SCPolicySvc - ok14:54:57.0798 0x12ac [ 716313D9F6B0529D03F726D5AAF6F191, 44FE994A11631C1D99C73026340BACE39973C65A1281D87A61B481C9B5FAB251 ] SDRSVC C:\Windows\System32\SDRSVC.dll14:54:57.0812 0x12ac SDRSVC - ok14:54:57.0856 0x12ac [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys14:54:57.0900 0x12ac secdrv - ok14:54:57.0943 0x12ac [ FD5199D4D8A521005E4B5EE7FE00FA9B, 0FB7A1D300C72B1ADC423CC57343C17853E5F8ACFE3EA2C42FAC2FF72E502FBE ] seclogon C:\Windows\system32\seclogon.dll14:54:57.0990 0x12ac seclogon - ok14:54:58.0036 0x12ac [ A9BBAB5759771E523F55563D6CBE140F, 415BF6F6A1E4C5F98DABF9C2EEAF8CA49730693046E5F94C7655683717EDAD75 ] SENS C:\Windows\system32\sens.dll14:54:58.0070 0x12ac SENS - ok14:54:58.0116 0x12ac [ 68E44E331D46F0FB38F0863A84CD1A31, 0778D85B6869CE2610820DC9724360538BFE832426E898AEBC34E53D2AB4322B ] Serenum C:\Windows\system32\drivers\serenum.sys14:54:58.0155 0x12ac Serenum - ok14:54:58.0201 0x12ac [ C70D69A918B178D3C3B06339B40C2E1B, 40BEEECA4C797A3355F4B01C57C2763C33028F27826315062320789A496D0810 ] Serial C:\Windows\system32\drivers\serial.sys14:54:58.0244 0x12ac Serial - ok14:54:58.0288 0x12ac [ 8AF3D28A879BF75DB53A0EE7A4289624, C870BEBB969DCD9170E64584D1CD329A193D9FC812A45EF3574891110CA68B45 ] sermouse C:\Windows\system32\drivers\sermouse.sys14:54:58.0311 0x12ac sermouse - ok14:54:58.0356 0x12ac [ D2193326F729B163125610DBF3E17D57, 82C894E24E2C139C884246A693AD37BBF0A4E9375B7F7A288EF1DB22F89434B9 ] SessionEnv C:\Windows\system32\sessenv.dll14:54:58.0391 0x12ac SessionEnv - ok14:54:58.0407 0x12ac [ 3EFA810BDCA87F6ECC24F9832243FE86, E50FEA94DB9851A46A8A71A8C061AC953A9D5B14585382B3F0FFC84931A0A68F ] sffdisk C:\Windows\system32\drivers\sffdisk.sys14:54:58.0426 0x12ac sffdisk - ok14:54:58.0439 0x12ac [ E95D451F7EA3E583AEC75F3B3EE42DC5, B014BE4F9B0C79ECCE2537D1CF4AAD48ACB4C5AD3DACAC4444F0F465B9689921 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys14:54:58.0470 0x12ac sffp_mmc - ok14:54:58.0479 0x12ac [ 3D0EA348784B7AC9EA9BD9F317980979, 2500CE188C9B71C50E966FA575303AEFE50934E376C530AECEC7C7533C15EF08 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys14:54:58.0504 0x12ac sffp_sd - ok14:54:58.0563 0x12ac [ 46ED8E91793B2E6F848015445A0AC188, 34A97304F23EA153422848F6F1CAF8ADF0944EA781E12F027B6DEAF751A04B5D ] sfloppy C:\Windows\system32\drivers\sfloppy.sys14:54:58.0600 0x12ac sfloppy - ok14:54:58.0645 0x12ac [ E1499BD0FF76B1B2FBBF1AF339D91165, 9A8F0403467E75880D3070C4D862489A75134383BAF8E7C45F8C5E7DFB0605A5 ] SharedAccess C:\Windows\System32\ipnathlp.dll14:54:58.0675 0x12ac SharedAccess - ok14:54:58.0746 0x12ac [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] ShellHWDetection C:\Windows\System32\shsvcs.dll14:54:58.0763 0x12ac ShellHWDetection - ok14:54:58.0782 0x12ac [ 1D76624A09A054F682D746B924E2DBC3, DC903DD466AB8899883253F09477B02E4E93A31C8B279F9F02BD555F1AA083B7 ] sisagp C:\Windows\system32\drivers\sisagp.sys14:54:58.0790 0x12ac sisagp - ok14:54:58.0817 0x12ac [ 43CB7AA756C7DB280D01DA9B676CFDE2, 08484CAEA0518C0A4CCCD292D8C803B27FEC453537EE1E4CEE74A7208356A474 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys14:54:58.0824 0x12ac SiSRaid2 - ok14:54:58.0834 0x12ac [ A99C6C8B0BAA970D8AA59DDC50B57F94, 97AC9DD6DC4F58AC60E819B999BB157663EE7C1739521D16768AA9AC00DAD012 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys14:54:58.0843 0x12ac SiSRaid4 - ok14:54:59.0185 0x12ac [ 862BB4CBC05D80C5B45BE430E5EF872F, F4961B22C93E472C8C862421AA231CDDA9E40D3958741A1D666357F22CC3143D ] slsvc C:\Windows\system32\SLsvc.exe14:54:59.0325 0x12ac slsvc - ok14:54:59.0394 0x12ac [ 6EDC422215CD78AA8A9CDE6B30ABBD35, D8342BC3152859F4F7512E85ABEC61147DBCAB515458644728874E42F639D6CA ] SLUINotify C:\Windows\system32\SLUINotify.dll14:54:59.0428 0x12ac SLUINotify - ok14:54:59.0489 0x12ac [ 7B75299A4D201D6A6533603D6914AB04, 172BE3951F06B1991EF70B71EB91786D1EFC4E381C22BCA3A5F622CD59F3227E ] Smb C:\Windows\system32\DRIVERS\smb.sys14:54:59.0506 0x12ac Smb - ok14:54:59.0575 0x12ac [ 2A146A055B4401C16EE62D18B8E2A032, D0930FFA53951C92F56E1ECB41374F4C0AA01ECBF99F474513A21EAD579CFE47 ] SNMPTRAP C:\Windows\System32\snmptrap.exe14:54:59.0586 0x12ac SNMPTRAP - ok14:54:59.0608 0x12ac [ 7AEBDEEF071FE28B0EEF2CDD69102BFF, E03BEE733F4C2A5F39946D4955679A290E22758DFCE4222EE69ABF64FC54EDF7 ] spldr C:\Windows\system32\drivers\spldr.sys14:54:59.0615 0x12ac spldr - ok14:54:59.0673 0x12ac [ 8554097E5136C3BF9F69FE578A1B35F4, 2578545CFD647FB18F217B33C8CB4F0184A35F548659494056E455020CC15FB0 ] Spooler C:\Windows\System32\spoolsv.exe14:54:59.0687 0x12ac Spooler - ok14:54:59.0758 0x12ac [ 41987F9FC0E61ADF54F581E15029AD91, A46E718648C2DD3B43FC3798932C966315893A59442A0686CE46C605B9E4641E ] srv C:\Windows\system32\DRIVERS\srv.sys14:54:59.0776 0x12ac srv - ok14:54:59.0836 0x12ac [ FF33AFF99564B1AA534F58868CBE41EF, EFBB005DA19E5B320009CBF93E686D8BFA6A50A23B5A5001C7C84C7D85EF7D49 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys14:54:59.0884 0x12ac srv2 - ok14:54:59.0915 0x12ac [ 7605C0E1D01A08F3ECD743F38B834A44, 83A77E31004BCF83443F30EFC290E04BB1A2F332E8DFD614AB6E25B527C92299 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys14:54:59.0981 0x12ac srvnet - ok14:55:00.0001 0x12ac [ 03D50B37234967433A5EA5BA72BC0B62, 7B61D6A4BF5D446A9473D058BC207FB6DA7C2FEFB8083F3B66CAC8907DBD8327 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll14:55:00.0031 0x12ac SSDPSRV - ok14:55:00.0057 0x12ac [ 6F1A32E7B7B30F004D9A20AFADB14944, AA9D874A14CA4779E76701D2B02F4CCA92CD5917435FB4CACA149FCB2D1D4C4C ] SstpSvc C:\Windows\system32\sstpsvc.dll14:55:00.0072 0x12ac SstpSvc - ok14:55:00.0131 0x12ac [ 5DE7D67E49B88F5F07F3E53C4B92A352, 6930A598C35646646ED0E91633797EFE139AE6CDD0012335BD1340754A22F997 ] stisvc C:\Windows\System32\wiaservc.dll14:55:00.0167 0x12ac stisvc - ok14:55:00.0185 0x12ac [ 7BA58ECF0C0A9A69D44B3DCA62BECF56, 23CC47FA2D6E183D69DB0D3D3F3081A830D94A58FBC0A9A295B3A56C51E9486A ] swenum C:\Windows\system32\DRIVERS\swenum.sys14:55:00.0193 0x12ac swenum - ok14:55:00.0244 0x12ac [ F21FD248040681CCA1FB6C9A03AAA93D, 32FE765841A183A1F2C1ACACBBF8CDB11E7D4D4396F9C9F6CFF1B51C9B620ED3 ] swprv C:\Windows\System32\swprv.dll14:55:00.0279 0x12ac swprv - ok14:55:00.0296 0x12ac [ 192AA3AC01DF071B541094F251DEED10, 5C6EB56D1C39F3717EB754A1B37C8A618BA4F2107F64048E985D71FA04D1AD05 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys14:55:00.0302 0x12ac Symc8xx - ok14:55:00.0350 0x12ac [ 8C8EB8C76736EBAF3B13B633B2E64125, A6C4845DDED81CCF4947612A4D6E42035136025BCD80812D2FF396927CAADEC5 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys14:55:00.0357 0x12ac Sym_hi - ok14:55:00.0374 0x12ac [ 8072AF52B5FD103BBBA387A1E49F62CB, D336A7D008D145619E79043EBF5D0D455086BA1FEF89612BC2EA11CC363D82B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys14:55:00.0381 0x12ac Sym_u3 - ok14:55:00.0495 0x12ac [ 9A51B04E9886AA4EE90093586B0BA88D, 1666C29FBFA34174B506678C920636519051D03456A6DDCCD6FF708CAE5D9962 ] SysMain C:\Windows\system32\sysmain.dll14:55:00.0559 0x12ac SysMain - ok14:55:00.0602 0x12ac [ 2DCA225EAE15F42C0933E998EE0231C3, 67C7913E41854DFA3043426B7D59AA1FBBB9DE01A6E6904E40A696A7C61A5F98 ] TabletInputService C:\Windows\System32\TabSvc.dll14:55:00.0616 0x12ac TabletInputService - ok14:55:00.0701 0x12ac [ D7673E4B38CE21EE54C59EEEB65E2483, 330D0AD13F5008D8569CE8E5EA0BBD69F54F59FEB54FD903FA18D2849CEC6AF0 ] TapiSrv C:\Windows\System32\tapisrv.dll14:55:00.0726 0x12ac TapiSrv - ok14:55:00.0747 0x12ac [ CB05822CD9CC6C688168E113C603DBE7, 9DB8945BDC702BB13E9DE477F2D3CCA4CE0E9E8CE9B54CE1A25375F2A2C93F0E ] TBS C:\Windows\System32\tbssvc.dll14:55:00.0788 0x12ac TBS - ok14:55:00.0865 0x12ac [ 6A10AFCE0B38371064BE41C1FBFD3C6B, 20FDB47DCF54B857B09C2753B49737F5B2D2D9ED7942C4DB0BFDEDC7811D02E1 ] Tcpip C:\Windows\system32\drivers\tcpip.sys14:55:00.0927 0x12ac Tcpip - ok14:55:00.0961 0x12ac [ 6A10AFCE0B38371064BE41C1FBFD3C6B, 20FDB47DCF54B857B09C2753B49737F5B2D2D9ED7942C4DB0BFDEDC7811D02E1 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys14:55:00.0997 0x12ac Tcpip6 - ok14:55:01.0041 0x12ac [ 9BF343F4C878D6AD6922B2C5A4FEFE0D, D3A8E2BC16A998D28228E7931624AF52C991E1D7959B8679F0867BA8241935D4 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys14:55:01.0068 0x12ac tcpipreg - ok14:55:01.0082 0x12ac [ 5DCF5E267BE67A1AE926F2DF77FBCC56, E00C0A03AEE579B51B39930A72F39F4EFFE7CDA37187B0AE90F4E001AD15473B ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys14:55:01.0105 0x12ac TDPIPE - ok14:55:01.0136 0x12ac [ 389C63E32B3CEFED425B61ED92D3F021, E4718E290678F00995E754AE66F1027D227BFAB9E1A1D2AC8E4EAD27DC50CB17 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys14:55:01.0162 0x12ac TDTCP - ok14:55:01.0206 0x12ac [ 76B06EB8A01FC8624D699E7045303E54, EC30F244B48A35622ED3EE91792F6A1517C5A50770FAB3945E7A945EB7AF28A8 ] tdx C:\Windows\system32\DRIVERS\tdx.sys14:55:01.0230 0x12ac tdx - ok14:55:01.0275 0x12ac [ 3CAD38910468EAB9A6479E2F01DB43C7, 9D18C71EDF39743A0A592BC0873909D2B75B5B177B2672A865D1EEC0BFD2F61C ] TermDD C:\Windows\system32\DRIVERS\termdd.sys14:55:01.0285 0x12ac TermDD - ok14:55:01.0331 0x12ac [ BB95DA09BEF6E7A131BFF3BA5032090D, BAF6997F8D944F85F0553957677866C7F22E72AA434BA45FFFB6CC41041070DC ] TermService C:\Windows\System32\termsrv.dll14:55:01.0366 0x12ac TermService - ok14:55:01.0400 0x12ac [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] Themes C:\Windows\system32\shsvcs.dll14:55:01.0418 0x12ac Themes - ok14:55:01.0433 0x12ac [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] THREADORDER C:\Windows\system32\mmcss.dll14:55:01.0457 0x12ac THREADORDER - ok14:55:01.0543 0x12ac [ EC74E77D0EB004BD3A809B5F8FB8C2CE, 1E4BBC58D0E35D79C764CF1BA73602C5E29A5A2393D40332801D533E445C6667 ] TrkWks C:\Windows\System32\trkwks.dll14:55:01.0588 0x12ac TrkWks - ok14:55:01.0655 0x12ac [ 97D9D6A04E3AD9B6C626B9931DB78DBA, 8E42133ED5EE5EEC414A8B11C1035385C6141E445EA9677F947D20768F25A877 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe14:55:01.0671 0x12ac TrustedInstaller - ok14:55:01.0715 0x12ac [ DCF0F056A2E4F52287264F5AB29CF206, D9F770BD65AE4320A8C130DEA1D093AA4E37FCA573BBE6A59D6D045452EA711D ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys14:55:01.0737 0x12ac tssecsrv - ok14:55:01.0754 0x12ac [ CAECC0120AC49E3D2F758B9169872D38, 80DB15ADF5F4FF78D0C7D5081B6C0E8F1E5125872B60D23C19DA8E62C9DAC9A8 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys14:55:01.0766 0x12ac tunmp - ok14:55:01.0809 0x12ac [ 300DB877AC094FEAB0BE7688C3454A9C, 3B36AA191FBE25B1A61150EAA2BDF8BA286DC4C052F6E98B0ED8202135553D8C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys14:55:01.0819 0x12ac tunnel - ok14:55:01.0850 0x12ac [ 7D33C4DB2CE363C8518D2DFCF533941F, C6A539AD31B0BD9F895E0A537783AA75D5760C8590D83BA832D59A9B090CA0E9 ] uagp35 C:\Windows\system32\drivers\uagp35.sys14:55:01.0858 0x12ac uagp35 - ok14:55:01.0998 0x12ac [ D9728AF68C4C7693CB100B8441CBDEC6, A2CEE1EE4EF17106349F4E6967F504354801934179FBB3F10B9A4E3C30BC28CE ] udfs C:\Windows\system32\DRIVERS\udfs.sys14:55:02.0019 0x12ac udfs - ok14:55:02.0050 0x12ac [ ECEF404F62863755951E09C802C94AD5, 5D92062B3E371F196774EBFE840C78501E55A244DB2A49703C7AC0141C7DABF1 ] UI0Detect C:\Windows\system32\UI0Detect.exe14:55:02.0083 0x12ac UI0Detect - ok14:55:02.0102 0x12ac [ B0ACFDC9E4AF279E9116C03E014B2B27, 455D30859E381361FF6EE8B01EDC22A2E66CD5EC22CA9F314E88009DB77A8BAF ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys14:55:02.0112 0x12ac uliagpkx - ok14:55:02.0134 0x12ac [ 9224BB254F591DE4CA8D572A5F0D635C, C5E7B24587AC5A28ECA63300307AD95B8A846833340126AE378840A40E53C056 ] uliahci C:\Windows\system32\drivers\uliahci.sys14:55:02.0149 0x12ac uliahci - ok14:55:02.0164 0x12ac [ 8514D0E5CD0534467C5FC61BE94A569F, A6EFB967044F88335469DB3351587E31CEC659BB6A7D8ED45C68329232C31BB9 ] UlSata C:\Windows\system32\drivers\ulsata.sys14:55:02.0173 0x12ac UlSata - ok14:55:02.0188 0x12ac [ 38C3C6E62B157A6BC46594FADA45C62B, 44F87DC955CB4E35E0EB4C8B4E931472B33D97FE000C22370A06AD5EDCEFD0BA ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys14:55:02.0198 0x12ac ulsata2 - ok14:55:02.0210 0x12ac [ 32CFF9F809AE9AED85464492BF3E32D2, 91AAA47AEF17F373276B01AC8FA823592A0C854541A7A9A3B78F2350DB964EBC ] umbus C:\Windows\system32\DRIVERS\umbus.sys14:55:02.0233 0x12ac umbus - ok14:55:02.0256 0x12ac [ 68308183F4AE0BE7BF8ECD07CB297999, 4444233CA3C42BEE50ED47553D4AE5A7C12D8F288D2FA4B2DAE1D9B9FEC1A72D ] upnphost C:\Windows\System32\upnphost.dll14:55:02.0284 0x12ac upnphost - ok14:55:02.0297 0x12ac [ 8BD3AE150D97BA4E633C6C5C51B41AE1, 6B529901B0311197CB67B9D9A2DED7D79B820F66E75BEF0FA912EFE50F941217 ] usbccgp C:\Windows\system32\drivers\usbccgp.sys14:55:02.0336 0x12ac usbccgp - ok14:55:02.0364 0x12ac [ E9476E6C486E76BC4898074768FB7131, D14B8F69A511DC1F990A9C123C18689AFE59659BA8130D248D8D03E9BD2143B6 ] usbcir C:\Windows\system32\drivers\usbcir.sys14:55:02.0402 0x12ac usbcir - ok14:55:02.0434 0x12ac [ 79E96C23A97CE7B8F14D310DA2DB0C9B, EB441D3B93965CD927E0C181031AD1082F59F9885BF35CABFDCA08C6C76B0DAF ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys14:55:02.0450 0x12ac usbehci - ok14:55:02.0558 0x12ac [ 4673BBCB006AF60E7ABDDBE7A130BA42, 0B7DED0D887A3530AA5497FDBCB69389486FB9E2B6FAE3163E33713256D575BA ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys14:55:02.0579 0x12ac usbhub - ok14:55:02.0623 0x12ac [ CE697FEE0D479290D89BEC80DFE793B7, D10F6BAD0467672CCE4F97C7F2E13437CE89AC754C895EAE05F0726B6DC617B1 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys14:55:02.0654 0x12ac usbohci - ok14:55:02.0684 0x12ac [ B51E52ACF758BE00EF3A58EA452FE360, 79E629EC5DE8AB7F31B0EE9AE94C71E8F703FED5C09A816228726974F7790C85 ] usbprint C:\Windows\system32\drivers\usbprint.sys14:55:02.0728 0x12ac usbprint - ok14:55:02.0741 0x12ac [ BE3DA31C191BC222D9AD503C5224F2AD, 201FB0FDBF423342202686DC0D8A3221B7798AE04C04A649D3441C257C733CE8 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS14:55:02.0758 0x12ac USBSTOR - ok14:55:02.0785 0x12ac [ 814D653EFC4D48BE3B04A307ECEFF56F, D73D62F51AEFE2F8F2B938B20107C246F2AC2F62ED49112DBD092A5D2E4024B3 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys14:55:02.0801 0x12ac usbuhci - ok14:55:02.0848 0x12ac [ 1509E705F3AC1D474C92454A5C2DD81F, 7F525921A3513224F8B093A16E19B4235B300349A14B0B86EE11B7473BA53337 ] UxSms C:\Windows\System32\uxsms.dll14:55:02.0865 0x12ac UxSms - ok14:55:02.0959 0x12ac [ CD88D1B7776DC17A119049742EC07EB4, 6B68B9EDB8C6BCB2644F1F004D5743E928509D12107D996F390A24A72E0AA528 ] vds C:\Windows\System32\vds.exe14:55:03.0023 0x12ac vds - ok14:55:03.0048 0x12ac [ 87B06E1F30B749A114F74622D013F8D4, 06C06EF87F7DC668D23B50AA5F419F62474ACF90E325E167491BF290286D6594 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys14:55:03.0070 0x12ac vga - ok14:55:03.0107 0x12ac [ 2E93AC0A1D8C79D019DB6C51F036636C, 8B6F3B4EE90691A22788915AD0F99D8EE617750430A34E7CEB9AB4FB4E581755 ] VgaSave C:\Windows\System32\drivers\vga.sys14:55:03.0129 0x12ac VgaSave - ok14:55:03.0173 0x12ac [ 5D7159DEF58A800D5781BA3A879627BC, 499A8E51FDE61AE0D7C1812D1E5B331211A36BD095A4992C629B93DE6D80F4E6 ] viaagp C:\Windows\system32\drivers\viaagp.sys14:55:03.0181 0x12ac viaagp - ok14:55:03.0232 0x12ac [ C4F3A691B5BAD343E6249BD8C2D45DEE, 19DE07AD6CD51036FA8A6B8EE82F34D7F5264FF3A12CBE6E52BD036D0303E319 ] ViaC7 C:\Windows\system32\drivers\viac7.sys14:55:03.0255 0x12ac ViaC7 - ok14:55:03.0292 0x12ac [ AADF5587A4063F52C2C3FED7887426FC, 0A74791A236FDAFCD045CFB79A159245B94F7C2033E0CD830C1B76F0F994E06D ] viaide C:\Windows\system32\drivers\viaide.sys14:55:03.0299 0x12ac viaide - ok14:55:03.0312 0x12ac [ 69503668AC66C77C6CD7AF86FBDF8C43, 2CE407674A58313737073F02B9A617460BBA84B36C3A16D98AE5ED45279F5006 ] volmgr C:\Windows\system32\drivers\volmgr.sys14:55:03.0320 0x12ac volmgr - ok14:55:03.0471 0x12ac [ 23E41B834759917BFD6B9A0D625D0C28, 9F60992805262F936E8DA33610FDF60A191ECAFC08BBF657C8F9A21833C8EFC5 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys14:55:03.0523 0x12ac volmgrx - ok14:55:03.0554 0x12ac [ 147281C01FCB1DF9252DE2A10D5E7093, DF5DCF6FD472F21863DC10B62F7647420B9686607857D08286B618D585E50219 ] volsnap C:\Windows\system32\drivers\volsnap.sys14:55:03.0647 0x12ac volsnap - ok14:55:03.0681 0x12ac [ 587253E09325E6BF226B299774B728A9, C9F46197819C2A095456393C518A9B00B59ECDC54F464D038AA7F8DCCDB93CCF ] vsmraid C:\Windows\system32\drivers\vsmraid.sys14:55:03.0693 0x12ac vsmraid - ok14:55:03.0870 0x12ac [ DB3D19F850C6EB32BDCB9BC0836ACDDB, D81FF1CDA87A2FE83EFD5B3FE01EFF940952F8BAEE70BEA3B2F6EF30E2121704 ] VSS C:\Windows\system32\vssvc.exe14:55:03.0936 0x12ac VSS - ok14:55:03.0976 0x12ac [ 96EA68B9EB310A69C25EBB0282B2B9DE, C76D3427F8A2953CB4D96BBA1523679CBE1BBF7FA821A35D2FBEB3E67AC6A10B ] W32Time C:\Windows\system32\w32time.dll14:55:04.0008 0x12ac W32Time - ok14:55:04.0079 0x12ac [ 48DFEE8F1AF7C8235D4E626F0C4FE031, A41D05BC0DA3C476C32E0A4DAF015DF7BADF28A03CE236D5596885FF1772F148 ] WacomPen C:\Windows\system32\drivers\wacompen.sys14:55:04.0127 0x12ac WacomPen - ok14:55:04.0148 0x12ac [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys14:55:04.0170 0x12ac Wanarp - ok14:55:04.0190 0x12ac [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys14:55:04.0212 0x12ac Wanarpv6 - ok14:55:04.0304 0x12ac [ A3CD60FD826381B49F03832590E069AF, 213C5DB5E5D828264286FD7548527566D6160CCA780BC6853B7B28CECF329674 ] wcncsvc C:\Windows\System32\wcncsvc.dll14:55:04.0332 0x12ac wcncsvc - ok14:55:04.0381 0x12ac [ 11BCB7AFCDD7AADACB5746F544D3A9C7, 0370E20FD12ED713F94E5CD76F068F7A7A5E7F42416DD2A8A41249020DA7DA31 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll14:55:04.0399 0x12ac WcsPlugInService - ok14:55:04.0413 0x12ac [ 78FE9542363F297B18C027B2D7E7C07F, 6BC3ED2A48EF41E1EE597FD58271DB12256EC013518663331CD0FBCB3FC415EE ] Wd C:\Windows\system32\drivers\wd.sys14:55:04.0422 0x12ac Wd - ok14:55:04.0447 0x12ac [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96, 6A6EFFDB538DE1E201058A00F3E056F1256E92EED943FBFBCE28E54BE751E33D ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys14:55:04.0480 0x12ac Wdf01000 - ok14:55:04.0501 0x12ac [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiServiceHost C:\Windows\system32\wdi.dll14:55:04.0526 0x12ac WdiServiceHost - ok14:55:04.0532 0x12ac [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiSystemHost C:\Windows\system32\wdi.dll14:55:04.0556 0x12ac WdiSystemHost - ok14:55:04.0691 0x12ac [ 04C37D8107320312FBAE09926103D5E2, 1C6726A9871CBACB240AFA93E57781515F01758D43693DDA395EA683D97234F0 ] WebClient C:\Windows\System32\webclnt.dll14:55:04.0751 0x12ac WebClient - ok14:55:04.0797 0x12ac [ 905214925A88311FCE52F66153DE7610, 5D18C6E835A2EA4108C93D9E6AA976142119860C8FC8ECB2DFA961A241B6E61C ] Wecsvc C:\Windows\system32\wecsvc.dll14:55:04.0863 0x12ac Wecsvc - ok14:55:04.0880 0x12ac [ 670FF720071ED741206D69BD995EA453, 4B96F5E3545F69AE9EBC75DC4AB27B87306D656EE526AE39E7EC7E2B6F83F7FD ] wercplsupport C:\Windows\System32\wercplsupport.dll14:55:04.0909 0x12ac wercplsupport - ok14:55:04.0965 0x12ac [ 32B88481D3B326DA6DEB07B1D03481E7, 821FBAF147E525ED15EB9391B16A96C6D5464841258B11F277EFB57A3BD50E37 ] WerSvc C:\Windows\System32\WerSvc.dll14:55:04.0996 0x12ac WerSvc - ok14:55:05.0164 0x12ac [ 72CC6A8CA7891031D6380DB5025C773C, 33D5021C3A2FE8E9F6E2C22F4777E1D82A6B3998EB857B618A3C8838D3C8B03E ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys14:55:05.0216 0x12ac winachsf - ok14:55:05.0264 0x12ac [ 4575AA12561C5648483403541D0D7F2B, 2DBB7904285F16E879E1662C4CC4DFAA420D5EB24DDFC4BAC0B7616F5F44649A ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll14:55:05.0281 0x12ac WinDefend - ok14:55:05.0291 0x12ac WinHttpAutoProxySvc - ok14:55:05.0352 0x12ac [ 6B2A1D0E80110E3D04E6863C6E62FD8A, EE8BC7C378993EFE90273764C83119EBF331768CD7B24DE949233C74A51306C2 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll14:55:05.0394 0x12ac Winmgmt - ok14:55:05.0465 0x12ac [ 01874D4689C212460FBABF0ECD7CB7F7, 8FC46BAD704A1E057DC4A8DC7374AAB93A96CC4A46E06FF9C2E06A6D62820469 ] WinRM C:\Windows\system32\WsmSvc.dll14:55:05.0539 0x12ac WinRM - ok14:55:05.0671 0x12ac [ C008405E4FEEB069E30DA1D823910234, C392A7B5FEACB7D11A3A231C1AD65D533984E6E7429ECD3BFBF90A27E8DEB157 ] Wlansvc C:\Windows\System32\wlansvc.dll14:55:05.0712 0x12ac Wlansvc - ok14:55:05.0753 0x12ac [ 2E7255D172DF0B8283CDFB7B433B864E, 60C786CF0EA4A29B309B9457F0496D5A0AF1F093FC2C5D88078865814B7DBBA3 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys14:55:05.0792 0x12ac WmiAcpi - ok14:55:05.0834 0x12ac [ 43BE3875207DCB62A85C8C49970B66CC, 27169F2E8A30807794407DA8F80611E4287F940AAE2A1F00F547901872FB9703 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe14:55:05.0880 0x12ac wmiApSrv - ok14:55:06.0043 0x12ac [ 3978704576A121A9204F8CC49A301A9B, 936CC13B90A183613BDA4081556C96D48CA415B5F65D61E18CB5F2E51EEBE59F ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe14:55:06.0126 0x12ac WMPNetworkSvc - ok14:55:06.0156 0x12ac [ CFC5A04558F5070CEE3E3A7809F3FF52, 45899E04000E21C4E009BE8B6149F199A5B2E0512C657A525770BF9DBFED7D2B ] WPCSvc C:\Windows\System32\wpcsvc.dll14:55:06.0194 0x12ac WPCSvc - ok14:55:06.0251 0x12ac [ 396D406292B0CD26E3504FFE82784702, 5F9015BB515AC13D4DFE8F4B532352CF2C5B61DEFD3D0D61BCD82C781D36E7AF ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll14:55:06.0284 0x12ac WPDBusEnum - ok14:55:06.0303 0x12ac [ E3A3CB253C0EC2494D4A61F5E43A389C, 10BA8B102E31B961819E524FCA5FA817B588EC77FB26B4E176D0A5CFF11EDF79 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys14:55:06.0332 0x12ac ws2ifsl - ok14:55:06.0434 0x12ac [ 1CA6C40261DDC0425987980D0CD2AAAB, 727C1E3A170316641F832A8D197EDA6D6EE1206E4ED7B741E5A4017B7F2F7B88 ] wscsvc C:\Windows\system32\wscsvc.dll14:55:06.0474 0x12ac wscsvc - ok14:55:06.0480 0x12ac WSearch - ok14:55:06.0774 0x12ac [ 01E1499A7A4FCA7CDE102B60976544C1, E0DFC8F229A3B9235658DC47237715E41FC71DC6F7C0EBB4FF0C632FCA89FB91 ] wuauserv C:\Windows\system32\wuaueng.dll14:55:06.0886 0x12ac wuauserv - ok14:55:06.0910 0x12ac [ AC13CB789D93412106B0FB6C7EB2BCB6, 8F5B0BD0CBBAB182A400F8994D4727BC0C978D749B6429A2D41B412AE97428B6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys14:55:06.0933 0x12ac WUDFRd - ok14:55:06.0979 0x12ac [ 575A4190D989F64732119E4114045A4F, 373C344B106AFDB1E6125A21DFE28CA6CFC77FA87FE904656A4F209DB2ED69C7 ] wudfsvc C:\Windows\System32\WUDFSvc.dll14:55:07.0010 0x12ac wudfsvc - ok14:55:07.0032 0x12ac [ DAB33CFA9DD24251AAA389FF36B64D4B, 1C5D7C3D6C3552BDD52EB7E76031746D7DAAF64CA2432CC23329DA72BE7252D0 ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys14:55:07.0041 0x12ac XAudio - ok14:55:07.0073 0x12ac [ CD5F291A1161F15896D1A4D63DAFF5DF, 4F30DC454F255249431FCD14DE17858A79A088A4084F2CEDD0CF25382D427285 ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe14:55:07.0094 0x12ac XAudioService - ok14:55:07.0104 0x12ac ================ Scan global ===============================14:55:07.0132 0x12ac [ F31EEBC1A1C81FD04005489CC3DCDFE7, 098C35ACFCCE1686C5A6DB6057001CBF8B06A863A0802CB2E9D793F4795F8CEE ] C:\Windows\system32\basesrv.dll14:55:07.0171 0x12ac [ 5DF01708D214FDC0075AD197F1889557, 7E9ABB5C1F873AD3CE4FDB66CA6E2278F966F238CB4E78994D6A2014B10BCAC4 ] C:\Windows\system32\winsrv.dll14:55:07.0214 0x12ac [ 5DF01708D214FDC0075AD197F1889557, 7E9ABB5C1F873AD3CE4FDB66CA6E2278F966F238CB4E78994D6A2014B10BCAC4 ] C:\Windows\system32\winsrv.dll14:55:07.0265 0x12ac [ D4E6D91C1349B7BFB3599A6ADA56851B, 8748091BF27F05D28D45688E04DD9229A4B2E159209A64F457703F66A8CECE4D ] C:\Windows\system32\services.exe14:55:07.0273 0x12ac [ Global ] - ok14:55:07.0274 0x12ac ================ Scan MBR ==================================14:55:07.0299 0x12ac [ 03BA8F890B47C0BE359A4D5A636D214D ] \Device\Harddisk0\DR014:55:07.0839 0x12ac \Device\Harddisk0\DR0 - ok14:55:07.0839 0x12ac ================ Scan VBR ==================================14:55:07.0873 0x12ac [ E30625107FE6AB8675B0F338CA3BEFB1 ] \Device\Harddisk0\DR0\Partition114:55:07.0900 0x12ac \Device\Harddisk0\DR0\Partition1 - ok14:55:07.0929 0x12ac [ 60F98F500C7AE6BD3EC70C13646926C3 ] \Device\Harddisk0\DR0\Partition214:55:07.0955 0x12ac \Device\Harddisk0\DR0\Partition2 - ok14:55:07.0973 0x12ac AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.4.304.0 ), 0x60000 ( disabled : updated )14:55:07.0979 0x12ac Win FW state via NFP2: enabled14:55:07.0980 0x12ac ============================================================14:55:07.0980 0x12ac Scan finished14:55:07.0980 0x12ac ============================================================14:55:07.0995 0x12a4 Detected object count: 114:55:07.0995 0x12a4 Actual detected object count: 114:55:20.0285 0x12a4 HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user14:55:20.0285 0x12a4 HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip Link to post Share on other sites More sharing options...
Maniac Posted December 29, 2013 ID:770341 Share Posted December 29, 2013 Please manually delete FRST, download a new fresh copy and then generate a new fresh log file. Post it in your next reply here. Link to post Share on other sites More sharing options...
stuff2 Posted December 30, 2013 Author ID:770491 Share Posted December 30, 2013 can result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-12-2013 01Ran by zeeland (administrator) on DONNATANAKA-PC on 29-12-2013 18:30:41Running from C:\Users\zeeland\DesktopMicrosoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US)Internet Explorer Version 7Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe(Conexant Systems, Inc.) C:\WINDOWS\System32\drivers\XAudio.exe(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe(Realtek Semiconductor) C:\WINDOWS\RtHDVCpl.exe(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe(OsdMaestro) C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe(Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe() C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe(Toolwiz) C:\Program Files\ToolwizCareFree\ToolwizCares.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Toolwiz.com) C:\Program Files\ToolwizCareFree\ToolwizTools.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Hewlett-Packard Company) C:\hp\KBD\kbd.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\WINDOWS\System32\wuauclt.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)HKLM\...\Run: [RtHDVCpl] - C:\WINDOWS\RtHDVCpl.exe [4874240 2008-01-15] (Realtek Semiconductor)HKLM\...\Run: [hpsysdrv] - C:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)HKLM\...\Run: [KBD] - C:\hp\KBD\KbdStub.exe [65536 2006-12-08] ()HKLM\...\Run: [OsdMaestro] - C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [118784 2007-02-15] (OsdMaestro)HKLM\...\Run: [NvSvc] - RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStartHKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartupHKLM\...\Run: [NvMediaCenter] - RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInitHKLM\...\Run: [HP Health Check Scheduler] - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exeHKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [40048 2007-05-11] (Adobe Systems Incorporated)HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [132760 2007-04-07] (Sun Microsystems, Inc.)HKLM\...\Run: [] - [x]HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\hpwuschd2.exe [49208 2011-10-28] (Hewlett-Packard)HKCU\...\Run: [ToolwizCareFree] - C:\Program Files\ToolwizCareFree\ToolwizCares.exe [5286160 2013-11-26] (Toolwiz)HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenterHKU\Default\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [ 2008-01-18] (Hewlett-Packard)HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenterHKU\Default User\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [ 2008-01-18] (Hewlett-Packard)HKU\Donna Tanaka\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenterHKU\Donna Tanaka\...\Run: [HPAdvisor] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [ 2008-01-18] (Hewlett-Packard)HKU\Guest\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenterHKU\Guest\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [ 2008-01-18] (Hewlett-Packard) Link to post Share on other sites More sharing options...
stuff2 Posted December 30, 2013 Author ID:770494 Share Posted December 30, 2013 Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-12-2013 01Ran by zeeland (administrator) on DONNATANAKA-PC on 29-12-2013 18:37:34Running from C:\Users\zeeland\DesktopMicrosoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US)Internet Explorer Version 7Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe(Conexant Systems, Inc.) C:\WINDOWS\System32\drivers\XAudio.exe(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe(Realtek Semiconductor) C:\WINDOWS\RtHDVCpl.exe(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe(OsdMaestro) C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe(Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe() C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe(Toolwiz) C:\Program Files\ToolwizCareFree\ToolwizCares.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Toolwiz.com) C:\Program Files\ToolwizCareFree\ToolwizTools.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Hewlett-Packard Company) C:\hp\KBD\kbd.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\WINDOWS\System32\wuauclt.exe(Microsoft Corporation) C:\WINDOWS\System32\mcbuilder.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)HKLM\...\Run: [RtHDVCpl] - C:\WINDOWS\RtHDVCpl.exe [4874240 2008-01-15] (Realtek Semiconductor)HKLM\...\Run: [hpsysdrv] - C:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)HKLM\...\Run: [KBD] - C:\hp\KBD\KbdStub.exe [65536 2006-12-08] ()HKLM\...\Run: [OsdMaestro] - C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [118784 2007-02-15] (OsdMaestro)HKLM\...\Run: [NvSvc] - RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStartHKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartupHKLM\...\Run: [NvMediaCenter] - RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInitHKLM\...\Run: [HP Health Check Scheduler] - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exeHKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [40048 2007-05-11] (Adobe Systems Incorporated)HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [132760 2007-04-07] (Sun Microsystems, Inc.)HKLM\...\Run: [] - [x]HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\hpwuschd2.exe [49208 2011-10-28] (Hewlett-Packard)HKCU\...\Run: [ToolwizCareFree] - C:\Program Files\ToolwizCareFree\ToolwizCares.exe [5286160 2013-11-26] (Toolwiz)HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenterHKU\Default\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [ 2008-01-18] (Hewlett-Packard)HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenterHKU\Default User\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [ 2008-01-18] (Hewlett-Packard)HKU\Donna Tanaka\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenterHKU\Donna Tanaka\...\Run: [HPAdvisor] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [ 2008-01-18] (Hewlett-Packard)HKU\Guest\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenterHKU\Guest\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [ 2008-01-18] (Hewlett-Packard) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktopHKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktopHKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htmHKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktopHKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktopSearchScopes: HKLM - DefaultScope {508A4A7F-C702-4AE4-B67F-0343CD614D48} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdtSearchScopes: HKLM - {3A3F7E4B-FA3B-4DDF-9929-8994B6A30D65} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpdSearchScopes: HKLM - {508A4A7F-C702-4AE4-B67F-0343CD614D48} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdtSearchScopes: HKCU - DefaultScope {508A4A7F-C702-4AE4-B67F-0343CD614D48} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdtSearchScopes: HKCU - {3A3F7E4B-FA3B-4DDF-9929-8994B6A30D65} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpdSearchScopes: HKCU - {508A4A7F-C702-4AE4-B67F-0343CD614D48} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdtSearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={A0D24AFC-3F5F-4975-8497-97DD9311F974}&mid=26c3c34aa62147d2b594d157ca21f3b8-cef38b5d3d50a79db66d7f07723e5e77d74d4ff3〈=en&ds=st011&pr=sa&d=2013-12-28 16:48:38&v=14.0.0.12&pid=safeguard&sg=&sap=dsp&q={searchTerms}BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)Toolbar: HKLM - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\14.0.0.12\AVG SafeGuard toolbar_toolbar.dll ()DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cabHandler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\14.0.1\ViProtocol.dll ()Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 Chrome: =======CHR DefaultSearchKeyword: mysearch.avg.comCHR DefaultSearchProvider: AVG Secure SearchCHR DefaultSearchURL: http://mysearch.avg.com/search?cid={A0D24AFC-3F5F-4975-8497-97DD9311F974}&mid=26c3c34aa62147d2b594d157ca21f3b8-cef38b5d3d50a79db66d7f07723e5e77d74d4ff3〈=en&ds=st011&pr=sa&d=2013-12-28 16:48:38&v=14.0.0.12&pid=safeguard&sg=&sap=dsp&q={searchTerms}CHR DefaultNewTabURL: CHR Extension: (Google Docs) - C:\Users\zeeland\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0CHR Extension: (Google Drive) - C:\Users\zeeland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0CHR Extension: (YouTube) - C:\Users\zeeland\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0CHR Extension: (Google Search) - C:\Users\zeeland\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0CHR Extension: (Google Wallet) - C:\Users\zeeland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0CHR Extension: (Bitdefender QuickScan) - C:\Users\zeeland\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.131_0CHR Extension: (Gmail) - C:\Users\zeeland\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG SafeGuard toolbar\ChromeExt\14.0.0.12\avg.crx ========================== Services (Whitelisted) ================= R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [65536 2007-09-19] (Hewlett-Packard)R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)R2 vToolbarUpdater14.0.1; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe [945480 2013-12-28] () ==================== Drivers (Whitelisted) ==================== R1 BTOWSFF; C:\Windows\system32\Drivers\BTOWSFF.sys [27648 2013-11-26] (Toolwiz.com)R0 BTOWSVF; C:\Windows\System32\Drivers\BTOWSVF.sys [45952 2013-11-26] (Toolwiz.com)R0 KSafeDISK; C:\Windows\System32\Drivers\KSafeDISK.sys [48640 2013-11-26] (Toolwiz.com)R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)R1 SCDEmu; C:\Windows\System32\Drivers\SCDEmu.sys [114376 2013-10-23] (Power Software Ltd)S0 22475791; system32\drivers\19334667.sys [x]U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)S3 catchme; \??\C:\Users\zeeland\AppData\Local\Temp\catchme.sys [x]S3 IpInIp; system32\DRIVERS\ipinip.sys [x]S3 MFE_RR; \??\C:\Users\zeeland\AppData\Local\Temp\mfe_rr.sys [x]S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-12-29 18:33 - 2012-06-02 15:19 - 00171904 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll2013-12-29 18:33 - 2012-06-02 15:12 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe2013-12-29 18:33 - 2012-06-02 14:19 - 01933848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll2013-12-29 18:33 - 2012-06-02 14:19 - 00053784 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe2013-12-29 18:33 - 2012-06-02 14:19 - 00045080 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll2013-12-29 18:33 - 2012-06-02 14:12 - 02422272 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll2013-12-29 18:28 - 2013-12-29 18:28 - 01064199 _____ (Farbar) C:\Users\zeeland\Desktop\FRST.exe2013-12-29 18:26 - 2013-12-29 18:27 - 00112023 _____ C:\Users\zeeland\Downloads\FRST.txt2013-12-29 18:05 - 2013-12-29 18:06 - 00002286 _____ C:\Windows\IE9_main.log2013-12-28 19:28 - 2013-12-28 19:29 - 79388215 _____ C:\Users\zeeland\Downloads\create-book.zip2013-12-28 19:28 - 2013-12-28 19:28 - 11326541 _____ C:\Users\zeeland\Downloads\install-mac.zip2013-12-28 19:28 - 2013-12-28 19:28 - 02431989 _____ C:\Users\zeeland\Desktop\add-account.zip2013-12-28 19:20 - 2013-12-28 19:20 - 00436558 _____ C:\Users\zeeland\Downloads\TheKindleProfitSystem.zip2013-12-28 19:20 - 2013-10-29 16:35 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2013-12-28 19:20 - 2013-07-31 19:16 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys2013-12-28 19:20 - 2013-07-31 18:49 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll2013-12-28 19:20 - 2013-06-15 05:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll2013-12-28 19:20 - 2013-06-15 03:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys2013-12-28 19:20 - 2012-05-11 07:57 - 00623616 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll2013-12-28 19:20 - 2011-10-14 08:03 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\winmm.dll2013-12-28 19:20 - 2011-10-14 08:00 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\mciseq.dll2013-12-28 19:20 - 2011-07-29 08:01 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll2013-12-28 19:20 - 2011-07-29 08:01 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax2013-12-28 19:20 - 2011-07-29 08:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\Mpeg2Data.ax2013-12-28 19:20 - 2011-07-29 08:00 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\MSDvbNP.ax2013-12-28 19:19 - 2013-07-20 02:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll2013-12-28 19:12 - 2013-10-29 18:12 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll2013-12-28 19:12 - 2013-10-29 17:43 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys2013-12-28 19:12 - 2013-10-29 16:43 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys2013-12-28 19:12 - 2013-10-23 18:17 - 06119424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2013-12-28 19:12 - 2013-10-23 18:17 - 03626496 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2013-12-28 19:12 - 2013-10-23 18:17 - 01177600 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2013-12-28 19:12 - 2013-10-23 18:17 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2013-12-28 19:12 - 2013-10-23 18:17 - 00671232 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll2013-12-28 19:12 - 2013-10-23 18:17 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2013-12-28 19:12 - 2013-10-23 18:17 - 00480256 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2013-12-28 19:12 - 2013-10-23 18:17 - 00380928 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2013-12-28 19:12 - 2013-10-23 18:17 - 00271872 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2013-12-28 19:12 - 2013-10-23 18:17 - 00193024 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll2013-12-28 19:12 - 2013-10-23 18:17 - 00180736 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2013-12-28 19:12 - 2013-10-23 18:17 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\url.dll2013-12-28 19:12 - 2013-10-23 18:17 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2013-12-28 19:12 - 2013-10-23 18:16 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll2013-12-28 19:12 - 2013-10-23 16:55 - 00389632 _____ (Microsoft Corporation) C:\Windows\system32\html.iec2013-12-28 19:12 - 2013-10-23 16:44 - 01383424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2013-12-28 19:12 - 2013-07-17 11:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll2013-12-28 19:12 - 2013-07-10 01:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll2013-12-28 19:12 - 2013-07-04 19:20 - 00914880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys2013-12-28 19:12 - 2013-07-04 17:43 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys2013-12-28 19:12 - 2012-11-02 02:18 - 00376320 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll2013-12-28 19:12 - 2012-11-02 00:26 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\dpnsvr.exe2013-12-28 19:12 - 2012-09-25 08:19 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll2013-12-28 19:12 - 2012-08-21 03:47 - 00224640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys2013-12-28 19:12 - 2012-06-29 08:01 - 00467968 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll2013-12-28 19:12 - 2012-06-08 09:47 - 11586048 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll2013-12-28 19:12 - 2012-03-20 15:28 - 00053120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys2013-12-28 19:12 - 2011-11-18 09:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll2013-12-28 19:12 - 2011-10-14 08:02 - 00429056 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll2013-12-28 19:11 - 2013-10-21 23:19 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll2013-12-28 19:11 - 2013-10-10 18:08 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL2013-12-28 19:11 - 2013-10-10 18:08 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll2013-12-28 19:11 - 2013-10-10 18:08 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx2013-12-28 19:11 - 2013-10-10 18:08 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wshcon.dll2013-12-28 19:11 - 2013-10-10 18:07 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL2013-12-28 19:11 - 2013-10-10 16:39 - 00218228 _____ C:\Windows\system32\WFP.TMF2013-12-28 19:11 - 2013-10-10 16:35 - 00155648 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe2013-12-28 19:11 - 2013-10-10 16:35 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe2013-12-28 19:11 - 2013-10-03 04:45 - 00993792 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll2013-12-28 19:11 - 2013-10-03 04:45 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll2013-12-28 19:11 - 2013-08-01 20:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL2013-12-28 19:11 - 2013-07-15 20:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll2013-12-28 19:11 - 2013-07-09 04:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll2013-12-28 19:11 - 2013-07-07 20:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe2013-12-28 19:11 - 2013-07-07 20:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe2013-12-28 19:11 - 2013-06-28 18:07 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys2013-12-28 19:11 - 2013-06-28 18:07 - 00197632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys2013-12-28 19:11 - 2013-06-28 18:06 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys2013-12-28 19:11 - 2013-06-26 15:01 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys2013-12-28 19:11 - 2013-06-26 15:01 - 00047720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys2013-12-28 19:11 - 2013-06-26 15:01 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll2013-12-28 19:11 - 2013-06-03 20:16 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll2013-12-28 19:11 - 2013-06-03 17:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll2013-12-28 19:11 - 2013-05-31 20:06 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll2013-12-28 19:11 - 2013-05-01 20:04 - 00443904 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll2013-12-28 19:11 - 2013-05-01 20:03 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\printcom.dll2013-12-28 19:11 - 2013-04-23 20:00 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll2013-12-28 19:11 - 2013-04-23 17:46 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe2013-12-28 19:11 - 2013-03-08 19:45 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll2013-12-28 19:11 - 2013-03-08 17:28 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe2013-12-28 19:11 - 2013-03-03 11:07 - 01082232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys2013-12-28 19:11 - 2012-11-19 20:22 - 00204288 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll2013-12-28 19:11 - 2012-11-07 19:48 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll2013-12-28 19:11 - 2012-11-02 02:19 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll2013-12-28 19:11 - 2012-09-28 08:11 - 00892928 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll2013-12-28 19:11 - 2012-02-29 07:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll2013-12-28 19:11 - 2012-02-29 05:32 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys2013-12-28 19:11 - 2011-12-14 08:17 - 00680448 _____ (Microsoft Corporation) C:\Windows\system32\msvcrt.dll2013-12-28 19:11 - 2011-11-16 08:23 - 00377344 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll2013-12-28 19:11 - 2011-10-25 07:58 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll2013-12-28 19:11 - 2011-08-25 08:15 - 00555520 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll2013-12-28 19:11 - 2011-08-25 08:14 - 00563712 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll2013-12-28 19:11 - 2011-08-25 08:14 - 00238080 _____ (Microsoft Corporation) C:\Windows\system32\oleacc.dll2013-12-28 19:11 - 2011-08-25 05:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\oleaccrc.dll2013-12-28 19:11 - 2011-05-05 05:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys2013-12-28 19:11 - 2011-05-05 05:54 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys2013-12-28 19:10 - 2013-07-07 20:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll2013-12-28 19:10 - 2013-07-07 20:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll2013-12-28 19:10 - 2013-07-07 20:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll2013-12-28 19:10 - 2013-07-03 20:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll2013-12-28 19:10 - 2013-03-07 19:53 - 00376320 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll2013-12-28 19:10 - 2013-03-07 19:52 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll2013-12-28 19:10 - 2013-02-11 17:57 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys2013-12-28 19:10 - 2012-06-05 08:47 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll2013-12-28 19:10 - 2012-06-04 07:26 - 00440704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys2013-12-28 19:10 - 2012-06-01 16:04 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll2013-12-28 19:10 - 2012-05-01 06:03 - 00180736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys2013-12-28 19:10 - 2011-11-16 08:23 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll2013-12-28 19:10 - 2011-11-16 08:21 - 01259008 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll2013-12-28 19:10 - 2011-11-16 06:12 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe2013-12-28 19:05 - 2012-01-09 07:54 - 00613376 _____ (Microsoft Corporation) C:\Windows\system32\rdpencom.dll2013-12-28 17:17 - 2013-12-28 17:17 - 00000000 ____D C:\Users\zeeland\Documents\Ashampoo Burning Studio FREE2013-12-28 16:56 - 2013-12-28 16:56 - 00000844 _____ C:\Users\Public\Desktop\Ashampoo Burning Studio FREE.lnk2013-12-28 16:56 - 2013-12-28 16:56 - 00000000 ____D C:\Users\zeeland\Ashampoo Burning Studio FREE2013-12-28 16:56 - 2013-12-28 16:56 - 00000000 ____D C:\Users\zeeland\AppData\Roaming\Ashampoo2013-12-28 16:56 - 2013-12-28 16:56 - 00000000 ____D C:\Users\zeeland\AppData\Local\ashampoo2013-12-28 16:56 - 2013-12-28 16:56 - 00000000 ____D C:\ProgramData\Ashampoo2013-12-28 16:52 - 2013-12-28 16:52 - 00000000 ____D C:\Users\zeeland\AppData\Roaming\PowerISO2013-12-28 16:50 - 2013-12-28 16:50 - 30465288 _____ (Ashampoo GmbH & Co. KG ) C:\Users\zeeland\Downloads\ashampoo_burning_studio_free_1.12.0_sm.exe2013-12-28 16:48 - 2013-12-28 16:48 - 00031576 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx86.sys2013-12-28 16:48 - 2013-12-28 16:48 - 00000806 _____ C:\Users\Public\Desktop\PowerISO.lnk2013-12-28 16:48 - 2013-12-28 16:48 - 00000000 ____D C:\Users\zeeland\AppData\Local\AVG SafeGuard toolbar2013-12-28 16:48 - 2013-12-28 16:48 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar2013-12-28 16:48 - 2013-12-28 16:48 - 00000000 ____D C:\Program Files\PowerISO2013-12-28 16:48 - 2013-12-28 16:48 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search2013-12-28 16:48 - 2013-12-28 16:48 - 00000000 ____D C:\Program Files\AVG SafeGuard toolbar2013-12-28 16:30 - 2013-12-28 16:30 - 00008224 _____ C:\Windows\system32\GDIPFONTCACHEV1.DAT2013-12-28 14:59 - 2013-12-28 15:01 - 00000000 ___SD C:\ComboFix2013-12-28 14:58 - 2013-12-28 14:58 - 00082513 _____ C:\Users\zeeland\Desktop\12 .28 tdds.txt2013-12-28 14:46 - 2013-12-28 14:46 - 00000000 ____D C:\Windows\system32\vi-VN2013-12-28 14:46 - 2013-12-28 14:46 - 00000000 ____D C:\Windows\system32\eu-ES2013-12-28 14:46 - 2013-12-28 14:46 - 00000000 ____D C:\Windows\system32\ca-ES2013-12-28 14:21 - 2013-12-28 14:21 - 00000000 ____D C:\Windows\system32\EventProviders2013-12-25 19:27 - 2013-12-25 19:27 - 00071451 _____ C:\Users\zeeland\Desktop\FRST 25.txt2013-12-25 19:18 - 2013-12-25 19:18 - 00860176 _____ (Microsoft Corporation) C:\Users\zeeland\Desktop\mssstool32 (1).exe2013-12-25 19:13 - 2013-12-25 19:13 - 11125072 _____ (Microsoft Corporation) C:\Users\zeeland\Downloads\mseinstall (1).exe2013-12-25 19:12 - 2013-12-25 19:13 - 92215576 _____ (Microsoft Corporation) C:\Users\zeeland\Desktop\msert.exe2013-12-25 18:18 - 2011-06-25 22:45 - 00256000 _____ C:\Windows\PEV.exe2013-12-25 18:18 - 2010-11-07 09:20 - 00208896 _____ C:\Windows\MBR.exe2013-12-25 18:18 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe2013-12-25 18:18 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe2013-12-25 18:18 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe2013-12-25 18:18 - 2000-08-30 16:00 - 00098816 _____ C:\Windows\sed.exe2013-12-25 18:18 - 2000-08-30 16:00 - 00080412 _____ C:\Windows\grep.exe2013-12-25 18:18 - 2000-08-30 16:00 - 00068096 _____ C:\Windows\zip.exe2013-12-25 17:08 - 2013-12-25 17:08 - 05158070 ____R (Swearware) C:\Users\zeeland\Downloads\ComboFix.exe2013-12-25 17:08 - 2013-12-25 17:08 - 00000855 _____ C:\Users\zeeland\Desktop\ComboFix - Shortcut.lnk2013-12-25 16:16 - 2013-12-28 14:54 - 00002198 _____ C:\Users\zeeland\Desktop\Rkill.txt2013-12-25 16:10 - 2013-12-25 16:10 - 00000855 _____ C:\Users\zeeland\Desktop\iExplore - Shortcut.lnk2013-12-25 16:00 - 2013-12-25 16:00 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\zeeland\Downloads\iExplore.exe2013-12-25 16:00 - 2013-12-25 16:00 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\zeeland\Desktop\rkill.exe2013-12-23 10:15 - 2013-12-23 10:15 - 04101441 _____ C:\Users\zeeland\Downloads\tdsskiller.zip2013-12-23 10:08 - 2013-12-28 19:04 - 00000000 ____D C:\Windows\Minidump2013-12-23 09:40 - 2013-12-23 10:15 - 00000000 ____D C:\Users\zeeland\Desktop\hp2013-12-23 09:40 - 2013-12-19 13:29 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\zeeland\Desktop\tdsskiller.exe2013-12-23 09:38 - 2013-12-23 09:39 - 00000000 ____D C:\Qoobox2013-12-23 09:37 - 2013-12-23 09:37 - 00000000 ____D C:\Windows\erdnt2013-12-22 11:15 - 2013-12-22 11:15 - 49940480 _____ C:\Program Files\GUT6049.tmp2013-12-22 11:15 - 2013-12-22 11:15 - 00000000 ____D C:\Program Files\GUM6019.tmp2013-12-16 18:23 - 2013-12-16 18:23 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\zeeland\Downloads\tdsskiller (1).exe2013-12-11 12:06 - 2013-12-29 18:37 - 00011179 _____ C:\Users\zeeland\Desktop\FRST.txt2013-12-11 12:06 - 2013-12-11 12:07 - 00017087 _____ C:\Users\zeeland\Desktop\Addition.txt2013-12-11 12:06 - 2013-12-11 12:06 - 00000000 ____D C:\FRST2013-12-04 19:06 - 2013-12-23 10:18 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2013-12-04 19:06 - 2013-12-23 10:18 - 00000000 ____D C:\Users\zeeland\Desktop\mbar2013-12-04 19:06 - 2013-12-23 09:28 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)2013-12-04 19:05 - 2013-12-04 19:05 - 12576792 _____ (Malwarebytes Corp.) C:\Users\zeeland\Downloads\mbar-1.07.0.1007 (1).exe2013-12-04 19:05 - 2013-12-04 19:05 - 12576792 _____ (Malwarebytes Corp.) C:\Users\zeeland\Desktop\16m7bar.exe2013-12-04 19:03 - 2013-12-04 19:03 - 00000000 ____D C:\Users\zeeland\Desktop\help2013-12-04 18:16 - 2013-12-04 18:16 - 00000908 _____ C:\Users\Public\Desktop\may.lnk2013-12-04 18:16 - 2013-12-04 18:16 - 00000000 ____D C:\Users\zeeland\AppData\Roaming\Malwarebytes2013-12-04 18:16 - 2013-12-04 18:16 - 00000000 ____D C:\ProgramData\Malwarebytes2013-12-04 18:16 - 2013-12-04 18:16 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware2013-12-04 18:16 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2013-12-04 18:15 - 2013-12-04 18:15 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\zeeland\Downloads\mbam-setup-1.75.0.1300.exe2013-12-04 18:08 - 2013-12-04 18:08 - 00001917 _____ C:\Users\zeeland\Desktop\aswMBR.txt2013-12-04 18:04 - 2013-12-04 18:04 - 00000104 _____ C:\Users\zeeland\Documents\Recycle Bin - Shortcut.lnk2013-12-01 15:29 - 2013-12-01 15:29 - 00002384 _____ C:\Users\zeeland\Desktop\attach.txt2013-12-01 15:29 - 2013-12-01 15:28 - 00010298 _____ C:\Users\zeeland\Desktop\dds.txt2013-12-01 15:28 - 2013-12-01 15:28 - 00081276 _____ C:\Users\zeeland\Downloads\2.xps2013-12-01 12:53 - 2013-12-01 12:53 - 00688992 ____R (Swearware) C:\Users\zeeland\Desktop\dds.com2013-12-01 12:53 - 2013-12-01 12:53 - 00688992 _____ (Swearware) C:\Users\zeeland\Downloads\dds.scr2013-12-01 12:40 - 2009-04-10 22:33 - 00986600 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe2013-12-01 12:40 - 2009-04-10 22:33 - 00926184 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe2013-12-01 12:40 - 2009-04-10 22:33 - 00614376 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll2013-12-01 12:40 - 2009-04-10 22:32 - 00438744 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll2013-12-01 12:40 - 2009-04-10 22:28 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\WinSAT.exe2013-12-01 12:40 - 2009-04-10 22:28 - 03174400 _____ (Microsoft Corporation) C:\Windows\system32\netshell.dll2013-12-01 12:40 - 2009-04-10 22:28 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll2013-12-01 12:40 - 2009-04-10 22:28 - 02167808 _____ (Microsoft Corporation) C:\Windows\system32\mmcndmgr.dll2013-12-01 12:40 - 2009-04-10 22:28 - 02134528 _____ (Microsoft Corporation) C:\Windows\system32\FunctionDiscoveryFolder.dll2013-12-01 12:40 - 2009-04-10 22:28 - 02012160 _____ (Microsoft Corporation) C:\Windows\system32\milcore.dll2013-12-01 12:40 - 2009-04-10 22:28 - 01985024 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll2013-12-01 12:40 - 2009-04-10 22:28 - 01856512 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll2013-12-01 12:40 - 2009-04-10 22:28 - 01788416 _____ (Microsoft Corporation) C:\Windows\system32\d3d9.dll2013-12-01 12:40 - 2009-04-10 22:28 - 01730560 _____ (Microsoft Corporation) C:\Windows\system32\apds.dll2013-12-01 12:40 - 2009-04-10 22:28 - 01591296 _____ (Microsoft Corporation) C:\Windows\system32\setupapi.dll2013-12-01 12:40 - 2009-04-10 22:28 - 01589248 _____ (Microsoft Corporation) C:\Windows\system32\msjet40.dll2013-12-01 12:40 - 2009-04-10 22:28 - 01576960 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll2013-12-01 12:40 - 2009-04-10 22:28 - 01524736 _____ (Microsoft Corporation) C:\Windows\system32\WindowsAnytimeUpgradeCPL.dll2013-12-01 12:40 - 2009-04-10 22:28 - 01480704 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll2013-12-01 12:40 - 2009-04-10 22:28 - 01459200 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll2013-12-01 12:40 - 2009-04-10 22:28 - 01381376 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll2013-12-01 12:40 - 2009-04-10 22:28 - 01324032 _____ (Microsoft Corporation) C:\Windows\system32\browseui.dll2013-12-01 12:40 - 2009-04-10 22:28 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\AuxiliaryDisplayCpl.dll2013-12-01 12:40 - 2009-04-10 22:28 - 01209856 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll2013-12-01 12:40 - 2009-04-10 22:28 - 01112064 _____ (Microsoft Corporation) C:\Windows\system32\CertEnroll.dll2013-12-01 12:40 - 2009-04-10 22:28 - 01086464 _____ (Microsoft Corporation) C:\Windows\system32\NetProjW.dll2013-12-01 12:40 - 2009-04-10 22:28 - 01081344 _____ (Microsoft Corporation) C:\Windows\system32\SLCExt.dll2013-12-01 12:40 - 2009-04-10 22:28 - 01078784 _____ (Microsoft Corporation) C:\Windows\system32\diagperf.dll2013-12-01 12:40 - 2009-04-10 22:28 - 01077248 _____ (Microsoft Corporation) C:\Windows\system32\vssapi.dll2013-12-01 12:40 - 2009-04-10 22:28 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll2013-12-01 12:40 - 2009-04-10 22:28 - 01055232 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe2013-12-01 12:40 - 2009-04-10 22:28 - 01053696 _____ (Microsoft Corporation) C:\Windows\system32\msdtctm.dll2013-12-01 12:40 - 2009-04-10 22:28 - 01017856 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00978432 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00968192 _____ (Microsoft Corporation) C:\Windows\system32\wcnwiz2.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00950784 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00928768 _____ (Microsoft Corporation) C:\Windows\system32\scavenge.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\RacEngn.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00807424 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00805376 _____ (Microsoft Corporation) C:\Windows\system32\NaturalLanguage6.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00758784 _____ (Microsoft Corporation) C:\Windows\system32\qmgr.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00747008 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL2013-12-01 12:40 - 2009-04-10 22:28 - 00677376 _____ (Microsoft Corporation) C:\Windows\system32\imapi2fs.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00670720 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00644608 _____ (Microsoft Corporation) C:\Windows\system32\p2psvc.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00643072 _____ (Microsoft Corporation) C:\Windows\system32\msrepl40.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00627712 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00618496 _____ (Microsoft Corporation) C:\Windows\system32\mswstr10.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2VDEC.DLL2013-12-01 12:40 - 2009-04-10 22:28 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00582144 _____ (Microsoft Corporation) C:\Windows\system32\SLCommDlg.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\emdmgmt.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00558080 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00550400 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\sqlsrv32.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00483328 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\DevicePairing.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00476672 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00472064 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00469504 _____ (Microsoft Corporation) C:\Windows\system32\newdev.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00466944 _____ (Microsoft Corporation) C:\Windows\system32\riched20.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\msxbde40.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00454144 _____ (Microsoft) C:\Windows\system32\IasMigPlugin.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00409600 _____ (Microsoft Corporation) C:\Windows\system32\msexch40.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00407552 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\msvcp60.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00398848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00385536 _____ (Microsoft Corporation) C:\Windows\system32\vds.exe2013-12-01 12:40 - 2009-04-10 22:28 - 00378368 _____ (Microsoft Corporation) C:\Windows\system32\imapi2.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00378368 _____ (Microsoft Corporation) C:\Windows\system32\devmgr.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00368640 _____ (Microsoft Corporation) C:\Windows\system32\mspbde40.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\SLUI.exe2013-12-01 12:40 - 2009-04-10 22:28 - 00351744 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\msrd3x40.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00339968 _____ (Microsoft Corporation) C:\Windows\system32\msexcl40.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00334848 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL2013-12-01 12:40 - 2009-04-10 22:28 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\P2PGraph.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00324608 _____ (Microsoft Corporation) C:\Windows\system32\sdohlp.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00321536 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00319488 _____ (Microsoft Corporation) C:\Windows\system32\msrd2x40.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00311808 _____ (Microsoft Corporation) C:\Windows\system32\swprv.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\QAGENTRT.DLL2013-12-01 12:40 - 2009-04-10 22:28 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\srchadmin.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\photowiz.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\WscEapPr.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\msjtes40.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\spinstall.exe2013-12-01 12:40 - 2009-04-10 22:28 - 00282624 _____ (Microsoft Corporation) C:\Windows\system32\mstext40.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00268800 _____ (Microsoft Corporation) C:\Windows\system32\es.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00250368 _____ (Microsoft Corporation) C:\Windows\system32\wevtapi.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\msltus40.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00228352 _____ (Microsoft Corporation) C:\Windows\system32\SLC.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00203264 _____ (Microsoft Corporation) C:\Windows\system32\uDWM.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00203264 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00199168 _____ (Microsoft Corporation) C:\Windows\system32\adsldpc.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\sperror.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00165376 _____ (Microsoft Corporation) C:\Windows\system32\WcnNetsh.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\spwizui.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\wevtutil.exe2013-12-01 12:40 - 2009-04-10 22:28 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\spoolss.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\korwbrkr.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\nlhtml.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\EhStorAPI.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\iasrecst.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00117248 _____ C:\Windows\system32\EhStorAuthn.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\AuxiliaryDisplayDriverLib.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\EhStorShell.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\spreview.exe2013-12-01 12:40 - 2009-04-10 22:28 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\AuxiliaryDisplayServices.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\fdBth.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\msctfp.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\propdefs.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\slwmi.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\xmlfilter.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\DevicePairingProxy.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\EhStorPwdMgr.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\msscb.dll2013-12-01 12:40 - 2009-04-10 22:28 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\fdBthProxy.dll2013-12-01 12:40 - 2009-04-10 22:27 - 03408896 _____ (Microsoft Corporation) C:\Windows\system32\SLsvc.exe2013-12-01 12:40 - 2009-04-10 22:27 - 02926592 _____ (Microsoft Corporation) C:\Windows\explorer.exe2013-12-01 12:40 - 2009-04-10 22:27 - 02092544 _____ (Microsoft Corporation) C:\Windows\system32\dfsr.exe2013-12-01 12:40 - 2009-04-10 22:27 - 01792512 _____ (Microsoft Corporation) C:\Windows\system32\mmc.exe2013-12-01 12:40 - 2009-04-10 22:27 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\mblctr.exe2013-12-01 12:40 - 2009-04-10 22:27 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\Magnify.exe2013-12-01 12:40 - 2009-04-10 22:27 - 00666624 _____ (Microsoft Corporation) C:\Windows\system32\printfilterpipelinesvc.exe2013-12-01 12:40 - 2009-04-10 22:27 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\bthprops.cpl2013-12-01 12:40 - 2009-04-10 22:27 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe2013-12-01 12:40 - 2009-04-10 22:27 - 00518144 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe2013-12-01 12:40 - 2009-04-10 22:27 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\IasMigReader.exe2013-12-01 12:40 - 2009-04-10 22:27 - 00441344 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe2013-12-01 12:40 - 2009-04-10 22:27 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe2013-12-01 12:40 - 2009-04-10 22:27 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe2013-12-01 12:40 - 2009-04-10 22:27 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\eudcedit.exe2013-12-01 12:40 - 2009-04-10 22:27 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\drvinst.exe2013-12-01 12:40 - 2009-04-10 22:27 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe2013-12-01 12:40 - 2009-04-10 22:27 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\PresentationSettings.exe2013-12-01 12:40 - 2009-04-10 22:27 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe2013-12-01 12:40 - 2009-04-10 22:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\DevicePairingWizard.exe2013-12-01 12:40 - 2009-04-10 22:27 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\compcln.exe2013-12-01 12:40 - 2009-04-10 22:22 - 00883712 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME2013-12-01 12:40 - 2009-04-10 21:03 - 12240896 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons0007.dll Link to post Share on other sites More sharing options...
stuff2 Posted December 30, 2013 Author ID:770495 Share Posted December 30, 2013 2013-12-01 12:40 - 2009-04-10 21:03 - 02644480 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons0009.dll2013-12-01 12:40 - 2009-04-10 20:48 - 00344698 _____ C:\Windows\system32\eaphost.tmf2013-12-01 12:40 - 2009-04-10 20:43 - 00442788 _____ C:\Windows\system32\dot3.tmf2013-12-01 12:40 - 2009-04-10 20:43 - 00392170 _____ C:\Windows\system32\onex.tmf2013-12-01 12:40 - 2009-04-10 20:42 - 00561152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys2013-12-01 12:40 - 2009-04-10 20:42 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS2013-12-01 12:40 - 2009-04-10 20:14 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys2013-12-01 12:40 - 2009-04-10 20:14 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys2013-12-01 12:40 - 2009-04-10 18:52 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spsys.sys2013-12-01 12:40 - 2009-04-10 17:59 - 00107612 _____ C:\Windows\system32\StructuredQuerySchema.bin2013-12-01 12:40 - 2009-04-10 17:54 - 03662128 _____ C:\Windows\system32\locale.nls2013-12-01 12:40 - 2009-03-06 17:11 - 00130008 _____ C:\Windows\system32\systemsf.ebd2013-12-01 12:40 - 2009-02-19 16:20 - 00009239 _____ C:\Windows\system32\spcinstrumentation.man2013-12-01 12:40 - 2009-02-18 10:39 - 00779136 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll2013-12-01 12:40 - 2009-02-18 10:38 - 11967524 _____ C:\Windows\system32\korwbrkr.lex2013-12-01 12:40 - 2009-02-18 10:38 - 00619864 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe2013-12-01 12:40 - 2009-02-18 10:38 - 00099680 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll2013-12-01 12:39 - 2009-04-10 22:33 - 00292840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys2013-12-01 12:39 - 2009-04-10 22:32 - 00527848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys2013-12-01 12:39 - 2009-04-10 22:32 - 00265688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys2013-12-01 12:39 - 2009-04-10 22:32 - 00245736 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys2013-12-01 12:39 - 2009-04-10 22:32 - 00190424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys2013-12-01 12:39 - 2009-04-10 22:32 - 00180712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys2013-12-01 12:39 - 2009-04-10 22:32 - 00161752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys2013-12-01 12:39 - 2009-04-10 22:32 - 00149480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys2013-12-01 12:39 - 2009-04-10 22:32 - 00141288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ecache.sys2013-12-01 12:39 - 2009-04-10 22:32 - 00125928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys2013-12-01 12:39 - 2009-04-10 22:32 - 00122344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Storport.sys2013-12-01 12:39 - 2009-04-10 22:32 - 00109032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys2013-12-01 12:39 - 2009-04-10 22:32 - 00099816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS2013-12-01 12:39 - 2009-04-10 22:32 - 00053736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys2013-12-01 12:39 - 2009-04-10 22:32 - 00053224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys2013-12-01 12:39 - 2009-04-10 22:32 - 00050664 _____ (Microsoft Corporation) C:\Windows\system32\PSHED.DLL2013-12-01 12:39 - 2009-04-10 22:32 - 00048104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mup.sys2013-12-01 12:39 - 2009-04-10 22:32 - 00043496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pciidex.sys2013-12-01 12:39 - 2009-04-10 22:32 - 00035304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys2013-12-01 12:39 - 2009-04-10 22:32 - 00027624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Dumpata.sys2013-12-01 12:39 - 2009-04-10 22:32 - 00019944 _____ (Microsoft Corporation) C:\Windows\system32\kdusb.dll2013-12-01 12:39 - 2009-04-10 22:32 - 00019944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\atapi.sys2013-12-01 12:39 - 2009-04-10 22:32 - 00017896 _____ (Microsoft Corporation) C:\Windows\system32\kd1394.dll2013-12-01 12:39 - 2009-04-10 22:32 - 00017384 _____ (Microsoft Corporation) C:\Windows\system32\kdcom.dll2013-12-01 12:39 - 2009-04-10 22:32 - 00014312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pciide.sys2013-12-01 12:39 - 2009-04-10 22:28 - 06103040 _____ (Microsoft Corporation) C:\Windows\system32\chtbrkr.dll2013-12-01 12:39 - 2009-04-10 22:28 - 03072000 _____ (Microsoft Corporation) C:\Windows\system32\networkmap.dll2013-12-01 12:39 - 2009-04-10 22:28 - 02515968 _____ (Microsoft Corporation) C:\Windows\system32\accessibilitycpl.dll2013-12-01 12:39 - 2009-04-10 22:28 - 02226688 _____ (Microsoft Corporation) C:\Windows\system32\networkexplorer.dll2013-12-01 12:39 - 2009-04-10 22:28 - 02225664 _____ (Microsoft Corporation) C:\Windows\system32\netcenter.dll2013-12-01 12:39 - 2009-04-10 22:28 - 02205184 _____ (Microsoft Corporation) C:\Windows\system32\SyncCenter.dll2013-12-01 12:39 - 2009-04-10 22:28 - 02153472 _____ (Microsoft Corporation) C:\Windows\system32\oobefldr.dll2013-12-01 12:39 - 2009-04-10 22:28 - 01823744 _____ (Microsoft Corporation) C:\Windows\system32\pnidui.dll2013-12-01 12:39 - 2009-04-10 22:28 - 01671680 _____ (Microsoft Corporation) C:\Windows\system32\wlanpref.dll2013-12-01 12:39 - 2009-04-10 22:28 - 01671680 _____ (Microsoft Corporation) C:\Windows\system32\chsbrkr.dll2013-12-01 12:39 - 2009-04-10 22:28 - 01645568 _____ (Microsoft Corporation) C:\Windows\system32\connect.dll2013-12-01 12:39 - 2009-04-10 22:28 - 01580544 _____ (Microsoft Corporation) C:\Windows\system32\wpccpl.dll2013-12-01 12:39 - 2009-04-10 22:28 - 01575936 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL2013-12-01 12:39 - 2009-04-10 22:28 - 01544704 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll2013-12-01 12:39 - 2009-04-10 22:28 - 01541120 _____ (Microsoft Corporation) C:\Windows\system32\onex.dll2013-12-01 12:39 - 2009-04-10 22:28 - 01533440 _____ (Microsoft Corporation) C:\Windows\system32\wcnwiz.dll2013-12-01 12:39 - 2009-04-10 22:28 - 01502720 _____ (Microsoft Corporation) C:\Windows\system32\certmgr.dll2013-12-01 12:39 - 2009-04-10 22:28 - 01382912 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL2013-12-01 12:39 - 2009-04-10 22:28 - 01342464 _____ (Microsoft Corporation) C:\Windows\system32\brcpl.dll2013-12-01 12:39 - 2009-04-10 22:28 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\PerfCenterCPL.dll2013-12-01 12:39 - 2009-04-10 22:28 - 01224192 _____ (Microsoft Corporation) C:\Windows\system32\sud.dll2013-12-01 12:39 - 2009-04-10 22:28 - 01152000 _____ (Microsoft Corporation) C:\Windows\system32\themecpl.dll2013-12-01 12:39 - 2009-04-10 22:28 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\wercon.exe2013-12-01 12:39 - 2009-04-10 22:28 - 01123840 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll2013-12-01 12:39 - 2009-04-10 22:28 - 01107968 _____ (Microsoft Corporation) C:\Windows\system32\pidgenx.dll2013-12-01 12:39 - 2009-04-10 22:28 - 01020928 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00996352 _____ (Microsoft Corporation) C:\Windows\system32\WMNetMgr.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00971264 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00876032 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00869888 _____ (Microsoft Corporation) C:\Windows\system32\printui.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00860160 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe2013-12-01 12:39 - 2009-04-10 22:28 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\mswdat10.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00852992 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\systemcpl.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00825856 _____ (Microsoft Corporation) C:\Windows\system32\rasdlg.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00777216 _____ (Microsoft Corporation) C:\Windows\system32\slcc.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00759296 _____ (Microsoft Corporation) C:\Windows\system32\ipsecsnp.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\azroles.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\powercpl.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00712704 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00657408 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL2013-12-01 12:39 - 2009-04-10 22:28 - 00642560 _____ (Microsoft Corporation) C:\Windows\system32\rasgcw.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00638976 _____ (Microsoft Corporation) C:\Windows\system32\Utilman.exe2013-12-01 12:39 - 2009-04-10 22:28 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\CertEnrollUI.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00593408 _____ (Microsoft Corporation) C:\Windows\system32\comuid.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00586752 _____ (Microsoft Corporation) C:\Windows\system32\stobject.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00560640 _____ (Microsoft Corporation) C:\Windows\system32\msdtcprx.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00551936 _____ (Microsoft Corporation) C:\Windows\system32\prnntfy.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00547840 _____ (Microsoft Corporation) C:\Windows\system32\wiaaut.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00542720 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00542208 _____ (Microsoft Corporation) C:\Windows\system32\pnpui.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00533504 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00532992 _____ (Microsoft Corporation) C:\Windows\system32\wpcao.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00516608 _____ (Microsoft Corporation) C:\Windows\system32\autoplay.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00507904 _____ (Microsoft Corporation) C:\Windows\system32\vdsdyn.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00481792 _____ (Microsoft Corporation) C:\Windows\system32\cmdial32.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00464384 _____ (Microsoft Corporation) C:\Windows\system32\pcaui.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\wiaservc.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00450560 _____ (Microsoft Corporation) C:\Windows\system32\comdlg32.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00449024 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\ncryptui.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00444416 _____ (Microsoft Corporation) C:\Windows\system32\dsound.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00425472 _____ (Microsoft Corporation) C:\Windows\system32\shwebsvc.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00425472 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\wcncsvc.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00399360 _____ (Microsoft Corporation) C:\Windows\system32\wlangpui.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\ipsmsnap.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00378368 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00376832 _____ (Microsoft Corporation) C:\Windows\system32\rasplap.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00368640 _____ C:\Windows\system32\msjetoledb40.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00364032 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL2013-12-01 12:39 - 2009-04-10 22:28 - 00356864 _____ (Microsoft Corporation) C:\Windows\system32\MediaMetadataHandler.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00347648 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00342528 _____ (Microsoft Corporation) C:\Windows\system32\zipfldr.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\RelMon.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00332288 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00323584 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00314368 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe2013-12-01 12:39 - 2009-04-10 22:28 - 00313344 _____ (Microsoft Corporation) C:\Windows\system32\thawbrkr.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\mtxclu.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\wmpeffects.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\modemui.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00287744 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00286720 _____ (Microsoft Corporation) C:\Windows\system32\rasapi32.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00282624 _____ (Microsoft Corporation) C:\Windows\system32\w32time.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00281088 _____ (Microsoft Corporation) C:\Windows\system32\raschap.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\SnippingTool.exe2013-12-01 12:39 - 2009-04-10 22:28 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00273920 _____ (Microsoft Corporation) C:\Windows\system32\wow32.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\rasmans.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\rasppp.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\iassdo.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\scansetting.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\wisptis.exe2013-12-01 12:39 - 2009-04-10 22:28 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\tapisrv.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00242176 _____ (Microsoft Corporation) C:\Windows\system32\pdh.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceApi.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00233984 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\wscntfy.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00222720 _____ (Microsoft Corporation) C:\Windows\system32\umpnpmgr.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\mscandui.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00217600 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe2013-12-01 12:39 - 2009-04-10 22:28 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00204288 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\wlanui.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00200704 _____ (Microsoft Corporation) C:\Windows\system32\input.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00197632 _____ (Microsoft Corporation) C:\Windows\system32\SndVol.exe2013-12-01 12:39 - 2009-04-10 22:28 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\offfilt.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00193024 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\SLLUA.exe2013-12-01 12:39 - 2009-04-10 22:28 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\iassam.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00181760 _____ (Microsoft Corporation) C:\Windows\system32\pnpsetup.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00180736 _____ (Microsoft Corporation) C:\Windows\system32\netplwiz.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00178176 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00177664 _____ (Microsoft Corporation) C:\Windows\system32\WSDMon.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\scecli.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00175616 _____ (Microsoft Corporation) C:\Windows\system32\dot3svc.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00171008 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\tcpipcfg.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\puiapi.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00163328 _____ (Microsoft Corporation) C:\Windows\system32\msutb.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceTypes.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\iasrad.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\rasmontr.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00153088 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00153088 _____ (Microsoft Corporation) C:\Windows\system32\fundisc.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\MMDevAPI.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iasnap.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\spp.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\fontext.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\wusa.exe2013-12-01 12:39 - 2009-04-10 22:28 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wpcsvc.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\scksp.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00137728 _____ (Microsoft Corporation) C:\Windows\system32\dsprop.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\eappcfg.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\tcpmon.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00134656 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\extmgr.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00130560 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\vdsutil.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\wersvc.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\softkbd.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00121344 _____ (Microsoft Corporation) C:\Windows\system32\ntmarta.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\odbccp32.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\imm32.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\userenv.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\imapi.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00107008 _____ (Microsoft Corporation) C:\Windows\system32\regsvc.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00107008 _____ (Microsoft Corporation) C:\Windows\system32\rdpwsx.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\dmsynth.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\sysclass.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00101888 _____ (Microsoft Corporation) C:\Windows\system32\dmusic.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\shsetup.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\ulib.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\powrprof.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\oleprn.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mprapi.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00095232 _____ (Microsoft Corporation) C:\Windows\system32\SCardSvr.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceClassExtension.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\IPHLPAPI.DLL2013-12-01 12:39 - 2009-04-10 22:28 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\wshext.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\olepro32.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\msctfui.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mstlsapi.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00083456 _____ (Microsoft) C:\Windows\system32\SMBHelperClass.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\wlgpclnt.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\authz.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\iassvcs.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\dot3msm.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\iashlpr.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\sendmail.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\rastapi.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\PNPXAssoc.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\fdWCN.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\mpr.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\fdSSDP.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\regapi.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\fdWSD.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\wscsvc.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\msjter40.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\SLUINotify.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\iasacct.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\iasads.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Storprop.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\feclient.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\fdeploy.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\rasdiag.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\mmci.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\wsnmp32.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\dot3cfg.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\l2nacp.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\iasdatastore.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\bthci.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\dataclen.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msstrc.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\slcinst.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\mimefilt.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\hbaapi.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\odbcconf.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\bthserv.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\certprop.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\networkitemfactory.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\TSTheme.exe2013-12-01 12:39 - 2009-04-10 22:28 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\rtffilt.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\wshbth.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iaspolcy.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\wscapi.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\perfdisk.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\cscapi.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\bitsigd.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\whealogr.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\msimtf.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\ifmon.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\wsepno.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\uxsms.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\printfilterpipelineprxy.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\hidserv.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\msjint40.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\fdProxy.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\cscdll.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\wsdchngr.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\version.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\winrnr.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\NcdProp.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\MsCtfMonitor.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wscisvif.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\vdmdbg.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\midimap.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\msisip.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\spcmsg.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mmcico.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\slwga.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\spwinsat.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll2013-12-01 12:39 - 2009-04-10 22:28 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\CHxReadingStringIME.dll2013-12-01 12:39 - 2009-04-10 22:27 - 01827840 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2013-12-01 12:39 - 2009-04-10 22:27 - 01689600 _____ (Microsoft Corporation) C:\Windows\system32\wscui.cpl2013-12-01 12:39 - 2009-04-10 22:27 - 01122304 _____ (Microsoft Corporation) C:\Windows\system32\appwiz.cpl2013-12-01 12:39 - 2009-04-10 22:27 - 01102848 _____ (Microsoft Corporation) C:\Windows\system32\mmsys.cpl2013-12-01 12:39 - 2009-04-10 22:27 - 00714240 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl2013-12-01 12:39 - 2009-04-10 22:27 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\PhotoScreensaver.scr2013-12-01 12:39 - 2009-04-10 22:27 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\autoconv.exe2013-12-01 12:39 - 2009-04-10 22:27 - 00643072 _____ (Microsoft Corporation) C:\Windows\system32\autochk.exe2013-12-01 12:39 - 2009-04-10 22:27 - 00636416 _____ (Microsoft Corporation) C:\Windows\system32\autofmt.exe2013-12-01 12:39 - 2009-04-10 22:27 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\sethc.exe2013-12-01 12:39 - 2009-04-10 22:27 - 00408064 _____ (Microsoft Corporation) C:\Windows\system32\msinfo32.exe2013-12-01 12:39 - 2009-04-10 22:27 - 00407040 _____ (Microsoft Corporation) C:\Windows\system32\dpapimig.exe2013-12-01 12:39 - 2009-04-10 22:27 - 00389632 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx2013-12-01 12:39 - 2009-04-10 22:27 - 00280064 _____ (Microsoft Corporation) C:\Windows\system32\unimdm.tsp2013-12-01 12:39 - 2009-04-10 22:27 - 00279552 _____ (Microsoft Corporation) C:\Windows\system32\services.exe2013-12-01 12:39 - 2009-04-10 22:27 - 00258048 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv2013-12-01 12:39 - 2009-04-10 22:27 - 00241128 _____ (Microsoft Corporation) C:\Windows\system32\rsaenh.dll2013-12-01 12:39 - 2009-04-10 22:27 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\diskraid.exe2013-12-01 12:39 - 2009-04-10 22:27 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\certreq.exe2013-12-01 12:39 - 2009-04-10 22:27 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe2013-12-01 12:39 - 2009-04-10 22:27 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\wdmaud.drv2013-12-01 12:39 - 2009-04-10 22:27 - 00130024 _____ (Microsoft Corporation) C:\Windows\system32\basecsp.dll2013-12-01 12:39 - 2009-04-10 22:27 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\gpresult.exe2013-12-01 12:39 - 2009-04-10 22:27 - 00119808 _____ (Microsoft Corporation) C:\Windows\system32\diskpart.exe2013-12-01 12:39 - 2009-04-10 22:27 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\logagent.exe2013-12-01 12:39 - 2009-04-10 22:27 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\Kswdmcap.ax2013-12-01 12:39 - 2009-04-10 22:27 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe2013-12-01 12:39 - 2009-04-10 22:27 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\nslookup.exe2013-12-01 12:39 - 2009-04-10 22:27 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\dwm.exe2013-12-01 12:39 - 2009-04-10 22:27 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\MSNP.ax2013-12-01 12:39 - 2009-04-10 22:27 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\hdwwiz.exe2013-12-01 12:39 - 2009-04-10 22:27 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\newdev.exe2013-12-01 12:39 - 2009-04-10 22:27 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe2013-12-01 12:39 - 2009-04-10 22:27 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\conime.exe2013-12-01 12:39 - 2009-04-10 22:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\reg.exe2013-12-01 12:39 - 2009-04-10 22:27 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\findstr.exe2013-12-01 12:39 - 2009-04-10 22:27 - 00058368 _____ (Microsoft Corporation) C:\Windows\system32\PnPUnattend.exe2013-12-01 12:39 - 2009-04-10 22:27 - 00058368 _____ (Microsoft Corporation) C:\Windows\system32\cipher.exe2013-12-01 12:39 - 2009-04-10 22:27 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe2013-12-01 12:39 - 2009-04-10 22:27 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\cmmon32.exe2013-12-01 12:39 - 2009-04-10 22:27 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\csrstub.exe2013-12-01 12:39 - 2009-04-10 22:27 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cbsra.exe2013-12-01 12:39 - 2009-04-10 22:27 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\rekeywiz.exe2013-12-01 12:39 - 2009-04-10 22:27 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\ftp.exe2013-12-01 12:39 - 2009-04-10 22:27 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\ocsetup.exe2013-12-01 12:39 - 2009-04-10 22:27 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\bthudtask.exe2013-12-01 12:39 - 2009-04-10 22:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\PnPutil.exe2013-12-01 12:39 - 2009-04-10 22:27 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\ipconfig.exe2013-12-01 12:39 - 2009-04-10 22:27 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\DeviceEject.exe2013-12-01 12:39 - 2009-04-10 22:27 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\msacm32.drv2013-12-01 12:39 - 2009-04-10 22:27 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\fc.exe2013-12-01 12:39 - 2009-04-10 22:27 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\rasdial.exe2013-12-01 12:39 - 2009-04-10 22:27 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\gpupdate.exe2013-12-01 12:39 - 2009-04-10 22:23 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime2013-12-01 12:39 - 2009-04-10 22:23 - 00124928 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime2013-12-01 12:39 - 2009-04-10 22:23 - 00124928 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime2013-12-01 12:39 - 2009-04-10 22:23 - 00124928 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime2013-12-01 12:39 - 2009-04-10 22:23 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime2013-12-01 12:39 - 2009-04-10 22:22 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime2013-12-01 12:39 - 2009-04-10 22:22 - 00124928 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime2013-12-01 12:39 - 2009-04-10 22:22 - 00124928 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime2013-12-01 12:39 - 2009-04-10 22:22 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\f3ahvoas.dll2013-12-01 12:39 - 2009-04-10 21:42 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bridge.sys2013-12-01 12:39 - 2009-04-10 20:46 - 00121344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiswan.sys2013-12-01 12:39 - 2009-04-10 20:46 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rassstp.sys2013-12-01 12:39 - 2009-04-10 20:46 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspppoe.sys2013-12-01 12:39 - 2009-04-10 20:46 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys2013-12-01 12:39 - 2009-04-10 20:45 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys2013-12-01 12:39 - 2009-04-10 20:45 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys2013-12-01 12:39 - 2009-04-10 20:45 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys2013-12-01 12:39 - 2009-04-10 20:45 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys2013-12-01 12:39 - 2009-04-10 20:45 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\smb.sys2013-12-01 12:39 - 2009-04-10 20:43 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys2013-12-01 12:39 - 2009-04-10 20:43 - 00062208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ohci1394.sys2013-12-01 12:39 - 2009-04-10 20:42 - 00052992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys2013-12-01 12:39 - 2009-04-10 20:42 - 00025856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBCAMD2.sys2013-12-01 12:39 - 2009-04-10 20:42 - 00025856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBCAMD.sys2013-12-01 12:39 - 2009-04-10 20:39 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdrom.sys2013-12-01 12:39 - 2009-04-10 20:39 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys2013-12-01 12:39 - 2009-04-10 20:39 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\iscsilog.dll2013-12-01 12:39 - 2009-04-10 20:38 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys2013-12-01 12:39 - 2009-04-10 20:27 - 00002560 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll2013-12-01 12:39 - 2009-04-10 20:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxg.sys2013-12-01 12:39 - 2009-04-10 20:22 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\watchdog.sys2013-12-01 12:39 - 2009-04-10 20:14 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys2013-12-01 12:39 - 2009-04-10 20:13 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys2013-12-01 12:39 - 2009-04-10 20:13 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys2013-12-01 12:39 - 2009-04-10 20:13 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys2013-12-01 12:39 - 2009-04-10 20:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll2013-12-01 12:39 - 2009-04-10 17:59 - 00018904 _____ C:\Windows\system32\StructuredQuerySchemaTrivial.bin2013-12-01 12:39 - 2009-03-29 20:42 - 00155456 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll2013-12-01 12:39 - 2009-03-29 20:42 - 00080720 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll2013-12-01 12:39 - 2009-02-19 16:20 - 00009212 _____ C:\Windows\system32\RacUR.xml2013-12-01 12:39 - 2009-02-18 10:43 - 00000153 _____ C:\Windows\system32\RacUREx.xml2013-12-01 12:39 - 2009-02-18 10:39 - 00092918 _____ C:\Windows\system32\slmgr.vbs2013-12-01 12:39 - 2009-02-18 10:39 - 00035680 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe2013-12-01 12:39 - 2009-02-18 10:38 - 00035168 _____ (Microsoft Corporation) C:\Windows\system32\infocardcpl.cpl2013-12-01 12:39 - 2009-02-18 10:38 - 00009048 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll2013-12-01 12:38 - 2009-04-10 22:28 - 00705536 _____ (Microsoft Corporation) C:\Windows\system32\SmiEngine.dll2013-12-01 12:38 - 2009-04-10 22:28 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\drvstore.dll2013-12-01 12:38 - 2009-04-10 22:28 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\wdscore.dll2013-12-01 12:38 - 2009-04-10 22:27 - 00130560 _____ (Microsoft Corporation) C:\Windows\system32\PkgMgr.exe2013-12-01 12:32 - 2013-12-01 12:32 - 00000310 _____ C:\Users\zeeland\Downloads\RootkitRemover_20131201_123229.log2013-12-01 12:13 - 2013-12-01 12:13 - 00072192 _____ C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT2013-12-01 12:13 - 2013-12-01 12:13 - 00000951 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2013-12-01 12:13 - 2013-12-01 12:13 - 00000946 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk2013-12-01 12:13 - 2013-12-01 12:13 - 00000917 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk2013-12-01 12:13 - 2013-12-01 12:13 - 00000020 ___SH C:\Users\Guest\ntuser.ini2013-12-01 12:13 - 2013-12-01 12:13 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Snapfish2013-12-01 12:13 - 2013-12-01 12:13 - 00000000 ____D C:\Users\Guest\AppData\Local\VirtualStore2013-12-01 12:13 - 2013-12-01 12:13 - 00000000 ____D C:\Users\Guest2013-12-01 12:13 - 2008-02-27 13:58 - 00001034 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite Deluxe.lnk2013-12-01 12:13 - 2008-01-20 18:42 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance2013-12-01 12:13 - 2008-01-20 18:42 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories2013-11-29 18:53 - 2013-11-29 18:53 - 17245644 _____ C:\Users\zeeland\Downloads\fiction.xps2013-11-29 18:21 - 2013-11-29 18:21 - 00860176 _____ (Microsoft Corporation) C:\Users\zeeland\Downloads\mssstool32.exe2013-11-29 18:17 - 2013-11-29 18:17 - 00511248 _____ (Microsoft Corporation) C:\Users\zeeland\Downloads\nis_full.exe2013-11-29 15:00 - 2013-12-04 18:03 - 00000000 ____D C:\Program Files\Microsoft Silverlight2013-11-29 14:58 - 2013-12-25 15:27 - 00000000 ____D C:\Windows\system32\MRT2013-11-29 14:57 - 2011-03-03 07:40 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\Apphlpdm.dll2013-11-29 14:57 - 2011-03-03 05:35 - 04240384 _____ (Microsoft) C:\Windows\system32\GameUXLegacyGDFs.dll2013-11-29 14:57 - 2010-08-26 08:34 - 01696256 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll2013-11-29 14:56 - 2013-11-29 14:56 - 00000310 _____ C:\Users\zeeland\Downloads\RootkitRemover_20131129_145639.log2013-11-29 14:56 - 2013-11-29 14:56 - 00000310 _____ C:\Users\zeeland\Downloads\RootkitRemover_20131129_145621.log2013-11-29 14:56 - 2013-11-29 14:56 - 00000310 _____ C:\Users\zeeland\Downloads\RootkitRemover_20131129_145618.log2013-11-29 14:46 - 2013-11-29 14:46 - 00000680 _____ C:\Users\zeeland\AppData\Local\d3d9caps.dat2013-11-29 13:42 - 2013-11-29 13:42 - 01441838 _____ C:\Users\zeeland\Downloads\Daily Deal Millionaires.zip ==================== One Month Modified Files and Folders ======= 2013-12-29 18:37 - 2013-12-11 12:06 - 00011179 _____ C:\Users\zeeland\Desktop\FRST.txt2013-12-29 18:34 - 2013-11-25 21:21 - 01989560 _____ C:\Windows\WindowsUpdate.log2013-12-29 18:28 - 2013-12-29 18:28 - 01064199 _____ (Farbar) C:\Users\zeeland\Desktop\FRST.exe2013-12-29 18:28 - 2006-11-02 02:33 - 00690960 _____ C:\Windows\system32\PerfStringBackup.INI2013-12-29 18:27 - 2013-12-29 18:26 - 00112023 _____ C:\Users\zeeland\Downloads\FRST.txt2013-12-29 18:24 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Microsoft.NET2013-12-29 18:23 - 2013-11-26 10:01 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2013-12-29 18:22 - 2006-11-02 05:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT2013-12-29 18:22 - 2006-11-02 04:47 - 00286144 _____ C:\Windows\system32\FNTCACHE.DAT2013-12-29 18:22 - 2006-11-02 04:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A02013-12-29 18:22 - 2006-11-02 04:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A02013-12-29 18:20 - 2008-02-27 13:41 - 00000000 ____D C:\Windows\system32\RTCOM2013-12-29 18:20 - 2006-11-02 05:01 - 00025574 _____ C:\Windows\Tasks\SCHEDLGU.TXT2013-12-29 18:20 - 2006-11-02 04:37 - 00000000 ____D C:\Windows\system32\XPSViewer2013-12-29 18:20 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Windows Journal2013-12-29 18:20 - 2006-11-02 03:18 - 00000000 ____D C:\Program Files\Common Files\System2013-12-29 18:17 - 2013-11-26 10:01 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2013-12-29 18:06 - 2013-12-29 18:05 - 00002286 _____ C:\Windows\IE9_main.log2013-12-29 18:02 - 2013-11-27 12:27 - 00000000 ____D C:\Users\zeeland\AppData\Roaming\HpUpdate2013-12-28 19:29 - 2013-12-28 19:28 - 79388215 _____ C:\Users\zeeland\Downloads\create-book.zip2013-12-28 19:28 - 2013-12-28 19:28 - 11326541 _____ C:\Users\zeeland\Downloads\install-mac.zip2013-12-28 19:28 - 2013-12-28 19:28 - 02431989 _____ C:\Users\zeeland\Desktop\add-account.zip2013-12-28 19:20 - 2013-12-28 19:20 - 00436558 _____ C:\Users\zeeland\Downloads\TheKindleProfitSystem.zip2013-12-28 19:04 - 2013-12-23 10:08 - 00000000 ____D C:\Windows\Minidump2013-12-28 17:17 - 2013-12-28 17:17 - 00000000 ____D C:\Users\zeeland\Documents\Ashampoo Burning Studio FREE2013-12-28 16:56 - 2013-12-28 16:56 - 00000844 _____ C:\Users\Public\Desktop\Ashampoo Burning Studio FREE.lnk2013-12-28 16:56 - 2013-12-28 16:56 - 00000000 ____D C:\Users\zeeland\Ashampoo Burning Studio FREE2013-12-28 16:56 - 2013-12-28 16:56 - 00000000 ____D C:\Users\zeeland\AppData\Roaming\Ashampoo2013-12-28 16:56 - 2013-12-28 16:56 - 00000000 ____D C:\Users\zeeland\AppData\Local\ashampoo2013-12-28 16:56 - 2013-12-28 16:56 - 00000000 ____D C:\ProgramData\Ashampoo2013-12-28 16:56 - 2013-11-26 13:11 - 00000000 ____D C:\Users\zeeland2013-12-28 16:52 - 2013-12-28 16:52 - 00000000 ____D C:\Users\zeeland\AppData\Roaming\PowerISO2013-12-28 16:50 - 2013-12-28 16:50 - 30465288 _____ (Ashampoo GmbH & Co. KG ) C:\Users\zeeland\Downloads\ashampoo_burning_studio_free_1.12.0_sm.exe2013-12-28 16:48 - 2013-12-28 16:48 - 00031576 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx86.sys2013-12-28 16:48 - 2013-12-28 16:48 - 00000806 _____ C:\Users\Public\Desktop\PowerISO.lnk2013-12-28 16:48 - 2013-12-28 16:48 - 00000000 ____D C:\Users\zeeland\AppData\Local\AVG SafeGuard toolbar2013-12-28 16:48 - 2013-12-28 16:48 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar2013-12-28 16:48 - 2013-12-28 16:48 - 00000000 ____D C:\Program Files\PowerISO2013-12-28 16:48 - 2013-12-28 16:48 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search2013-12-28 16:48 - 2013-12-28 16:48 - 00000000 ____D C:\Program Files\AVG SafeGuard toolbar2013-12-28 16:30 - 2013-12-28 16:30 - 00008224 _____ C:\Windows\system32\GDIPFONTCACHEV1.DAT2013-12-28 16:30 - 2013-11-25 21:29 - 00008224 _____ C:\Users\Donna Tanaka\AppData\Local\GDIPFONTCACHEV1.DAT2013-12-28 16:30 - 2013-11-25 21:29 - 00000951 _____ C:\Users\Donna Tanaka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2013-12-28 16:30 - 2013-11-25 21:29 - 00000917 _____ C:\Users\Donna Tanaka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk2013-12-28 16:30 - 2008-02-27 13:51 - 00000000 ____D C:\ProgramData\NVIDIA2013-12-28 15:42 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\rescache2013-12-28 15:01 - 2013-12-28 14:59 - 00000000 ___SD C:\ComboFix2013-12-28 14:58 - 2013-12-28 14:58 - 00082513 _____ C:\Users\zeeland\Desktop\12 .28 tdds.txt2013-12-28 14:54 - 2013-12-25 16:16 - 00002198 _____ C:\Users\zeeland\Desktop\Rkill.txt2013-12-28 14:52 - 2013-11-26 13:11 - 00000951 _____ C:\Users\zeeland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2013-12-28 14:52 - 2013-11-26 13:11 - 00000917 _____ C:\Users\zeeland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk2013-12-28 14:47 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Windows Sidebar2013-12-28 14:47 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Windows Photo Gallery2013-12-28 14:47 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Windows Defender2013-12-28 14:47 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Windows Collaboration2013-12-28 14:47 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Windows Calendar2013-12-28 14:47 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Movie Maker2013-12-28 14:46 - 2013-12-28 14:46 - 00000000 ____D C:\Windows\system32\vi-VN2013-12-28 14:46 - 2013-12-28 14:46 - 00000000 ____D C:\Windows\system32\eu-ES2013-12-28 14:46 - 2013-12-28 14:46 - 00000000 ____D C:\Windows\system32\ca-ES2013-12-28 14:46 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\system32\zh-TW2013-12-28 14:46 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\system32\zh-CN2013-12-28 14:46 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\system32\uk-UA2013-12-28 14:46 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\system32\tr-TR2013-12-28 14:46 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\system32\th-TH2013-12-28 14:46 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\system32\sv-SE2013-12-28 14:46 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\system32\sr-Latn-CS2013-12-28 14:46 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\system32\SLUI2013-12-28 14:46 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\system32\sl-SI2013-12-28 14:46 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\system32\sk-SK2013-12-28 14:46 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\system32\ru-RU2013-12-28 14:46 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\system32\ro-RO2013-12-28 14:46 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\system32\pt-PT2013-12-28 14:46 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\system32\pt-BR2013-12-28 14:46 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\system32\pl-PL2013-12-28 14:46 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\system32\nl-NL2013-12-28 14:46 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\system32\nb-NO2013-12-28 14:46 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\system32\lv-LV2013-12-28 14:46 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\system32\lt-LT2013-12-28 14:46 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\system32\ko-KR2013-12-28 14:46 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\system32\ja-JP2013-12-28 14:46 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\system32\it-IT2013-12-28 14:46 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\system32\hu-HU2013-12-28 14:46 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\system32\hr-HR2013-12-28 14:46 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\system32\he-IL2013-12-28 14:46 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\system32\fr-FR2013-12-28 14:46 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\system32\fi-FI2013-12-28 14:46 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\system32\et-EE2013-12-28 14:46 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\system32\el-GR2013-12-28 14:46 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\system32\de-DE2013-12-28 14:46 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\system32\bg-BG2013-12-28 14:46 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\system32\ar-SA2013-12-28 14:46 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\system32\AdvancedInstallers2013-12-28 14:46 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\IME2013-12-28 14:21 - 2013-12-28 14:21 - 00000000 ____D C:\Windows\system32\EventProviders2013-12-25 19:27 - 2013-12-25 19:27 - 00071451 _____ C:\Users\zeeland\Desktop\FRST 25.txt2013-12-25 19:18 - 2013-12-25 19:18 - 00860176 _____ (Microsoft Corporation) C:\Users\zeeland\Desktop\mssstool32 (1).exe2013-12-25 19:14 - 2013-11-26 13:53 - 00002198 _____ C:\Windows\epplauncher.mif2013-12-25 19:13 - 2013-12-25 19:13 - 11125072 _____ (Microsoft Corporation) C:\Users\zeeland\Downloads\mseinstall (1).exe2013-12-25 19:13 - 2013-12-25 19:12 - 92215576 _____ (Microsoft Corporation) C:\Users\zeeland\Desktop\msert.exe2013-12-25 17:08 - 2013-12-25 17:08 - 05158070 ____R (Swearware) C:\Users\zeeland\Downloads\ComboFix.exe2013-12-25 17:08 - 2013-12-25 17:08 - 00000855 _____ C:\Users\zeeland\Desktop\ComboFix - Shortcut.lnk2013-12-25 16:10 - 2013-12-25 16:10 - 00000855 _____ C:\Users\zeeland\Desktop\iExplore - Shortcut.lnk2013-12-25 16:05 - 2008-02-27 14:13 - 00000000 ____D C:\Windows\SMINST2013-12-25 16:00 - 2013-12-25 16:00 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\zeeland\Downloads\iExplore.exe2013-12-25 16:00 - 2013-12-25 16:00 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\zeeland\Desktop\rkill.exe2013-12-25 15:27 - 2013-11-29 14:58 - 00000000 ____D C:\Windows\system32\MRT2013-12-25 15:27 - 2006-11-02 02:24 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe2013-12-23 10:18 - 2013-12-04 19:06 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2013-12-23 10:18 - 2013-12-04 19:06 - 00000000 ____D C:\Users\zeeland\Desktop\mbar2013-12-23 10:18 - 2013-11-28 10:07 - 00000000 ____D C:\TDSSKiller_Quarantine2013-12-23 10:15 - 2013-12-23 10:15 - 04101441 _____ C:\Users\zeeland\Downloads\tdsskiller.zip2013-12-23 10:15 - 2013-12-23 09:40 - 00000000 ____D C:\Users\zeeland\Desktop\hp2013-12-23 09:39 - 2013-12-23 09:38 - 00000000 ____D C:\Qoobox2013-12-23 09:37 - 2013-12-23 09:37 - 00000000 ____D C:\Windows\erdnt2013-12-23 09:28 - 2013-12-04 19:06 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)2013-12-22 11:15 - 2013-12-22 11:15 - 49940480 _____ C:\Program Files\GUT6049.tmp2013-12-22 11:15 - 2013-12-22 11:15 - 00000000 ____D C:\Program Files\GUM6019.tmp2013-12-22 11:14 - 2006-11-02 04:37 - 00000000 ____D C:\Windows\DigitalLocker2013-12-19 13:29 - 2013-12-23 09:40 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\zeeland\Desktop\tdsskiller.exe2013-12-16 18:23 - 2013-12-16 18:23 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\zeeland\Downloads\tdsskiller (1).exe2013-12-11 12:07 - 2013-12-11 12:06 - 00017087 _____ C:\Users\zeeland\Desktop\Addition.txt2013-12-11 12:06 - 2013-12-11 12:06 - 00000000 ____D C:\FRST2013-12-04 19:05 - 2013-12-04 19:05 - 12576792 _____ (Malwarebytes Corp.) C:\Users\zeeland\Downloads\mbar-1.07.0.1007 (1).exe2013-12-04 19:05 - 2013-12-04 19:05 - 12576792 _____ (Malwarebytes Corp.) C:\Users\zeeland\Desktop\16m7bar.exe2013-12-04 19:03 - 2013-12-04 19:03 - 00000000 ____D C:\Users\zeeland\Desktop\help2013-12-04 18:16 - 2013-12-04 18:16 - 00000908 _____ C:\Users\Public\Desktop\may.lnk2013-12-04 18:16 - 2013-12-04 18:16 - 00000000 ____D C:\Users\zeeland\AppData\Roaming\Malwarebytes2013-12-04 18:16 - 2013-12-04 18:16 - 00000000 ____D C:\ProgramData\Malwarebytes2013-12-04 18:16 - 2013-12-04 18:16 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware2013-12-04 18:15 - 2013-12-04 18:15 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\zeeland\Downloads\mbam-setup-1.75.0.1300.exe2013-12-04 18:08 - 2013-12-04 18:08 - 00001917 _____ C:\Users\zeeland\Desktop\aswMBR.txt2013-12-04 18:08 - 2013-11-28 17:02 - 00000512 _____ C:\Users\zeeland\Desktop\MBR.dat2013-12-04 18:04 - 2013-12-04 18:04 - 00000104 _____ C:\Users\zeeland\Documents\Recycle Bin - Shortcut.lnk2013-12-04 18:03 - 2013-11-29 15:00 - 00000000 ____D C:\Program Files\Microsoft Silverlight2013-12-01 15:29 - 2013-12-01 15:29 - 00002384 _____ C:\Users\zeeland\Desktop\attach.txt2013-12-01 15:28 - 2013-12-01 15:29 - 00010298 _____ C:\Users\zeeland\Desktop\dds.txt2013-12-01 15:28 - 2013-12-01 15:28 - 00081276 _____ C:\Users\zeeland\Downloads\2.xps2013-12-01 12:53 - 2013-12-01 12:53 - 00688992 ____R (Swearware) C:\Users\zeeland\Desktop\dds.com2013-12-01 12:53 - 2013-12-01 12:53 - 00688992 _____ (Swearware) C:\Users\zeeland\Downloads\dds.scr2013-12-01 12:32 - 2013-12-01 12:32 - 00000310 _____ C:\Users\zeeland\Downloads\RootkitRemover_20131201_123229.log2013-12-01 12:13 - 2013-12-01 12:13 - 00072192 _____ C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT2013-12-01 12:13 - 2013-12-01 12:13 - 00000951 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2013-12-01 12:13 - 2013-12-01 12:13 - 00000946 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk2013-12-01 12:13 - 2013-12-01 12:13 - 00000917 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk2013-12-01 12:13 - 2013-12-01 12:13 - 00000020 ___SH C:\Users\Guest\ntuser.ini2013-12-01 12:13 - 2013-12-01 12:13 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Snapfish2013-12-01 12:13 - 2013-12-01 12:13 - 00000000 ____D C:\Users\Guest\AppData\Local\VirtualStore2013-12-01 12:13 - 2013-12-01 12:13 - 00000000 ____D C:\Users\Guest2013-11-29 18:53 - 2013-11-29 18:53 - 17245644 _____ C:\Users\zeeland\Downloads\fiction.xps2013-11-29 18:21 - 2013-11-29 18:21 - 00860176 _____ (Microsoft Corporation) C:\Users\zeeland\Downloads\mssstool32.exe2013-11-29 18:17 - 2013-11-29 18:17 - 00511248 _____ (Microsoft Corporation) C:\Users\zeeland\Downloads\nis_full.exe2013-11-29 18:06 - 2013-11-26 13:24 - 00000000 ___HD C:\TOOLWIZ2013-11-29 14:56 - 2013-11-29 14:56 - 00000310 _____ C:\Users\zeeland\Downloads\RootkitRemover_20131129_145639.log2013-11-29 14:56 - 2013-11-29 14:56 - 00000310 _____ C:\Users\zeeland\Downloads\RootkitRemover_20131129_145621.log2013-11-29 14:56 - 2013-11-29 14:56 - 00000310 _____ C:\Users\zeeland\Downloads\RootkitRemover_20131129_145618.log2013-11-29 14:46 - 2013-11-29 14:46 - 00000680 _____ C:\Users\zeeland\AppData\Local\d3d9caps.dat2013-11-29 13:42 - 2013-11-29 13:42 - 01441838 _____ C:\Users\zeeland\Downloads\Daily Deal Millionaires.zip ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legitC:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-12-29 18:27 ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
Maniac Posted December 30, 2013 ID:770642 Share Posted December 30, 2013 Please post the content of Additional.txt content. Link to post Share on other sites More sharing options...
stuff2 Posted December 31, 2013 Author ID:770824 Share Posted December 31, 2013 Sorry about the double post I could not find how to delete it. Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-12-2013 01Ran by zeeland at 2013-12-30 15:54:19Running from C:\Users\zeeland\DesktopBoot Mode: Normal========================================================== ==================== Security Center ======================== AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} ==================== Installed Programs ====================== Adobe Flash Player ActiveX (Version: 9.0.45.0 - Adobe Systems Incorporated)Adobe Reader 8.1.0 (Version: 8.1.0 - Adobe Systems Incorporated)Ashampoo Burning Studio FREE v.1.12.0 (Version: 1.12.0 - Ashampoo GmbH & Co. KG)AVG SafeGuard toolbar (Version: 14.0.0.12 - AVG Technologies)Cards_Calendar_OrderGift_DoMorePlugout (Version: 1.00.0000 - Hewlett-Packard)Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000 - Microsoft Corporation)CyberLink DVD Suite Deluxe (Version: 5.5.1126 - CyberLink Corp.)Enhanced Multimedia Keyboard Solution (Version: - Hewlett-Packard)Google Chrome (Version: 31.0.1650.57 - Google Inc.)Google Update Helper (Version: 1.3.22.3 - Google Inc.)Hardware Diagnostic Tools (Version: 5.1.4708.19 - PC-Doctor, Inc.)Hewlett-Packard Active Check (Version: 1.1.11.0 - Hewlett-Packard)Hewlett-Packard Asset Agent for Health Check (Version: 2.0.62.5 - HP)HP Customer Experience Enhancements (Version: 5.6.0.2499 - Hewlett-Packard)HP Customer Feedback (Version: 1.0.0 - Hewlett-Packard)HP Demo (Version: 4.1.0 - Hewlett-Packard)HP Easy Setup - Frontend (Version: 5.6.0.2542 - Hewlett-Packard)HP On-Screen Cap/Num/Scroll Lock Indicator (Version: - Hewlett-Packard)HP Photosmart Essential 2.5 (Version: 1.02.0000 - Hewlett-Packard)HP Photosmart Essential 2.5 (Version: 2.5 - HP)HP Picasso Media Center Add-In (Version: 1.0.0 - HP)HP Total Care Advisor (Version: 1.6.12.2542 - Hewlett-Packard)HP Update (Version: 5.005.000.002 - Hewlett-Packard)HPPhotoSmartPhotobookWebPack1 (Version: 1.00.0000 - Hewlett-Packard)Java SE Runtime Environment 6 Update 1 (Version: 1.6.0.10 - Sun Microsystems, Inc.)LabelPrint (Version: 2.2.2329 - CyberLink Corp.)LightScribe System Software 1.10.23.1 (Version: 1.10.23.1 - http://www.lightscribe.com)LightScribeTemplateLabeler (Version: 1.10.23.1 - LightScribe)Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)Microsoft .NET Framework 3.5 SP1 (Version: - Microsoft Corporation)Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation)Microsoft Office Home and Student 60 day trial (Version: - )Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation)Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)Microsoft Works (Version: 9.7.0621 - Microsoft Corporation)muvee autoProducer 6.1 (Version: 6.10.050 - muvee Technologies)My HP Games (Version: HPCMPQ1902 - WildTangent)NVIDIA Drivers (Version: - )Power2Go (Version: 5.6.3610 - CyberLink Corp.)PowerDirector (Version: 6.5.2420 - CyberLink Corp.)PowerISO (Version: 5.8 - Power Software Ltd)PSSWCORE (Version: 2.02.0000 - Hewlett-Packard)Python 2.5 (Version: 2.5.150 - Martin v. Löwis)Realtek High Definition Audio Driver (Version: - )Snapfish Picture Mover (Version: 1.9.0.16 - HP Snapfish)Soft Data Fax Modem with SmartCP (Version: 7.74.00 - Conexant Systems)Toolwiz Care (Version: 3.1.0.5100 - ToolWiz Care)Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)VideoToolkit01 (Version: 100.0.128.000 - Hewlett-Packard)WeatherBug Gadget (Version: 1.0.0.6 - AWS Convergence Technologies)Yahoo! Toolbar (Version: - ) ==================== Restore Points ========================= 26-11-2013 05:25:15 Scripted restore26-11-2013 18:04:20 Windows Update26-11-2013 21:24:42 Toolwiz Care(3.1.0.5100)26-11-2013 21:46:25 Windows Update26-11-2013 21:51:10 Windows Update26-11-2013 22:00:06 Windows Update27-11-2013 15:30:51 Windows Update28-11-2013 17:32:32 Windows Update28-11-2013 17:41:50 Windows Update29-11-2013 21:44:14 Windows Update29-11-2013 22:57:36 Windows Update29-11-2013 23:18:11 Windows Update30-11-2013 02:15:41 Windows Update30-11-2013 02:18:22 Windows Update05-12-2013 01:52:34 Windows Update05-12-2013 03:15:28 Windows Update22-12-2013 17:33:43 Scheduled Checkpoint22-12-2013 17:53:18 Malwarebytes Anti-Rootkit Restore Point25-12-2013 23:26:40 Windows Update26-12-2013 00:08:01 Windows Update26-12-2013 00:30:22 Windows Update26-12-2013 03:06:34 Windows Update26-12-2013 04:38:36 Microsoft Antimalware Checkpoint28-12-2013 22:16:28 Microsoft Antimalware Checkpoint28-12-2013 22:21:18 Windows Update29-12-2013 00:45:28 Windows Update30-12-2013 01:57:21 Microsoft Antimalware Checkpoint30-12-2013 02:00:44 Windows Update30-12-2013 02:32:49 Windows Update30-12-2013 23:50:42 Windows Update ==================== Hosts content: ========================== 2006-11-02 02:23 - 2006-09-18 13:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost::1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {14BE614B-BFEE-4332-84E9-5577E2FF7E50} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-11-26] (Google Inc.)Task: {1C4F2298-1498-4526-8383-4F6CB5437ED0} - System32\Tasks\ExtendedServicePlan => C:\Program Files\Hewlett-Packard\SDP\RemEngine.exe [2007-12-17] ()Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMMTask: {29FBD9BE-9C1F-4EB9-8151-B9F090620079} - System32\Tasks\PC-Doctor\Scheduled Maintenance => C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe [2007-10-04] (PC-Doctor, Inc.)Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UITask: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPagesTask: {3FE2FF18-EFF6-4249-8E42-C61ABC6F52BB} - System32\Tasks\ServicePlan => C:\Program Files\Hewlett-Packard\SDP\RemEngine.exe [2007-12-17] ()Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\WINDOWS\System32\RacAgent.exe [2008-01-20] (Microsoft Corporation)Task: {5B1F54CC-7F50-4B7D-9C33-86B5E427E135} - System32\Tasks\PC-Doctor\Scheduled Maintenance Swap => C:\Program Files\PC-Doctor 5 for Windows\task_swap.bat [2008-02-27] ()Task: {73F25119-D79E-4FEA-9265-72C3292D2848} - System32\Tasks\IntenetServiceOffers => C:\Program Files\Hewlett-Packard\SDP\RemEngine.exe [2007-12-17] ()Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntriesTask: {C2518D44-021D-40B8-B161-22170A16F23A} - System32\Tasks\ToolwizCareFree => C:\Program Files\ToolwizCareFree\ToolwizCares.exe [2013-11-26] (Toolwiz)Task: {C2E45A30-41F1-45B2-9C0B-CB35B473A2A4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-11-26] (Google Inc.)Task: {D58921BA-0D80-4346-99BA-796CEA5807DD} - System32\Tasks\RecoveryCD => C:\Program Files\Hewlett-Packard\SDP\RemEngine.exe [2007-12-17] ()Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\WINDOWS\System32\gatherWirelessInfo.vbs [2008-01-20] ()Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-11-26 10:02 - 2013-11-14 03:29 - 04055504 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.57\pdf.dll2013-11-26 10:02 - 2013-11-14 03:29 - 00399312 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll2013-11-26 10:02 - 2013-11-14 03:28 - 01619408 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\11654386.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\19343800.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\22475791.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\26363123.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\65533879.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\77338195.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\11654386.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\19343800.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\22475791.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\26363123.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\65533879.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\77338195.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver" ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (12/30/2013 03:48:44 PM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/29/2013 06:22:35 PM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/29/2013 05:57:55 PM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/29/2013 05:57:20 PM) (Source: VSS) (User: )Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005.This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {f79e8b95-1a32-4916-97e3-3fddcb104531} Error: (12/28/2013 06:58:01 PM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/28/2013 04:31:37 PM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/28/2013 04:30:26 PM) (Source: ESENT) (User: )Description: WinMail (2676) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed. Error: (12/28/2013 03:28:09 PM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/28/2013 02:52:08 PM) (Source: ESENT) (User: )Description: WinMail (2832) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed. Error: (12/28/2013 02:50:18 PM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors:=============Error: (12/30/2013 03:54:32 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)Description: 0x80070643Windows Internet Explorer 9 for Windows Vista{CE545479-357C-49F8-8DB9-D1434AC00075}101 Error: (12/30/2013 03:48:45 PM) (Source: Service Control Manager) (User: )Description: 22475791 Error: (12/30/2013 03:48:45 PM) (Source: Service Control Manager) (User: )Description: Parallel port driver%%1058 Error: (12/30/2013 03:48:09 PM) (Source: Microsoft Antimalware) (User: )Description: %Trojan:DOS/Alureon.K60 has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following:%Trojan:DOS/Alureon.K603 Name: Trojan:DOS/Alureon.K ID: 2147660148 Severity: %Trojan:DOS/Alureon.K600 Category: %Trojan:DOS/Alureon.K602 Path: 4.4.0304.02 Detection Origin: 4.4.0304.04 Detection Type: 4.4.0304.08 Detection Source: %Trojan:DOS/Alureon.K608 User: {43F5D604-D786-4B5B-A146-312CB8191FE4}9 Process Name: %Trojan:DOS/Alureon.K609 Action: {43F5D604-D786-4B5B-A146-312CB8191FE4}1 Action Status: {43F5D604-D786-4B5B-A146-312CB8191FE4}8 Error Code: {43F5D604-D786-4B5B-A146-312CB8191FE4}3 Error description: {43F5D604-D786-4B5B-A146-312CB8191FE4}4 Signature Version: 2013-12-30T23:47:31.298Z1 Engine Version: 2013-12-30T23:47:31.298Z2 Error: (12/29/2013 06:34:01 PM) (Source: Microsoft-Windows-Servicing) (User: NT AUTHORITY)Description: Windows Servicing failed to complete the process of changing update Aux from package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package_en-US(Language Pack) into Staged(Staged) state Error: (12/29/2013 06:34:01 PM) (Source: Microsoft-Windows-Servicing) (User: NT AUTHORITY)Description: Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package_en-US (Language Pack) into Install Requested(Install Requested) state Error: (12/29/2013 06:34:01 PM) (Source: Microsoft-Windows-Servicing) (User: NT AUTHORITY)Description: Windows Servicing failed to complete the process of changing update AuxResourcesLP from package WindowsUpdateClient-SelfUpdate-Aux-Package(Language Pack) into Staged(Staged) state Error: (12/29/2013 06:34:01 PM) (Source: Microsoft-Windows-Servicing) (User: NT AUTHORITY)Description: Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-Package (Language Pack) into Install Requested(Install Requested) state Error: (12/29/2013 06:34:01 PM) (Source: Microsoft-Windows-Servicing) (User: NT AUTHORITY)Description: Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-en-us-LP from package WUClient-SelfUpdate-Aux-Package-en-us-MiniLP(Feature Pack) into Staged(Staged) state Error: (12/29/2013 06:34:01 PM) (Source: Microsoft-Windows-Servicing) (User: NT AUTHORITY)Description: Windows Servicing failed to complete the process of setting package WUClient-SelfUpdate-Aux-Package-en-us-MiniLP (Feature Pack) into Install Requested(Install Requested) state Microsoft Office Sessions:=========================Error: (12/30/2013 03:48:44 PM) (Source: WinMgmt)(User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/29/2013 06:22:35 PM) (Source: WinMgmt)(User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/29/2013 05:57:55 PM) (Source: WinMgmt)(User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/29/2013 05:57:20 PM) (Source: VSS)(User: )Description: 0x80070005 Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {f79e8b95-1a32-4916-97e3-3fddcb104531} Error: (12/28/2013 06:58:01 PM) (Source: WinMgmt)(User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/28/2013 04:31:37 PM) (Source: WinMgmt)(User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/28/2013 04:30:26 PM) (Source: ESENT)(User: )Description: WinMail2676WindowsMail0: Error: (12/28/2013 03:28:09 PM) (Source: WinMgmt)(User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/28/2013 02:52:08 PM) (Source: ESENT)(User: )Description: WinMail2832WindowsMail0: Error: (12/28/2013 02:50:18 PM) (Source: WinMgmt)(User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 CodeIntegrity Errors:=================================== Date: 2013-12-30 15:54:09.571 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2013-12-30 15:54:09.454 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2013-12-30 15:54:09.345 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2013-12-30 15:54:09.233 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2013-12-30 15:54:09.107 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2013-12-30 15:54:08.987 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2013-12-30 15:54:08.870 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2013-12-30 15:54:08.730 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2013-12-29 18:38:33.867 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2013-12-29 18:38:33.762 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 43%Total physical RAM: 3453.64 MBAvailable physical RAM: 1954.07 MBTotal Pagefile: 7097.7 MBAvailable Pagefile: 5667.79 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1940.84 MB ==================== Drives ================================ Drive c: (HP) (Fixed) (Total:456.43 GB) (Free:382.11 GB) NTFS ==>[Drive with boot components (obtained from BCD)]Drive d: (FACTORY_IMAGE) (Fixed) (Total:9.33 GB) (Free:1.27 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive e: (WTLIB10E) (CDROM) (Total:0.39 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 466 GB) (Disk ID: 1549F232)Partition 1: (Active) - (Size=456 GB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=2544 KB) - (Type=17) ATTENTION ===> Suspicious partition bootkit on partition 2Partition 3: (Not Active) - (Size=9 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Link to post Share on other sites
Recommended Posts