Infected by S.M.A.R.T. now sporadic background audio advertisments

View previous topic View next topic Go down

Infected by S.M.A.R.T. now sporadic background audio advertisments

Post by bh071texas on Fri Jun 15, 2012 2:35 pm

Computer was totally non-functional after getting home from a meeting yesterday afternoon. Black screen with only a couple of items (outlook backup) still showing. No programs visible and many warnings and pop-ups from S.M.A.R.T. After doing some research and realizing the problem, I did a restore on my computer to an earlier time and then ran a full Malwarebytes scan which found like 17 infected files. I eliminated those. Now I am hearing random and sporadic audio avertisements when there is not a screen or browser open. I've tried restarting thinking there might be something open in the background that I can't detect and it continues. Also, the computer is running slower than prior to the S.M.A.R.T. infection. All this tells me there is still some nasty things causing problems in my computer. I've taken it as far as I can and now need some assistance.

bh071texas
Novice
Novice

Posts Posts : 11
Joined Joined : 2012-06-15
OS OS : Windows 7 Home Edition
Points Points : 16503
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected by S.M.A.R.T. now sporadic background audio advertisments

Post by Dr Jay on Fri Jun 15, 2012 2:52 pm

We'll start our with aswMBR:

Please download aswMBR from [You must be registered and logged in to see this link.]


  • Save aswMBR.exe to your Desktop
  • Double click aswMBR.exe to run it
  • Click the Scan button to start the scan as illustrated below




Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are [You must be registered and logged in to see this link.]


  • Once the scan finishes click Save log to save the log to your Desktop


  • Copy and paste the contents of aswMBR.txt back here for review



AND ComboFix


Please visit this webpage for a tutorial on downloading and running ComboFix:

[You must be registered and logged in to see this link.]

See the area: Using ComboFix, and when done, post the log back here.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13719
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302143
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Infected by S.M.A.R.T. now sporadic background audio advertisments

Post by bh071texas on Fri Jun 15, 2012 3:39 pm

I don't know if these need to be done sequentially or not but I CAN NOT get aswMBR to run. I downloaded to my desktop and tried to run but nothing happened. I even tried to run as Admistrator and still nothing.

bh071texas
Novice
Novice

Posts Posts : 11
Joined Joined : 2012-06-15
OS OS : Windows 7 Home Edition
Points Points : 16503
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected by S.M.A.R.T. now sporadic background audio advertisments

Post by bh071texas on Fri Jun 15, 2012 5:30 pm

ComboFix 12-06-15.02 - Bryan Holland 06/15/2012 11:22:20.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4056.2167 [GMT -5:00]
Running from: c:\users\Bryan Holland\Desktop\ComboFix.exe
AV: McAfee VirusScan *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Personal Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee VirusScan *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\CouponAlert_2pEI
c:\programdata\Tu3DTgUonp8t2a
c:\users\Bryan Holland\AppData\Local\{ff3c5f34-6e49-11eb-cc8f-67534bbe83fe}
c:\users\Bryan Holland\AppData\Local\{ff3c5f34-6e49-11eb-cc8f-67534bbe83fe}\@
c:\users\Bryan Holland\AppData\Local\{ff3c5f34-6e49-11eb-cc8f-67534bbe83fe}\L\00000004.@
c:\users\Bryan Holland\AppData\Local\{ff3c5f34-6e49-11eb-cc8f-67534bbe83fe}\L\1afb2d56
c:\users\Bryan Holland\AppData\Local\{ff3c5f34-6e49-11eb-cc8f-67534bbe83fe}\L\80000032.@
c:\users\Bryan Holland\AppData\Local\{ff3c5f34-6e49-11eb-cc8f-67534bbe83fe}\n
c:\users\Bryan Holland\AppData\Local\{ff3c5f34-6e49-11eb-cc8f-67534bbe83fe}\U\00000004.@
c:\users\Bryan Holland\AppData\Local\{ff3c5f34-6e49-11eb-cc8f-67534bbe83fe}\U\00000008.@
c:\users\Bryan Holland\AppData\Local\{ff3c5f34-6e49-11eb-cc8f-67534bbe83fe}\U\000000cb.@
c:\users\Bryan Holland\AppData\Local\{ff3c5f34-6e49-11eb-cc8f-67534bbe83fe}\U\80000000.@
c:\users\Bryan Holland\AppData\Local\{ff3c5f34-6e49-11eb-cc8f-67534bbe83fe}\U\80000032.@
c:\users\Bryan Holland\AppData\Local\{ff3c5f34-6e49-11eb-cc8f-67534bbe83fe}\U\80000064.@
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\isRS-000.tmp
c:\windows\security\Database\tmp.edb
c:\windows\system32\consrv.dll
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2012-05-15 to 2012-06-15 )))))))))))))))))))))))))))))))
.
.
2012-06-15 16:58 . 2012-06-15 16:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-15 04:11 . 2012-06-11 03:40 114 ----a-w- c:\program files\Common Files\cc.bat
2012-06-15 04:11 . 2012-06-11 03:29 680 ----a-w- c:\program files\Common Files\11.reg
2012-06-12 19:00 . 2012-06-15 03:23 -------- d-----w- c:\program files\iPod
2012-06-12 19:00 . 2012-06-15 03:45 -------- d-----w- c:\program files\iTunes
2012-06-12 19:00 . 2012-06-15 03:45 -------- d-----w- c:\program files (x86)\iTunes
2012-06-06 05:29 . 2008-05-30 19:17 65032 ----a-w- c:\windows\SysWow64\XAPOFX1_0.dll
2012-06-06 02:56 . 2012-06-15 03:44 -------- d-----w- c:\program files (x86)\Common Files\Steam
2012-05-27 17:15 . 2012-05-27 17:15 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-05-27 17:15 . 2012-05-27 17:15 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-05-27 17:15 . 2012-05-27 17:15 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-05-27 17:15 . 2012-05-27 17:15 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-12 19:32 . 2012-04-22 22:35 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-12 19:32 . 2012-01-06 15:05 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-15 23:40 . 2012-05-15 23:40 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-05-15 23:40 . 2012-05-15 23:40 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-05-15 23:39 . 2012-05-15 23:39 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-05-15 23:39 . 2012-05-15 23:39 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-05-04 18:44 . 2012-05-04 18:44 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-03-31 06:05 . 2012-05-09 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-31 04:39 . 2012-05-09 18:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-09 18:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10 . 2012-05-09 18:03 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 11:35 . 2012-05-09 18:01 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\SysWow64\GPhotos.scr
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-01-04 39408]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-02-24 59240]
"com.apple.dav.bookmarks.daemon"="c:\program files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe" [2012-02-23 59240]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-09-11 1779952]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-19 494064]
"mcagent_exe"="c:\program files (x86)\McAfee.com\Agent\mcagent.exe" [2009-05-01 645328]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"WD Anywhere Backup"="c:\program files (x86)\WD\WD Anywhere Backup\MemeoLauncher2.exe" [2009-11-13 222432]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-04 135664]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-12 257224]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-04 135664]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\WD\WD Anywhere Backup\MemeoBackgroundService.exe [2009-11-13 25824]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 19:32]
.
2012-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-04 05:10]
.
2012-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-04 05:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-01-23 305664]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-07-02 3180624]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"combofix"="c:\combofix\CF28909.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = [You must be registered and logged in to see this link.]
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\progra~2\COMMON~1\McAfee\McProxy\McProxy.exe
c:\program files (x86)\McAfee\MPF\MPFSrv.exe
c:\program files (x86)\McAfee\MSK\MskSrver.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\McAfee\MSC\mcmscsvc.exe
c:\progra~2\McAfee.com\Agent\mcagent.exe
c:\program files (x86)\Common Files\mcafee\mna\mcnasvc.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2012-06-15 12:25:02 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-15 17:24
.
Pre-Run: 206,777,044,992 bytes free
Post-Run: 207,069,962,240 bytes free
.
- - End Of File - - BB2904541EB378D7B06FC930B454CB52

bh071texas
Novice
Novice

Posts Posts : 11
Joined Joined : 2012-06-15
OS OS : Windows 7 Home Edition
Points Points : 16503
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected by S.M.A.R.T. now sporadic background audio advertisments

Post by bh071texas on Fri Jun 15, 2012 5:39 pm

you didn't ask for it but here is my Malwarebytes log from before we started this dialogue:

Malwarebytes Anti-Malware 1.61.0.1400
[You must be registered and logged in to see this link.]

Database version: v2012.06.15.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Bryan Holland :: BRYANHOLLAND-PC [administrator]

6/14/2012 11:19:57 PM
mbam-log-2012-06-15 (00-52-00).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 371492
Time elapsed: 1 hour(s), 22 minute(s),

Memory Processes Detected: 2
C:\Program Files\Common Files\iexplorer.exe (Backdoor.Bot) -> 1072 -> No action taken.
C:\Program Files\Common Files\iexplorer.exe (Backdoor.Bot) -> 4220 -> No action taken.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 11
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3462C343-BE19-4143-AF70-CEFB56F46FC6} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3462C343-BE19-4143-AF70-CEFB56F46FC6} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3A421C8F-E238-4AEB-8874-B8B5F2CC4772} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3A421C8F-E238-4AEB-8874-B8B5F2CC4772} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{60E91567-EF8A-4520-BCE2-83ABA5256799} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{60E91567-EF8A-4520-BCE2-83ABA5256799} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{23B38049-323F-443D-9732-F454E5B15B72} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{0248EAF2-030A-466e-8DFA-C3BFE662E028} (Trojan.Agent) -> No action taken.
HKCR\CLSID\{0248EAF2-030A-466e-8DFA-C3BFE662E028} (Trojan.Agent) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 8
C:\Program Files\Common Files\cc.js (Trojan.Agent) -> No action taken.
C:\Users\Bryan Holland\AppData\Local\liu.exe (Trojan.FakeMS) -> No action taken.
C:\Users\Bryan Holland\AppData\Local\{ff3c5f34-6e49-11eb-cc8f-67534bbe83fe}\U\00000008.@ (Trojan.Dropper.BCMiner) -> No action taken.
C:\Users\Bryan Holland\AppData\LocalLow\CouponAlert_2pEI\Installr\Cache\00650677.exe (PUP.MyWebSearch) -> No action taken.
C:\WINDOWS\System32\mdhcp32.dll (Spyware.Agent) -> No action taken.
C:\WINDOWS\System32\sname (Spyware.Agent) -> No action taken.
C:\Program Files\Common Files\iexplorer.exe (Backdoor.Bot) -> No action taken.
C:\WINDOWS\SysWOW64\mdhcp32.dll (Trojan.Agent) -> No action taken.

(end)

bh071texas
Novice
Novice

Posts Posts : 11
Joined Joined : 2012-06-15
OS OS : Windows 7 Home Edition
Points Points : 16503
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected by S.M.A.R.T. now sporadic background audio advertisments

Post by Dr Jay on Fri Jun 15, 2012 7:38 pm

Time to bring out the big guns! (Gunsmoke)

Please download TDSSKiller from [You must be registered and logged in to see this link.] and save it to your Desktop.
  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.


AFTER THAT IS COMPLETE:

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

  • Double-click on MBRCheck.exe to run it.
  • It will open a black window...please do not fix anything (if it gives you an option).
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
  • Please copy and paste the contents of that log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13719
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302143
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Infected by S.M.A.R.T. now sporadic background audio advertisments

Post by bh071texas on Fri Jun 15, 2012 7:59 pm

14:53:38.0010 4976 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
14:53:38.0400 4976 ============================================================
14:53:38.0400 4976 Current date / time: 2012/06/15 14:53:38.0400
14:53:38.0400 4976 SystemInfo:
14:53:38.0400 4976
14:53:38.0400 4976 OS Version: 6.1.7601 ServicePack: 1.0
14:53:38.0400 4976 Product type: Workstation
14:53:38.0400 4976 ComputerName: BRYANHOLLAND-PC
14:53:38.0400 4976 UserName: Bryan Holland
14:53:38.0400 4976 Windows directory: C:\Windows
14:53:38.0400 4976 System windows directory: C:\Windows
14:53:38.0400 4976 Running under WOW64
14:53:38.0400 4976 Processor architecture: Intel x64
14:53:38.0400 4976 Number of processors: 2
14:53:38.0400 4976 Page size: 0x1000
14:53:38.0400 4976 Boot type: Normal boot
14:53:38.0400 4976 ============================================================
14:53:43.0002 4976 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:53:43.0002 4976 ============================================================
14:53:43.0002 4976 \Device\Harddisk0\DR0:
14:53:43.0002 4976 MBR partitions:
14:53:43.0002 4976 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
14:53:43.0002 4976 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x236C9AB0
14:53:43.0002 4976 ============================================================
14:53:43.0502 4976 C: <-> \Device\Harddisk0\DR0\Partition1
14:53:43.0502 4976 ============================================================
14:53:43.0502 4976 Initialize success
14:53:43.0502 4976 ============================================================
14:53:58.0622 1836 ============================================================
14:53:58.0622 1836 Scan started
14:53:58.0622 1836 Mode: Manual;
14:53:58.0622 1836 ============================================================
14:54:08.0637 1836 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
14:54:08.0653 1836 1394ohci - ok
14:54:08.0715 1836 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:54:08.0731 1836 ACPI - ok
14:54:08.0778 1836 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:54:08.0809 1836 AcpiPmi - ok
14:54:09.0230 1836 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:54:09.0261 1836 AdobeARMservice - ok
14:54:09.0589 1836 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:54:09.0620 1836 AdobeFlashPlayerUpdateSvc - ok
14:54:09.0714 1836 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
14:54:09.0792 1836 adp94xx - ok
14:54:09.0838 1836 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
14:54:09.0885 1836 adpahci - ok
14:54:09.0932 1836 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
14:54:09.0979 1836 adpu320 - ok
14:54:10.0026 1836 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:54:10.0057 1836 AeLookupSvc - ok
14:54:10.0135 1836 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
14:54:10.0135 1836 AFD - ok
14:54:10.0213 1836 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:54:10.0244 1836 agp440 - ok
14:54:10.0275 1836 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:54:10.0306 1836 ALG - ok
14:54:10.0369 1836 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:54:10.0400 1836 aliide - ok
14:54:10.0416 1836 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:54:10.0447 1836 amdide - ok
14:54:10.0462 1836 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
14:54:10.0478 1836 AmdK8 - ok
14:54:10.0494 1836 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:54:10.0509 1836 AmdPPM - ok
14:54:10.0540 1836 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:54:10.0572 1836 amdsata - ok
14:54:10.0603 1836 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
14:54:10.0634 1836 amdsbs - ok
14:54:10.0650 1836 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:54:10.0665 1836 amdxata - ok
14:54:10.0696 1836 ApfiltrService (1412e9a88fe1f7e35ce6058a2ef03664) C:\Windows\system32\DRIVERS\Apfiltr.sys
14:54:10.0728 1836 ApfiltrService - ok
14:54:10.0774 1836 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:54:10.0806 1836 AppID - ok
14:54:10.0868 1836 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:54:10.0884 1836 AppIDSvc - ok
14:54:10.0930 1836 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
14:54:10.0962 1836 Appinfo - ok
14:54:11.0367 1836 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:54:11.0414 1836 Apple Mobile Device - ok
14:54:11.0539 1836 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
14:54:11.0570 1836 arc - ok
14:54:11.0586 1836 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
14:54:11.0617 1836 arcsas - ok
14:54:11.0664 1836 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:54:11.0695 1836 AsyncMac - ok
14:54:11.0742 1836 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:54:11.0773 1836 atapi - ok
14:54:11.0913 1836 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:54:11.0944 1836 AudioEndpointBuilder - ok
14:54:11.0944 1836 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:54:11.0944 1836 AudioSrv - ok
14:54:12.0022 1836 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
14:54:12.0054 1836 AxInstSV - ok
14:54:12.0132 1836 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
14:54:12.0163 1836 b06bdrv - ok
14:54:12.0241 1836 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:54:12.0272 1836 b57nd60a - ok
14:54:12.0288 1836 BCM42RLY (e001dd475a7c27ebe5a0db45c11bad71) C:\Windows\system32\drivers\BCM42RLY.sys
14:54:12.0319 1836 BCM42RLY - ok
14:54:12.0490 1836 BCM43XX (37394d3553e220fb732c21e217e1bd8b) C:\Windows\system32\DRIVERS\bcmwl664.sys
14:54:12.0522 1836 BCM43XX - ok
14:54:12.0662 1836 BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
14:54:12.0724 1836 BcmSqlStartupSvc - ok
14:54:12.0849 1836 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:54:12.0865 1836 BDESVC - ok
14:54:12.0990 1836 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:54:13.0021 1836 Beep - ok
14:54:13.0099 1836 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
14:54:13.0146 1836 BITS - ok
14:54:13.0192 1836 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:54:13.0239 1836 blbdrive - ok
14:54:13.0364 1836 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
14:54:13.0411 1836 Bonjour Service - ok
14:54:13.0458 1836 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:54:13.0489 1836 bowser - ok
14:54:13.0536 1836 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:54:13.0551 1836 BrFiltLo - ok
14:54:13.0551 1836 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:54:13.0582 1836 BrFiltUp - ok
14:54:13.0645 1836 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
14:54:13.0692 1836 BridgeMP - ok
14:54:13.0738 1836 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
14:54:13.0754 1836 Browser - ok
14:54:13.0770 1836 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:54:13.0801 1836 Brserid - ok
14:54:13.0816 1836 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:54:13.0848 1836 BrSerWdm - ok
14:54:13.0848 1836 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:54:13.0863 1836 BrUsbMdm - ok
14:54:13.0879 1836 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:54:13.0894 1836 BrUsbSer - ok
14:54:13.0910 1836 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:54:13.0926 1836 BTHMODEM - ok
14:54:13.0972 1836 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:54:13.0988 1836 bthserv - ok
14:54:14.0175 1836 catchme - ok
14:54:14.0238 1836 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:54:14.0269 1836 cdfs - ok
14:54:14.0316 1836 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
14:54:14.0362 1836 cdrom - ok
14:54:14.0409 1836 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:54:14.0440 1836 CertPropSvc - ok
14:54:14.0472 1836 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
14:54:14.0518 1836 circlass - ok
14:54:14.0596 1836 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:54:14.0596 1836 CLFS - ok
14:54:14.0706 1836 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:54:14.0752 1836 clr_optimization_v2.0.50727_32 - ok
14:54:14.0815 1836 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:54:14.0862 1836 clr_optimization_v2.0.50727_64 - ok
14:54:15.0049 1836 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:54:15.0080 1836 clr_optimization_v4.0.30319_32 - ok
14:54:15.0252 1836 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:54:15.0283 1836 clr_optimization_v4.0.30319_64 - ok
14:54:15.0314 1836 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:54:15.0361 1836 CmBatt - ok
14:54:15.0392 1836 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:54:15.0439 1836 cmdide - ok
14:54:15.0501 1836 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
14:54:15.0532 1836 CNG - ok
14:54:15.0564 1836 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:54:15.0595 1836 Compbatt - ok
14:54:15.0626 1836 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
14:54:15.0657 1836 CompositeBus - ok
14:54:15.0673 1836 COMSysApp - ok
14:54:15.0673 1836 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
14:54:15.0704 1836 crcdisk - ok
14:54:15.0735 1836 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
14:54:15.0751 1836 CryptSvc - ok
14:54:15.0798 1836 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
14:54:15.0829 1836 CtClsFlt - ok
14:54:15.0891 1836 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:54:15.0907 1836 DcomLaunch - ok
14:54:15.0969 1836 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:54:16.0000 1836 defragsvc - ok
14:54:16.0047 1836 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:54:16.0078 1836 DfsC - ok
14:54:16.0156 1836 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
14:54:16.0188 1836 Dhcp - ok
14:54:16.0234 1836 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:54:16.0234 1836 discache - ok
14:54:16.0281 1836 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
14:54:16.0312 1836 Disk - ok
14:54:16.0375 1836 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
14:54:16.0406 1836 Dnscache - ok
14:54:16.0515 1836 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
14:54:16.0546 1836 DockLoginService - ok
14:54:16.0625 1836 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
14:54:16.0657 1836 dot3svc - ok
14:54:16.0703 1836 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
14:54:16.0735 1836 DPS - ok
14:54:16.0797 1836 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:54:16.0828 1836 drmkaud - ok
14:54:16.0937 1836 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:54:16.0984 1836 DXGKrnl - ok
14:54:17.0031 1836 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:54:17.0062 1836 EapHost - ok
14:54:17.0281 1836 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
14:54:17.0405 1836 ebdrv - ok
14:54:17.0515 1836 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
14:54:17.0561 1836 EFS - ok
14:54:17.0656 1836 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
14:54:17.0703 1836 ehRecvr - ok
14:54:17.0734 1836 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
14:54:17.0750 1836 ehSched - ok
14:54:17.0843 1836 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
14:54:17.0890 1836 elxstor - ok
14:54:17.0921 1836 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:54:17.0968 1836 ErrDev - ok
14:54:18.0030 1836 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:54:18.0046 1836 EventSystem - ok
14:54:18.0108 1836 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:54:18.0140 1836 exfat - ok
14:54:18.0171 1836 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:54:18.0202 1836 fastfat - ok
14:54:18.0296 1836 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
14:54:18.0327 1836 Fax - ok
14:54:18.0374 1836 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:54:18.0420 1836 fdc - ok
14:54:18.0452 1836 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:54:18.0452 1836 fdPHost - ok
14:54:18.0467 1836 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:54:18.0467 1836 FDResPub - ok
14:54:18.0498 1836 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:54:18.0530 1836 FileInfo - ok
14:54:18.0545 1836 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:54:18.0576 1836 Filetrace - ok
14:54:18.0576 1836 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:54:18.0592 1836 flpydisk - ok
14:54:18.0639 1836 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:54:18.0670 1836 FltMgr - ok
14:54:18.0779 1836 FontCache (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll
14:54:18.0795 1836 FontCache - ok
14:54:18.0920 1836 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:54:18.0966 1836 FontCache3.0.0.0 - ok
14:54:19.0013 1836 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:54:19.0044 1836 FsDepends - ok
14:54:19.0076 1836 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
14:54:19.0122 1836 Fs_Rec - ok
14:54:19.0169 1836 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:54:19.0169 1836 fvevol - ok
14:54:19.0200 1836 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:54:19.0247 1836 gagp30kx - ok
14:54:19.0247 1836 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:54:19.0278 1836 GEARAspiWDM - ok
14:54:19.0419 1836 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
14:54:19.0450 1836 GoToAssist - ok
14:54:19.0528 1836 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
14:54:19.0575 1836 gpsvc - ok
14:54:19.0700 1836 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:54:19.0700 1836 gupdate - ok
14:54:19.0715 1836 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:54:19.0715 1836 gupdatem - ok
14:54:19.0793 1836 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
14:54:19.0840 1836 gusvc - ok
14:54:19.0856 1836 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:54:19.0902 1836 hcw85cir - ok
14:54:19.0949 1836 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
14:54:19.0980 1836 HDAudBus - ok
14:54:19.0996 1836 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
14:54:20.0012 1836 HidBatt - ok
14:54:20.0027 1836 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:54:20.0043 1836 HidBth - ok
14:54:20.0058 1836 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
14:54:20.0074 1836 HidIr - ok
14:54:20.0105 1836 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
14:54:20.0136 1836 hidserv - ok
14:54:20.0183 1836 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
14:54:20.0214 1836 HidUsb - ok
14:54:20.0261 1836 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
14:54:20.0292 1836 hkmsvc - ok
14:54:20.0324 1836 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
14:54:20.0355 1836 HomeGroupListener - ok
14:54:20.0417 1836 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
14:54:20.0417 1836 HomeGroupProvider - ok
14:54:20.0448 1836 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:54:20.0480 1836 HpSAMD - ok
14:54:20.0558 1836 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:54:20.0558 1836 HTTP - ok
14:54:20.0589 1836 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:54:20.0589 1836 hwpolicy - ok
14:54:20.0651 1836 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
14:54:20.0682 1836 i8042prt - ok
14:54:20.0838 1836 IAANTMON (7548066df68a8a1a56b043359f915f37) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
14:54:20.0932 1836 IAANTMON - ok
14:54:21.0010 1836 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
14:54:21.0010 1836 iaStor - ok
14:54:21.0057 1836 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:54:21.0104 1836 iaStorV - ok
14:54:21.0291 1836 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:54:21.0338 1836 idsvc - ok
14:54:21.0743 1836 igfx (babd5f9b2bcc82ce556a0baf1ae208a7) C:\Windows\system32\DRIVERS\igdkmd64.sys
14:54:21.0962 1836 igfx - ok
14:54:22.0086 1836 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
14:54:22.0118 1836 iirsp - ok
14:54:22.0196 1836 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
14:54:22.0242 1836 IKEEXT - ok
14:54:22.0289 1836 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:54:22.0320 1836 intelide - ok
14:54:22.0383 1836 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:54:22.0383 1836 intelppm - ok
14:54:22.0414 1836 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:54:22.0445 1836 IPBusEnum - ok
14:54:22.0508 1836 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:54:22.0539 1836 IpFilterDriver - ok
14:54:22.0554 1836 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:54:22.0586 1836 IPMIDRV - ok
14:54:22.0632 1836 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:54:22.0664 1836 IPNAT - ok
14:54:22.0851 1836 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
14:54:22.0898 1836 iPod Service - ok
14:54:22.0960 1836 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:54:23.0007 1836 IRENUM - ok
14:54:23.0054 1836 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:54:23.0085 1836 isapnp - ok
14:54:23.0132 1836 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:54:23.0178 1836 iScsiPrt - ok
14:54:23.0194 1836 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
14:54:23.0225 1836 kbdclass - ok
14:54:23.0272 1836 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
14:54:23.0303 1836 kbdhid - ok
14:54:23.0366 1836 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:54:23.0366 1836 KeyIso - ok
14:54:23.0381 1836 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
14:54:23.0428 1836 KSecDD - ok
14:54:23.0459 1836 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
14:54:23.0506 1836 KSecPkg - ok
14:54:23.0522 1836 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:54:23.0537 1836 ksthunk - ok
14:54:23.0600 1836 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:54:23.0631 1836 KtmRm - ok
14:54:23.0693 1836 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
14:54:23.0724 1836 LanmanServer - ok
14:54:23.0771 1836 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
14:54:23.0802 1836 LanmanWorkstation - ok
14:54:23.0865 1836 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:54:23.0896 1836 lltdio - ok
14:54:23.0958 1836 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:54:23.0990 1836 lltdsvc - ok
14:54:24.0005 1836 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:54:24.0021 1836 lmhosts - ok
14:54:24.0083 1836 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:54:24.0130 1836 LSI_FC - ok
14:54:24.0130 1836 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:54:24.0161 1836 LSI_SAS - ok
14:54:24.0177 1836 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:54:24.0192 1836 LSI_SAS2 - ok
14:54:24.0208 1836 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:54:24.0239 1836 LSI_SCSI - ok
14:54:24.0270 1836 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:54:24.0317 1836 luafv - ok
14:54:24.0567 1836 mcmscsvc (652d2afb3e0785c7158cd71496811a58) C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe
14:54:24.0582 1836 mcmscsvc - ok
14:54:24.0849 1836 McNASvc (2dbd66025339c2540efecffbb5eb2380) C:\Program Files (x86)\Common Files\mcafee\mna\mcnasvc.exe
14:54:24.0911 1836 McNASvc - ok
14:54:25.0005 1836 McODS - ok
14:54:25.0145 1836 McProxy (447fa93bb3e0ad783b1ad39b60c843e8) C:\PROGRA~2\COMMON~1\McAfee\McProxy\McProxy.exe
14:54:25.0192 1836 McProxy - ok
14:54:25.0285 1836 McShield (86275173c8145feb39ea1148738f236a) C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
14:54:25.0332 1836 McShield - ok
14:54:25.0395 1836 McSysmon (a6dfa048299d05bddb08fc59ffe090f6) C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe
14:54:25.0473 1836 McSysmon - ok
14:54:25.0566 1836 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
14:54:25.0582 1836 Mcx2Svc - ok
14:54:25.0629 1836 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
14:54:25.0660 1836 megasas - ok
14:54:25.0675 1836 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
14:54:25.0707 1836 MegaSR - ok
14:54:25.0785 1836 MemeoBackgroundService (d184aa8d7a1b3aa94508ba6c0bcc3bd6) C:\Program Files (x86)\WD\WD Anywhere Backup\MemeoBackgroundService.exe
14:54:25.0816 1836 MemeoBackgroundService - ok
14:54:25.0831 1836 mfeavfk (088620da20b98578bfc4b97043f24042) C:\Windows\system32\drivers\mfeavfk.sys
14:54:25.0863 1836 mfeavfk - ok
14:54:25.0863 1836 mfebopk (dd7b52227da36f2718306c98e474b51b) C:\Windows\system32\drivers\mfebopk.sys
14:54:25.0894 1836 mfebopk - ok
14:54:25.0925 1836 mfehidk (239e677e3e9047550c18b30c26c3ba3e) C:\Windows\system32\drivers\mfehidk.sys
14:54:25.0972 1836 mfehidk - ok
14:54:25.0987 1836 mferkdk (bb6bdc9029ca71d652eadc40ff78f7cb) C:\Windows\system32\drivers\mferkdk.sys
14:54:26.0003 1836 mferkdk - ok
14:54:26.0019 1836 mfesmfk (1f56e31db436287581cbe9a5c4c70e0e) C:\Windows\system32\drivers\mfesmfk.sys
14:54:26.0034 1836 mfesmfk - ok
14:54:26.0081 1836 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:54:26.0081 1836 MMCSS - ok
14:54:26.0128 1836 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:54:26.0159 1836 Modem - ok
14:54:26.0206 1836 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:54:26.0206 1836 monitor - ok
14:54:26.0268 1836 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:54:26.0299 1836 mouclass - ok
14:54:26.0331 1836 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:54:26.0346 1836 mouhid - ok
14:54:26.0393 1836 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:54:26.0393 1836 mountmgr - ok
14:54:26.0424 1836 MPFP (ae2e68527013eb4f761eccc630f7f1a3) C:\Windows\system32\Drivers\Mpfp.sys
14:54:26.0471 1836 MPFP - ok
14:54:26.0596 1836 MpfService (ddf8e1ba0c7502bc02fb5f904d049e52) C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
14:54:26.0596 1836 MpfService - ok
14:54:26.0658 1836 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:54:26.0689 1836 mpio - ok
14:54:26.0721 1836 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:54:26.0752 1836 mpsdrv - ok
14:54:26.0783 1836 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:54:26.0830 1836 MRxDAV - ok
14:54:26.0877 1836 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:54:26.0923 1836 mrxsmb - ok
14:54:26.0955 1836 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:54:26.0986 1836 mrxsmb10 - ok
14:54:27.0033 1836 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:54:27.0064 1836 mrxsmb20 - ok
14:54:27.0111 1836 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:54:27.0142 1836 msahci - ok
14:54:27.0173 1836 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:54:27.0204 1836 msdsm - ok
14:54:27.0235 1836 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:54:27.0282 1836 MSDTC - ok
14:54:27.0329 1836 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:54:27.0345 1836 Msfs - ok
14:54:27.0360 1836 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:54:27.0376 1836 mshidkmdf - ok
14:54:27.0423 1836 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:54:27.0438 1836 msisadrv - ok
14:54:27.0485 1836 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:54:27.0516 1836 MSiSCSI - ok
14:54:27.0532 1836 msiserver - ok
14:54:27.0641 1836 MSK80Service (c75e30539519b83cd041f8f057269d5c) C:\Program Files (x86)\McAfee\MSK\MskSrver.exe
14:54:27.0641 1836 MSK80Service - ok
14:54:27.0688 1836 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:54:27.0719 1836 MSKSSRV - ok
14:54:27.0735 1836 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:54:27.0750 1836 MSPCLOCK - ok
14:54:27.0766 1836 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:54:27.0781 1836 MSPQM - ok
14:54:27.0844 1836 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:54:27.0875 1836 MsRPC - ok
14:54:27.0922 1836 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
14:54:27.0922 1836 mssmbios - ok
14:54:28.0015 1836 MSSQL$MSSMLBIZ - ok
14:54:28.0109 1836 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
14:54:28.0171 1836 MSSQLServerADHelper - ok
14:54:28.0218 1836 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:54:28.0249 1836 MSTEE - ok
14:54:28.0296 1836 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
14:54:28.0312 1836 MTConfig - ok
14:54:28.0343 1836 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:54:28.0374 1836 Mup - ok
14:54:28.0452 1836 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
14:54:28.0452 1836 napagent - ok
14:54:28.0530 1836 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:54:28.0577 1836 NativeWifiP - ok
14:54:28.0655 1836 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:54:28.0655 1836 NDIS - ok
14:54:28.0702 1836 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:54:28.0717 1836 NdisCap - ok
14:54:28.0764 1836 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:54:28.0795 1836 NdisTapi - ok
14:54:28.0858 1836 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:54:28.0889 1836 Ndisuio - ok
14:54:28.0936 1836 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:54:28.0967 1836 NdisWan - ok
14:54:29.0014 1836 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:54:29.0029 1836 NDProxy - ok
14:54:29.0076 1836 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:54:29.0107 1836 NetBIOS - ok
14:54:29.0154 1836 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:54:29.0154 1836 NetBT - ok
14:54:29.0201 1836 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:54:29.0201 1836 Netlogon - ok
14:54:29.0263 1836 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:54:29.0279 1836 Netman - ok
14:54:29.0310 1836 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:54:29.0326 1836 netprofm - ok
14:54:29.0451 1836 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:54:29.0497 1836 NetTcpPortSharing - ok
14:54:29.0544 1836 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
14:54:29.0575 1836 nfrd960 - ok
14:54:29.0638 1836 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
14:54:29.0653 1836 NlaSvc - ok
14:54:29.0685 1836 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:54:29.0716 1836 Npfs - ok
14:54:29.0747 1836 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:54:29.0778 1836 nsi - ok
14:54:29.0794 1836 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:54:29.0794 1836 nsiproxy - ok
14:54:29.0919 1836 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:54:29.0965 1836 Ntfs - ok
14:54:30.0090 1836 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:54:30.0121 1836 Null - ok
14:54:30.0168 1836 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:54:30.0215 1836 nvraid - ok
14:54:30.0231 1836 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:54:30.0262 1836 nvstor - ok
14:54:30.0277 1836 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:54:30.0340 1836 nv_agp - ok
14:54:30.0543 1836 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:54:30.0589 1836 odserv - ok
14:54:30.0636 1836 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:54:30.0652 1836 ohci1394 - ok
14:54:30.0714 1836 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:54:30.0761 1836 ose - ok
14:54:31.0167 1836 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:54:31.0338 1836 osppsvc - ok
14:54:31.0479 1836 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:54:31.0510 1836 p2pimsvc - ok
14:54:31.0541 1836 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:54:31.0572 1836 p2psvc - ok
14:54:31.0635 1836 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
14:54:31.0666 1836 Parport - ok
14:54:31.0697 1836 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
14:54:31.0713 1836 partmgr - ok
14:54:31.0759 1836 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:54:31.0791 1836 PcaSvc - ok
14:54:31.0822 1836 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:54:31.0869 1836 pci - ok
14:54:31.0900 1836 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:54:31.0931 1836 pciide - ok
14:54:31.0978 1836 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
14:54:31.0993 1836 pcmcia - ok
14:54:32.0040 1836 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:54:32.0071 1836 pcw - ok
14:54:32.0118 1836 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:54:32.0165 1836 PEAUTH - ok
14:54:32.0259 1836 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:54:32.0305 1836 PerfHost - ok
14:54:32.0415 1836 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
14:54:32.0461 1836 pla - ok
14:54:32.0555 1836 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
14:54:32.0602 1836 PlugPlay - ok
14:54:32.0617 1836 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:54:32.0649 1836 PNRPAutoReg - ok
14:54:32.0680 1836 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:54:32.0680 1836 PNRPsvc - ok
14:54:32.0742 1836 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
14:54:32.0773 1836 Point64 - ok
14:54:32.0851 1836 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
14:54:32.0883 1836 PolicyAgent - ok
14:54:32.0914 1836 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
14:54:32.0929 1836 Power - ok
14:54:32.0992 1836 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:54:33.0023 1836 PptpMiniport - ok
14:54:33.0054 1836 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
14:54:33.0085 1836 Processor - ok
14:54:33.0132 1836 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
14:54:33.0163 1836 ProfSvc - ok
14:54:33.0210 1836 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:54:33.0210 1836 ProtectedStorage - ok
14:54:33.0273 1836 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:54:33.0273 1836 Psched - ok
14:54:33.0319 1836 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
14:54:33.0351 1836 PxHlpa64 - ok
14:54:33.0475 1836 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
14:54:33.0507 1836 ql2300 - ok
14:54:33.0663 1836 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
14:54:33.0709 1836 ql40xx - ok
14:54:33.0741 1836 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:54:33.0772 1836 QWAVE - ok
14:54:33.0819 1836 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:54:33.0850 1836 QWAVEdrv - ok
14:54:33.0865 1836 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:54:33.0881 1836 RasAcd - ok
14:54:33.0943 1836 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:54:33.0975 1836 RasAgileVpn - ok
14:54:34.0006 1836 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:54:34.0021 1836 RasAuto - ok
14:54:34.0068 1836 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:54:34.0115 1836 Rasl2tp - ok
14:54:34.0177 1836 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
14:54:34.0209 1836 RasMan - ok
14:54:34.0255 1836 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:54:34.0287 1836 RasPppoe - ok
14:54:34.0333 1836 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:54:34.0365 1836 RasSstp - ok
14:54:34.0411 1836 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:54:34.0458 1836 rdbss - ok
14:54:34.0489 1836 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:54:34.0521 1836 rdpbus - ok
14:54:34.0567 1836 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:54:34.0567 1836 RDPCDD - ok
14:54:34.0599 1836 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:54:34.0599 1836 RDPENCDD - ok
14:54:34.0630 1836 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:54:34.0630 1836 RDPREFMP - ok
14:54:34.0645 1836 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
14:54:34.0677 1836 RDPWD - ok
14:54:34.0739 1836 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:54:34.0770 1836 rdyboost - ok
14:54:34.0817 1836 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:54:34.0848 1836 RemoteAccess - ok
14:54:34.0895 1836 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:54:34.0926 1836 RemoteRegistry - ok
14:54:34.0942 1836 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:54:34.0973 1836 RpcEptMapper - ok
14:54:34.0989 1836 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:54:35.0020 1836 RpcLocator - ok
14:54:35.0082 1836 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:54:35.0098 1836 RpcSs - ok
14:54:35.0145 1836 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:54:35.0176 1836 rspndr - ok
14:54:35.0223 1836 RSUSBSTOR (4a25dc970c58104602ed274dacafd784) C:\Windows\system32\Drivers\RtsUStor.sys
14:54:35.0223 1836 RSUSBSTOR - ok
14:54:35.0269 1836 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:54:35.0269 1836 SamSs - ok
14:54:35.0285 1836 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:54:35.0316 1836 sbp2port - ok
14:54:35.0363 1836 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:54:35.0394 1836 SCardSvr - ok
14:54:35.0425 1836 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:54:35.0472 1836 scfilter - ok
14:54:35.0566 1836 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
14:54:35.0613 1836 Schedule - ok
14:54:35.0659 1836 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:54:35.0659 1836 SCPolicySvc - ok
14:54:35.0706 1836 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
14:54:35.0737 1836 SDRSVC - ok
14:54:35.0800 1836 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:54:35.0847 1836 secdrv - ok
14:54:35.0878 1836 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
14:54:35.0909 1836 seclogon - ok
14:54:35.0940 1836 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
14:54:35.0971 1836 SENS - ok
14:54:35.0971 1836 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:54:35.0987 1836 SensrSvc - ok
14:54:36.0003 1836 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:54:36.0018 1836 Serenum - ok
14:54:36.0049 1836 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:54:36.0065 1836 Serial - ok
14:54:36.0112 1836 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
14:54:36.0159 1836 sermouse - ok
14:54:36.0205 1836 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
14:54:36.0221 1836 SessionEnv - ok
14:54:36.0252 1836 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:54:36.0283 1836 sffdisk - ok
14:54:36.0315 1836 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:54:36.0330 1836 sffp_mmc - ok
14:54:36.0346 1836 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:54:36.0361 1836 sffp_sd - ok
14:54:36.0393 1836 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
14:54:36.0408 1836 sfloppy - ok
14:54:36.0627 1836 SftService (74ec60e20516aaa573be74f31175270f) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
14:54:36.0673 1836 SftService - ok
14:54:36.0814 1836 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
14:54:36.0861 1836 ShellHWDetection - ok
14:54:36.0907 1836 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:54:36.0954 1836 SiSRaid2 - ok
14:54:36.0954 1836 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
14:54:36.0985 1836 SiSRaid4 - ok
14:54:37.0032 1836 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:54:37.0063 1836 Smb - ok
14:54:37.0126 1836 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:54:37.0157 1836 SNMPTRAP - ok
14:54:37.0173 1836 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:54:37.0188 1836 spldr - ok
14:54:37.0266 1836 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
14:54:37.0313 1836 Spooler - ok
14:54:37.0578 1836 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
14:54:37.0609 1836 sppsvc - ok
14:54:37.0719 1836 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:54:37.0750 1836 sppuinotify - ok
14:54:37.0843 1836 sprtsvc_DellSupportCenter (d630b6f2e8379b6f10dc16e82a426552) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
14:54:37.0843 1836 sprtsvc_DellSupportCenter - ok
14:54:37.0968 1836 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
14:54:38.0015 1836 SQLBrowser - ok
14:54:38.0124 1836 SQLWriter (3c432a96363097870995e2a3c8b66abd) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
14:54:38.0171 1836 SQLWriter - ok
14:54:38.0265 1836 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:54:38.0296 1836 srv - ok
14:54:38.0358 1836 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:54:38.0389 1836 srv2 - ok
14:54:38.0436 1836 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:54:38.0467 1836 srvnet - ok
14:54:38.0530 1836 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:54:38.0561 1836 SSDPSRV - ok
14:54:38.0577 1836 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:54:38.0592 1836 SstpSvc - ok
14:54:38.0733 1836 STacSV (444109453a2b87e6c16bcda5953e81a9) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
14:54:38.0779 1836 STacSV - ok
14:54:38.0889 1836 Steam Client Service - ok
14:54:38.0935 1836 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
14:54:38.0967 1836 stexstor - ok
14:54:39.0013 1836 STHDA (02e784fa49032f84964db90a3ed81890) C:\Windows\system32\DRIVERS\stwrt64.sys
14:54:39.0060 1836 STHDA - ok
14:54:39.0107 1836 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
14:54:39.0138 1836 stisvc - ok
14:54:39.0185 1836 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
14:54:39.0216 1836 swenum - ok
14:54:39.0279 1836 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:54:39.0310 1836 swprv - ok
14:54:39.0450 1836 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
14:54:39.0481 1836 SysMain - ok
14:54:39.0606 1836 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
14:54:39.0637 1836 TabletInputService - ok
14:54:39.0669 1836 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
14:54:39.0700 1836 TapiSrv - ok
14:54:39.0715 1836 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:54:39.0731 1836 TBS - ok
14:54:39.0918 1836 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
14:54:39.0996 1836 Tcpip - ok
14:54:40.0215 1836 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
14:54:40.0230 1836 TCPIP6 - ok
14:54:40.0308 1836 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:54:40.0339 1836 tcpipreg - ok
14:54:40.0386 1836 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:54:40.0417 1836 TDPIPE - ok
14:54:40.0449 1836 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
14:54:40.0480 1836 TDTCP - ok
14:54:40.0542 1836 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:54:40.0573 1836 tdx - ok
14:54:40.0605 1836 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
14:54:40.0636 1836 TermDD - ok
14:54:40.0698 1836 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
14:54:40.0745 1836 TermService - ok
14:54:40.0776 1836 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:54:40.0792 1836 Themes - ok
14:54:40.0823 1836 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:54:40.0823 1836 THREADORDER - ok
14:54:40.0839 1836 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:54:40.0870 1836 TrkWks - ok
14:54:40.0948 1836 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
14:54:40.0948 1836 TrustedInstaller - ok
14:54:40.0995 1836 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:54:41.0041 1836 tssecsrv - ok
14:54:41.0088 1836 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:54:41.0119 1836 TsUsbFlt - ok
14:54:41.0182 1836 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:54:41.0229 1836 tunnel - ok
14:54:41.0260 1836 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
14:54:41.0307 1836 uagp35 - ok
14:54:41.0353 1836 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:54:41.0400 1836 udfs - ok
14:54:41.0431 1836 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:54:41.0478 1836 UI0Detect - ok
14:54:41.0509 1836 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:54:41.0556 1836 uliagpkx - ok
14:54:41.0619 1836 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
14:54:41.0650 1836 umbus - ok
14:54:41.0665 1836 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
14:54:41.0697 1836 UmPass - ok
14:54:41.0728 1836 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:54:41.0728 1836 upnphost - ok
14:54:41.0759 1836 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
14:54:41.0806 1836 USBAAPL64 - ok
14:54:41.0853 1836 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:54:41.0884 1836 usbccgp - ok
14:54:41.0899 1836 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:54:41.0915 1836 usbcir - ok
14:54:41.0946 1836 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
14:54:41.0962 1836 usbehci - ok
14:54:42.0009 1836 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:54:42.0055 1836 usbhub - ok
14:54:42.0071 1836 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
14:54:42.0102 1836 usbohci - ok
14:54:42.0149 1836 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:54:42.0180 1836 usbprint - ok
14:54:42.0211 1836 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
14:54:42.0243 1836 usbscan - ok
14:54:42.0289 1836 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:54:42.0321 1836 USBSTOR - ok
14:54:42.0352 1836 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
14:54:42.0383 1836 usbuhci - ok
14:54:42.0508 1836 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
14:54:42.0539 1836 usbvideo - ok
14:54:42.0586 1836 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:54:42.0617 1836 UxSms - ok
14:54:42.0664 1836 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:54:42.0664 1836 VaultSvc - ok
14:54:42.0742 1836 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:54:42.0773 1836 vdrvroot - ok
14:54:42.0835 1836 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
14:54:42.0882 1836 vds - ok
14:54:42.0929 1836 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:54:42.0945 1836 vga - ok
14:54:42.0976 1836 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:54:43.0007 1836 VgaSave - ok
14:54:43.0054 1836 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:54:43.0101 1836 vhdmp - ok
14:54:43.0116 1836 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:54:43.0147 1836 viaide - ok
14:54:43.0179 1836 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:54:43.0225 1836 volmgr - ok
14:54:43.0272 1836 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:54:43.0319 1836 volmgrx - ok
14:54:43.0350 1836 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:54:43.0397 1836 volsnap - ok
14:54:43.0428 1836 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
14:54:43.0444 1836 vsmraid - ok
14:54:43.0553 1836 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
14:54:43.0600 1836 VSS - ok
14:54:43.0709 1836 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
14:54:43.0740 1836 vwifibus - ok
14:54:43.0787 1836 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
14:54:43.0818 1836 vwififlt - ok
14:54:43.0865 1836 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:54:43.0912 1836 W32Time - ok
14:54:43.0943 1836 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
14:54:43.0959 1836 WacomPen - ok
14:54:44.0021 1836 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:54:44.0052 1836 WANARP - ok
14:54:44.0052 1836 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:54:44.0052 1836 Wanarpv6 - ok
14:54:44.0193 1836 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
14:54:44.0239 1836 WatAdminSvc - ok
14:54:44.0364 1836 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
14:54:44.0427 1836 wbengine - ok
14:54:44.0551 1836 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:54:44.0583 1836 WbioSrvc - ok
14:54:44.0645 1836 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
14:54:44.0676 1836 wcncsvc - ok
14:54:44.0707 1836 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:54:44.0739 1836 WcsPlugInService - ok
14:54:44.0801 1836 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
14:54:44.0832 1836 Wd - ok
14:54:44.0910 1836 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:54:44.0957 1836 Wdf01000 - ok
14:54:44.0988 1836 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:54:45.0004 1836 WdiServiceHost - ok
14:54:45.0004 1836 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:54:45.0004 1836 WdiSystemHost - ok
14:54:45.0051 1836 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
14:54:45.0082 1836 WebClient - ok
14:54:45.0113 1836 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:54:45.0144 1836 Wecsvc - ok
14:54:45.0175 1836 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:54:45.0191 1836 wercplsupport - ok
14:54:45.0222 1836 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:54:45.0253 1836 WerSvc - ok
14:54:45.0316 1836 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:54:45.0363 1836 WfpLwf - ok
14:54:45.0409 1836 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
14:54:45.0441 1836 WimFltr - ok
14:54:45.0472 1836 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:54:45.0503 1836 WIMMount - ok
14:54:45.0534 1836 WinHttpAutoProxySvc - ok
14:54:45.0612 1836 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:54:45.0643 1836 Winmgmt - ok
14:54:45.0799 1836 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
14:54:45.0862 1836 WinRM - ok
14:54:46.0033 1836 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
14:54:46.0065 1836 WinUsb - ok
14:54:46.0127 1836 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:54:46.0174 1836 Wlansvc - ok
14:54:46.0252 1836 wltrysvc (13b0a570e1ae451c92da550085d72cf3) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
14:54:46.0267 1836 wltrysvc - ok
14:54:46.0299 1836 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
14:54:46.0314 1836 WmiAcpi - ok
14:54:46.0392 1836 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:54:46.0423 1836 wmiApSrv - ok
14:54:46.0501 1836 WMPNetworkSvc - ok
14:54:46.0533 1836 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:54:46.0564 1836 WPCSvc - ok
14:54:46.0595 1836 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
14:54:46.0626 1836 WPDBusEnum - ok
14:54:46.0657 1836 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:54:46.0657 1836 ws2ifsl - ok
14:54:46.0657 1836 WSearch - ok
14:54:46.0845 1836 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
14:54:46.0891 1836 wuauserv - ok
14:54:47.0032 1836 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:54:47.0047 1836 WudfPf - ok
14:54:47.0110 1836 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:54:47.0141 1836 WUDFRd - ok
14:54:47.0188 1836 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
14:54:47.0219 1836 wudfsvc - ok
14:54:47.0266 1836 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
14:54:47.0297 1836 WwanSvc - ok
14:54:47.0359 1836 yukonw7 (79d9ce9614c955dd31aa2556b4014662) C:\Windows\system32\DRIVERS\yk62x64.sys
14:54:47.0375 1836 yukonw7 - ok
14:54:47.0406 1836 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:54:47.0437 1836 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
14:54:47.0437 1836 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
14:54:47.0484 1836 Boot (0x1200) (ce1660b4a78827026eab557be1bfe095) \Device\Harddisk0\DR0\Partition0
14:54:47.0484 1836 \Device\Harddisk0\DR0\Partition0 - ok
14:54:47.0500 1836 Boot (0x1200) (6430c44780e17fd2284ea75c099edc8e) \Device\Harddisk0\DR0\Partition1
14:54:47.0500 1836 \Device\Harddisk0\DR0\Partition1 - ok
14:54:47.0500 1836 ============================================================
14:54:47.0515 1836 Scan finished
14:54:47.0515 1836 ============================================================
14:54:47.0531 2636 Detected object count: 1
14:54:47.0531 2636 Actual detected object count: 1
14:55:21.0945 2636 \Device\Harddisk0\DR0\# - copied to quarantine
14:55:21.0960 2636 \Device\Harddisk0\DR0 - copied to quarantine
14:55:22.0070 2636 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
14:55:22.0070 2636 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
14:55:22.0070 2636 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
14:55:22.0085 2636 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
14:55:22.0085 2636 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
14:55:22.0101 2636 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
14:55:22.0226 2636 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
14:55:22.0241 2636 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
14:55:22.0257 2636 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
14:55:22.0288 2636 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
14:55:22.0366 2636 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
14:55:22.0444 2636 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
14:55:22.0475 2636 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
14:55:22.0491 2636 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
14:55:22.0506 2636 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
14:55:22.0506 2636 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
14:55:22.0506 2636 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine
14:55:22.0553 2636 \Device\Harddisk0\DR0\TDLFS\com64 - copied to quarantine
14:55:22.0631 2636 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine
14:55:22.0709 2636 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine
14:55:22.0787 2636 \Device\Harddisk0\DR0\TDLFS\serf364 - copied to quarantine
14:55:22.0850 2636 \Device\Harddisk0\DR0\TDLFS\bbr264 - copied to quarantine
14:55:23.0489 2636 \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine
14:55:23.0536 2636 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine
14:55:23.0583 2636 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
14:55:23.0614 2636 \Device\Harddisk0\DR0 - ok
14:55:23.0708 2636 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure

bh071texas
Novice
Novice

Posts Posts : 11
Joined Joined : 2012-06-15
OS OS : Windows 7 Home Edition
Points Points : 16503
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected by S.M.A.R.T. now sporadic background audio advertisments

Post by bh071texas on Fri Jun 15, 2012 8:02 pm

I did not reboot yet. Next scan data from MBRcheck below . . . .

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Inspiron 1545
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 190):
0x02A59000 \SystemRoot\system32\ntoskrnl.exe
0x02A10000 \SystemRoot\system32\hal.dll
0x00BBF000 \SystemRoot\system32\kdcom.dll
0x00CE8000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D37000 \SystemRoot\system32\PSHED.dll
0x00D4B000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00E9D000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F41000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F50000 \SystemRoot\system32\drivers\ACPI.sys
0x00FA7000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00FB0000 \SystemRoot\system32\drivers\msisadrv.sys
0x00FBA000 \SystemRoot\system32\drivers\pci.sys
0x00FED000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00E00000 \SystemRoot\System32\drivers\partmgr.sys
0x00E15000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00E1E000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00E2A000 \SystemRoot\system32\drivers\volmgr.sys
0x00E3F000 \SystemRoot\System32\drivers\volmgrx.sys
0x00CC0000 \SystemRoot\System32\drivers\mountmgr.sys
0x01040000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x0115C000 \SystemRoot\system32\drivers\amdxata.sys
0x01167000 \SystemRoot\system32\drivers\fltmgr.sys
0x011B3000 \SystemRoot\system32\drivers\fileinfo.sys
0x011C7000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x01207000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0145C000 \SystemRoot\System32\Drivers\msrpc.sys
0x014BA000 \SystemRoot\System32\Drivers\ksecdd.sys
0x014D5000 \SystemRoot\System32\Drivers\cng.sys
0x01547000 \SystemRoot\System32\drivers\pcw.sys
0x01558000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x016EB000 \SystemRoot\system32\drivers\ndis.sys
0x01600000 \SystemRoot\system32\drivers\NETIO.SYS
0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x0168B000 \SystemRoot\system32\drivers\volsnap.sys
0x016D7000 \SystemRoot\System32\Drivers\spldr.sys
0x01562000 \SystemRoot\System32\drivers\rdyboost.sys
0x017DE000 \SystemRoot\System32\Drivers\mup.sys
0x017F0000 \SystemRoot\System32\drivers\hwpolicy.sys
0x0159C000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x015D6000 \SystemRoot\system32\DRIVERS\disk.sys
0x01400000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x03800000 \SystemRoot\system32\drivers\cdrom.sys
0x0382A000 \SystemRoot\System32\Drivers\Null.SYS
0x03833000 \SystemRoot\System32\Drivers\Beep.SYS
0x0383A000 \SystemRoot\System32\drivers\vga.sys
0x03848000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x0386D000 \SystemRoot\System32\drivers\watchdog.sys
0x0387D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x03886000 \SystemRoot\system32\drivers\rdpencdd.sys
0x0388F000 \SystemRoot\system32\drivers\rdprefmp.sys
0x03898000 \SystemRoot\System32\Drivers\Msfs.SYS
0x039D8000 \SystemRoot\System32\Drivers\Npfs.SYS
0x03A58000 \SystemRoot\System32\drivers\tcpip.sys
0x03C5B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x03CA5000 \SystemRoot\System32\Drivers\Mpfp.sys
0x03CE2000 \SystemRoot\System32\Drivers\TDI.SYS
0x03CEF000 \SystemRoot\system32\DRIVERS\tdx.sys
0x03D11000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0x03D2F000 \SystemRoot\system32\drivers\afd.sys
0x03DB8000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03A00000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x03A0B000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03A14000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03A3A000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x039E9000 \SystemRoot\system32\DRIVERS\netbios.sys
0x0143E000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x015EC000 \SystemRoot\system32\drivers\termdd.sys
0x013AA000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x016DF000 \SystemRoot\system32\drivers\nsiproxy.sys
0x011D3000 \SystemRoot\system32\drivers\mssmbios.sys
0x00DA9000 \SystemRoot\system32\drivers\mfehidk.sys
0x011DE000 \SystemRoot\System32\drivers\discache.sys
0x01000000 \SystemRoot\System32\Drivers\dfsc.sys
0x0101E000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x0409A000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04618000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x040C0000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04D17000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04D5D000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x04D6A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04DC0000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04DD1000 \SystemRoot\system32\drivers\HDAudBus.sys
0x04E23000 \SystemRoot\system32\DRIVERS\bcmwl664.sys
0x050CB000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x050D8000 \SystemRoot\system32\DRIVERS\yk62x64.sys
0x0513C000 \SystemRoot\system32\drivers\i8042prt.sys
0x0515A000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x05196000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x051A5000 \SystemRoot\system32\drivers\kbdclass.sys
0x051B4000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x051C1000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x051C6000 \SystemRoot\system32\drivers\wmiacpi.sys
0x051CF000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x051E5000 \SystemRoot\system32\drivers\CompositeBus.sys
0x04E00000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x041B4000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04E16000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04000000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x0402F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x0404A000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x0406B000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x051F5000 \SystemRoot\system32\drivers\swenum.sys
0x02A84000 \SystemRoot\system32\drivers\ks.sys
0x02AC7000 \SystemRoot\system32\drivers\umbus.sys
0x02AD9000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x02B33000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x02B48000 \SystemRoot\system32\DRIVERS\stwrt64.sys
0x02BC3000 \SystemRoot\system32\DRIVERS\portcls.sys
0x02A00000 \SystemRoot\system32\DRIVERS\drmk.sys
0x02A22000 \SystemRoot\system32\drivers\ksthunk.sys
0x02A28000 \SystemRoot\System32\Drivers\RtsUStor.sys
0x02A62000 \SystemRoot\System32\Drivers\USBD.SYS
0x02A64000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x00060000 \SystemRoot\System32\win32k.sys
0x04600000 \SystemRoot\System32\drivers\Dxapi.sys
0x041D8000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x04085000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x038A3000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x051F7000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x038BC000 \SystemRoot\System32\Drivers\usbvideo.sys
0x038EA000 \SystemRoot\system32\DRIVERS\CtClsFlt.sys
0x041F3000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x03915000 \SystemRoot\System32\Drivers\crashdmp.sys
0x05AD0000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x05A00000 \SystemRoot\System32\Drivers\fastfat.SYS
0x05A36000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x05A49000 \SystemRoot\system32\DRIVERS\monitor.sys
0x004B0000 \SystemRoot\System32\TSDDD.dll
0x00600000 \SystemRoot\System32\cdd.dll
0x00920000 \SystemRoot\System32\ATMFD.DLL
0x05A57000 \SystemRoot\system32\drivers\luafv.sys
0x05A7A000 \SystemRoot\system32\drivers\WudfPf.sys
0x05A9B000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x03923000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x05AB0000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x03976000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x026EC000 \SystemRoot\system32\drivers\HTTP.sys
0x027B5000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x02600000 \SystemRoot\system32\DRIVERS\bowser.sys
0x0261E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0264B000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x02699000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x0289F000 \SystemRoot\System32\DRIVERS\srv2.sys
0x02908000 \SystemRoot\System32\DRIVERS\srv.sys
0x08019000 \SystemRoot\system32\drivers\peauth.sys
0x080BF000 \SystemRoot\System32\Drivers\secdrv.SYS
0x080CA000 \SystemRoot\System32\drivers\tcpipreg.sys
0x080DC000 \SystemRoot\system32\drivers\BCM42RLY.sys
0x080E5000 \SystemRoot\system32\drivers\mfeavfk.sys
0x08177000 \SystemRoot\system32\drivers\39809535.sys
0x76EE0000 \WINDOWS\System32\ntdll.dll
0x47CD0000 \WINDOWS\System32\smss.exe
0xFF200000 \WINDOWS\System32\apisetschema.dll
0xFFE70000 \WINDOWS\System32\autochk.exe
0xFF170000 \WINDOWS\System32\difxapi.dll
0xFF090000 \WINDOWS\System32\advapi32.dll
0x76DC0000 \WINDOWS\System32\kernel32.dll
0xFF060000 \WINDOWS\System32\imm32.dll
0xFEF50000 \WINDOWS\System32\msctf.dll
0xFEE70000 \WINDOWS\System32\oleaut32.dll
0xFEDA0000 \WINDOWS\System32\usp10.dll
0xFED40000 \WINDOWS\System32\Wldap32.dll
0xFEAE0000 \WINDOWS\System32\iertutil.dll
0xFE9B0000 \WINDOWS\System32\wininet.dll
0xFE880000 \WINDOWS\System32\rpcrt4.dll
0xFE860000 \WINDOWS\System32\imagehlp.dll
0xFE840000 \WINDOWS\System32\sechost.dll
0xFE7A0000 \WINDOWS\System32\clbcatq.dll
0x76CC0000 \WINDOWS\System32\user32.dll
0xFE5C0000 \WINDOWS\System32\setupapi.dll
0x770B0000 \WINDOWS\System32\psapi.dll
0xFE520000 \WINDOWS\System32\comdlg32.dll
0xFE510000 \WINDOWS\System32\nsi.dll
0xFE490000 \WINDOWS\System32\shlwapi.dll
0xFE420000 \WINDOWS\System32\gdi32.dll
0xFD690000 \WINDOWS\System32\shell32.dll
0x770A0000 \WINDOWS\System32\normaliz.dll
0xFD480000 \WINDOWS\System32\ole32.dll
0xFD470000 \WINDOWS\System32\lpk.dll
0xFD420000 \WINDOWS\System32\ws2_32.dll
0xFD380000 \WINDOWS\System32\msvcrt.dll
0xFD200000 \WINDOWS\System32\urlmon.dll
0xFD1C0000 \WINDOWS\System32\cfgmgr32.dll
0xFD1A0000 \WINDOWS\System32\devobj.dll
0xFD130000 \WINDOWS\System32\KernelBase.dll
0xFD0F0000 \WINDOWS\System32\wintrust.dll
0xFD050000 \WINDOWS\System32\comctl32.dll
0xFCEE0000 \WINDOWS\System32\crypt32.dll
0xFCED0000 \WINDOWS\System32\msasn1.dll

Processes (total 92):
0 System Idle Process
4 System
308 C:\WINDOWS\System32\smss.exe
412 C:\WINDOWS\System32\csrss.exe
468 C:\WINDOWS\System32\wininit.exe
484 C:\WINDOWS\System32\csrss.exe
524 C:\WINDOWS\System32\winlogon.exe
568 C:\WINDOWS\System32\services.exe
584 C:\WINDOWS\System32\lsass.exe
592 C:\WINDOWS\System32\lsm.exe
700 C:\WINDOWS\System32\svchost.exe
776 C:\WINDOWS\System32\svchost.exe
836 C:\WINDOWS\System32\svchost.exe
920 C:\WINDOWS\System32\svchost.exe
972 C:\WINDOWS\System32\svchost.exe
996 C:\WINDOWS\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe
436 C:\WINDOWS\System32\svchost.exe
1124 C:\Program Files\Dell\DellDock\DockLogin.exe
1180 C:\WINDOWS\System32\svchost.exe
1268 C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
1276 C:\WINDOWS\System32\wlanext.exe
1284 C:\WINDOWS\System32\conhost.exe
1312 C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE
1392 C:\WINDOWS\System32\spoolsv.exe
1840 C:\WINDOWS\System32\dwm.exe
1872 C:\WINDOWS\explorer.exe
1288 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
956 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1108 C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
1604 C:\Program Files\Bonjour\mDNSResponder.exe
1620 C:\WINDOWS\System32\svchost.exe
1692 C:\PROGRA~2\COMMON~1\McAfee\McProxy\McProxy.exe
1788 C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
2068 C:\Program Files\DellTPad\Apoint.exe
2080 C:\Program Files\IDT\WDM\sttray64.exe
2088 C:\WINDOWS\System32\igfxtray.exe
2124 C:\WINDOWS\System32\hkcmd.exe
2168 C:\WINDOWS\System32\igfxpers.exe
2204 C:\WINDOWS\System32\igfxsrvc.exe
2360 C:\Program Files\DellTPad\ApMsgFwd.exe
2368 C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
2396 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
2412 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
2456 C:\Program Files\DellTPad\hidfind.exe
2464 C:\Program Files\DellTPad\ApntEx.exe
2480 C:\WINDOWS\System32\conhost.exe
2508 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
2528 C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
2648 C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
2668 C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
2692 C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
2812 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
2824 C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
2836 C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
2860 C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
2928 C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
3012 C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe
3048 C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
1748 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
1760 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
2020 C:\WINDOWS\System32\conhost.exe
3180 C:\Program Files (x86)\McAfee\MSK\msksrver.exe
3252 C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
3288 C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
3356 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
3376 C:\WINDOWS\System32\svchost.exe
3460 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
3568 C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
3692 C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
3708 C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
3780 C:\WINDOWS\System32\SearchIndexer.exe
4048 C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe
728 C:\WINDOWS\System32\svchost.exe
4448 C:\Program Files\Windows Media Player\wmpnetwk.exe
4460 C:\Program Files (x86)\WD\WD Anywhere Backup\MemeoBackup.exe
4636 C:\Program Files\iPod\bin\iPodService.exe
900 C:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe
2344 C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
4396 C:\WINDOWS\System32\wuauclt.exe
1040 C:\WINDOWS\servicing\TrustedInstaller.exe
320 C:\WINDOWS\System32\audiodg.exe
3028 C:\Program Files\Internet Explorer\iexplore.exe
240 C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
2296 C:\WINDOWS\SysWOW64\PING.EXE
3848 C:\WINDOWS\System32\conhost.exe
1856 C:\WINDOWS\SysWOW64\PING.EXE
4332 C:\WINDOWS\System32\conhost.exe
1300 C:\WINDOWS\System32\SearchProtocolHost.exe
4292 C:\WINDOWS\System32\SearchFilterHost.exe
4564 C:\WINDOWS\System32\SearchProtocolHost.exe
4796 C:\Users\Bryan Holland\Desktop\MBRCheck.exe
2032 C:\WINDOWS\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`ac000000 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHM320II, Rev: 2AC101C4

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

bh071texas
Novice
Novice

Posts Posts : 11
Joined Joined : 2012-06-15
OS OS : Windows 7 Home Edition
Points Points : 16503
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected by S.M.A.R.T. now sporadic background audio advertisments

Post by Dr Jay on Fri Jun 15, 2012 10:32 pm

Excellent work!!

Re-run a Malwarebytes' Anti-Malware Quick Scan and post a new log, please.

In addition, please do the following:

ESET Online Scan

Run a free online scan with the [You must be registered and logged in to see this link.]
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13719
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302143
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Infected by S.M.A.R.T. now sporadic background audio advertisments

Post by bh071texas on Sat Jun 16, 2012 10:38 pm

Malwarebytes Anti-Malware 1.61.0.1400
[You must be registered and logged in to see this link.]

Database version: v2012.06.15.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Bryan Holland :: BRYANHOLLAND-PC [administrator]

6/16/2012 3:30:33 PM
mbam-log-2012-06-16 (15-30-33).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211633
Time elapsed: 6 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\WINDOWS\System32\mdhcp32.dll (Spyware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\System32\sname (Spyware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Installer\{ff3c5f34-6e49-11eb-cc8f-67534bbe83fe}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\WINDOWS\SysWOW64\mdhcp32.dll (Trojan.Agent) -> Quarantined and deleted successfully.

(end)


SHOULD I REBOOT TO REMOVE THOSE FOUND AS SUGGESTED BY THE PROGRAM?

EST Online scan results to follow

bh071texas
Novice
Novice

Posts Posts : 11
Joined Joined : 2012-06-15
OS OS : Windows 7 Home Edition
Points Points : 16503
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected by S.M.A.R.T. now sporadic background audio advertisments

Post by bh071texas on Sat Jun 16, 2012 11:14 pm

couldn't get the on-line scanner through my pop-up Active X security. I thought I turned if off and even added the site to my trusted list but still not able to run the diagnostic program.

Ideas?

bh071texas
Novice
Novice

Posts Posts : 11
Joined Joined : 2012-06-15
OS OS : Windows 7 Home Edition
Points Points : 16503
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected by S.M.A.R.T. now sporadic background audio advertisments

Post by Dr Jay on Mon Jun 18, 2012 2:50 pm

We'll need to do some more searching...Let me know if you can complete this:

Download [You must be registered and logged in to see this link.] and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:

      Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt


  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to the disclaimer.
  • Place a check next to List Drivers MD5 as well as the default check marks that are already there
  • Press Scan button.
  • type exit and reboot the computer normally
  • FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13719
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302143
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Infected by S.M.A.R.T. now sporadic background audio advertisments

Post by bh071texas on Mon Jun 18, 2012 10:49 pm

Scan result of Farbar Recovery Scan Tool Version: 17-06-2012 04
Ran by SYSTEM at 18-06-2012 18:37:43
Running from E:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [305664 2009-01-22] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-28] (IDT, Inc.)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [165912 2009-06-30] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [385560 2009-06-30] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [365080 2009-06-30] (Intel Corporation)
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-16] (Dell Inc.)
HKLM\...\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m [1779952 2009-09-11] ()
HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [494064 2009-06-18] ()
HKLM-x32\...\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe /runkey [645328 2009-05-01] (McAfee, Inc.)
HKLM-x32\...\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [WD Anywhere Backup] C:\Program Files (x86)\WD\WD Anywhere Backup\MemeoLauncher2.exe --silent [222432 2009-11-12] (Memeo Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKU\Bryan Holland\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-01-04] (Google Inc.)
HKU\Bryan Holland\...\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59240 2012-02-23] (Apple Inc.)
HKU\Bryan Holland\...\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59240 2012-02-24] (Apple Inc.)
HKU\Bryan Holland\...\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59240 2012-02-23] (Apple Inc.)
HKU\Bryan Holland\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
HKLM\...\InprocServer32: [Default-wbemess] \\.\globalroot\systemroot\Installer\{ff3c5f34-6e49-11eb-cc8f-67534bbe83fe}\n. ATTENTION! ====> ZeroAccess

==================== Services (Whitelisted) ======

2 BcmSqlStartupSvc; "C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [30312 2009-02-20] (Microsoft Corporation)
2 mcmscsvc; C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe [865832 2009-05-01] (McAfee, Inc.)
3 McODS; C:\Program Files\McAfee\VIRUSS~1\mcods.exe [696848 2009-06-16] (McAfee, Inc.)
2 McProxy; C:\PROGRA~2\COMMON~1\McAfee\McProxy\McProxy.exe [359952 2009-04-09] (McAfee, Inc.)
2 McShield; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [155456 2009-06-18] (McAfee, Inc.)
4 McSysmon; C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe [606736 2009-06-16] (McAfee, Inc.)
2 MemeoBackgroundService; C:\Program Files (x86)\WD\WD Anywhere Backup\MemeoBackgroundService.exe [25824 2009-11-12] (Memeo)
2 MpfService; C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe [893112 2009-06-09] (McAfee, Inc.)
2 MSK80Service; "C:\Program Files (x86)\McAfee\MSK\MskSrver.exe" [26640 2009-04-09] (McAfee, Inc.)
3 MSSQL$MSSMLBIZ; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [29293408 2010-12-10] (Microsoft Corporation)
4 MSSQLServerADHelper; "C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe" [44384 2010-12-10] (Microsoft Corporation)
2 SQLWriter; "C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [153440 2010-12-10] (Microsoft Corporation)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-28] (IDT, Inc.)
2 McNASvc; %CommonProgramFiles(x86)%\mcafee\mna\mcnasvc.exe [x]

========================== Drivers (Whitelisted) =============

3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [102600 2009-06-18] (McAfee, Inc.)
3 mfebopk; C:\Windows\System32\Drivers\mfebopk.sys [41032 2009-06-18] (McAfee, Inc.)
1 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [307400 2009-06-18] (McAfee, Inc.)
3 mferkdk; C:\Windows\System32\Drivers\mferkdk.sys [40904 2009-06-18] (McAfee, Inc.)
3 mfesmfk; C:\Windows\System32\Drivers\mfesmfk.sys [49480 2009-06-18] (McAfee, Inc.)
1 MPFP; C:\Windows\System32\Drivers\MPFP.sys [176144 2009-04-09] (McAfee, Inc.)
3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [215552 2009-05-08] (Realtek Semiconductor Corp.)
3 catchme; \??\C:\ComboFix\catchme.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-18 18:37 - 2012-06-18 18:38 - 00000000 ____D C:\FRST
2012-06-18 17:27 - 2012-06-18 17:27 - 00008212 ____A C:\Windows\mfebcdata
2012-06-16 03:11 - 2012-06-16 03:11 - 464124811 ____A C:\Windows\MEMORY.DMP
2012-06-15 14:58 - 2012-06-15 14:58 - 00015889 ____A C:\Users\Bryan Holland\Desktop\MBRCheck_06.15.12_14.58.08.txt
2012-06-15 14:57 - 2012-06-15 14:58 - 00080384 ____A C:\Users\Bryan Holland\Desktop\MBRCheck.exe
2012-06-15 14:55 - 2012-06-15 14:55 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-06-15 14:53 - 2012-06-15 14:57 - 00129924 ____A C:\TDSSKiller.2.7.40.0_15.06.2012_14.53.37_log.txt
2012-06-15 14:53 - 2012-06-15 14:53 - 02127960 ____A (Kaspersky Lab ZAO) C:\Users\Bryan Holland\Desktop\tdsskiller.exe
2012-06-15 14:53 - 2012-05-14 23:01 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-15 14:53 - 2012-05-14 22:59 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-15 14:53 - 2012-05-14 22:03 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-15 14:53 - 2012-05-14 22:00 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-15 14:53 - 2012-05-01 00:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-15 14:53 - 2012-04-24 00:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-15 14:53 - 2012-04-24 00:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-15 14:53 - 2012-04-24 00:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-15 14:53 - 2012-04-23 23:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-06-15 14:53 - 2012-04-23 23:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-06-15 14:53 - 2012-04-23 23:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-06-15 14:53 - 2012-04-20 00:42 - 12297216 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-15 14:53 - 2012-04-20 00:42 - 09059840 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-15 14:53 - 2012-04-20 00:42 - 02454528 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-15 14:53 - 2012-04-20 00:42 - 01494016 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-15 14:53 - 2012-04-20 00:42 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-06-15 14:53 - 2012-04-20 00:42 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-15 14:53 - 2012-04-20 00:42 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-15 14:53 - 2012-04-20 00:42 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-15 14:53 - 2012-04-20 00:00 - 01231360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-15 14:53 - 2012-04-20 00:00 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-15 14:53 - 2012-04-19 23:57 - 06027776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-15 14:53 - 2012-04-19 23:57 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-06-15 14:53 - 2012-04-19 23:57 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-15 14:53 - 2012-04-19 23:56 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-15 14:53 - 2012-04-19 23:56 - 02073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-15 14:53 - 2012-04-19 23:56 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-15 14:53 - 2012-04-19 22:45 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-15 14:53 - 2012-04-19 22:16 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-15 14:53 - 2012-04-07 07:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-15 14:53 - 2012-04-07 06:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-06-15 14:52 - 2012-05-04 06:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-15 14:52 - 2012-05-04 05:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-15 14:52 - 2012-05-04 05:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-15 14:52 - 2012-04-26 00:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-15 14:52 - 2012-04-26 00:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-15 14:52 - 2012-04-26 00:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-15 14:51 - 2012-05-14 20:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-15 14:51 - 2012-04-27 22:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-15 14:50 - 2012-04-17 00:31 - 00918016 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-15 14:50 - 2012-04-16 23:34 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-15 14:27 - 2012-06-15 14:27 - 00000005 ____A C:\Users\Bryan Holland\Application Data\mbam.context.scan
2012-06-15 14:27 - 2012-06-15 14:27 - 00000005 ____A C:\Users\Bryan Holland\AppData\Roaming\mbam.context.scan
2012-06-15 12:41 - 2012-06-15 12:41 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-06-15 12:38 - 2012-06-15 12:38 - 04731392 ____A (AVAST Software) C:\Users\Bryan Holland\Desktop\aswMBR.exe
2012-06-15 12:27 - 2012-06-15 12:27 - 00013247 ____A C:\Users\Bryan Holland\Desktop\combofix scan log 6.15.2102.txt
2012-06-15 12:25 - 2012-06-15 12:25 - 00013247 ____A C:\ComboFix.txt
2012-06-15 12:03 - 2012-06-15 12:03 - 00000000 ____D C:\$RECYCLE.BIN
2012-06-15 12:00 - 2012-06-15 12:00 - 00000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG2
2012-06-15 12:00 - 2012-06-15 12:00 - 00000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG1
2012-06-15 12:00 - 2012-06-15 12:00 - 00000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG2
2012-06-15 12:00 - 2012-06-15 12:00 - 00000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG1
2012-06-15 12:00 - 2012-06-15 12:00 - 00000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG2
2012-06-15 12:00 - 2012-06-15 12:00 - 00000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG1
2012-06-15 12:00 - 2012-06-15 12:00 - 00000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG2
2012-06-15 12:00 - 2012-06-15 12:00 - 00000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG1
2012-06-15 12:00 - 2012-06-15 12:00 - 00000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG2
2012-06-15 12:00 - 2012-06-15 12:00 - 00000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG1
2012-06-15 11:59 - 2012-06-15 12:03 - 00000027 ____A C:\Windows\System32\Drivers\etc\hosts
2012-06-15 11:12 - 2012-06-15 12:26 - 00000000 ____D C:\ComboFix
2012-06-15 11:05 - 2011-06-26 01:45 - 00256000 ____A C:\Windows\PEV.exe
2012-06-15 11:05 - 2010-11-07 12:20 - 00208896 ____A C:\Windows\MBR.exe
2012-06-15 11:05 - 2009-04-19 23:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-06-15 11:05 - 2000-08-30 19:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-06-15 11:05 - 2000-08-30 19:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-06-15 11:05 - 2000-08-30 19:00 - 00098816 ____A C:\Windows\sed.exe
2012-06-15 11:05 - 2000-08-30 19:00 - 00080412 ____A C:\Windows\grep.exe
2012-06-15 11:05 - 2000-08-30 19:00 - 00068096 ____A C:\Windows\zip.exe
2012-06-15 11:03 - 2012-06-15 12:10 - 00000000 ____D C:\Windows\ERDNT
2012-06-15 11:01 - 2012-06-15 12:26 - 00000000 ____D C:\Qoobox
2012-06-15 10:42 - 2012-06-15 10:42 - 04558642 ____R (Swearware) C:\Users\Bryan Holland\Desktop\ComboFix.exe
2012-06-15 00:52 - 2012-06-15 00:52 - 00006318 ____A C:\Users\Bryan Holland\Desktop\mbam-log-2012-06-15 (00-52-00).txt
2012-06-14 23:21 - 2012-06-14 23:21 - 00012681 ____A C:\Users\Bryan Holland\Desktop\mbam - Shortcut.lnk
2012-06-14 23:11 - 2012-06-10 22:40 - 00000114 ____A C:\Program Files\Common Files\cc.bat
2012-06-14 23:11 - 2012-06-10 22:29 - 00000680 ____A C:\Program Files\Common Files\11.reg
2012-06-14 21:58 - 2012-06-14 21:58 - 00003288 ____N C:\bootsqm.dat
2012-06-12 14:01 - 2012-06-12 14:01 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-06-12 14:00 - 2012-06-14 22:45 - 00000000 ____D C:\Program Files\iTunes
2012-06-12 14:00 - 2012-06-14 22:45 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-06-12 14:00 - 2012-06-14 22:23 - 00000000 ____D C:\Program Files\iPod
2012-06-06 16:33 - 2012-06-14 22:26 - 00000000 ____D C:\Users\Bryan Holland\My Documents\My Games
2012-06-06 16:33 - 2012-06-14 22:26 - 00000000 ____D C:\Users\Bryan Holland\Documents\My Games
2012-06-06 00:30 - 2010-06-02 04:55 - 00527192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2012-06-06 00:30 - 2010-06-02 04:55 - 00518488 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_7.dll
2012-06-06 00:30 - 2010-06-02 04:55 - 00239960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2012-06-06 00:30 - 2010-06-02 04:55 - 00176984 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_7.dll
2012-06-06 00:30 - 2010-06-02 04:55 - 00077656 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_5.dll
2012-06-06 00:30 - 2010-06-02 04:55 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2012-06-06 00:30 - 2010-05-26 11:41 - 02526056 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_43.dll
2012-06-06 00:30 - 2010-05-26 11:41 - 02401112 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_43.dll
2012-06-06 00:30 - 2010-05-26 11:41 - 02106216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2012-06-06 00:30 - 2010-05-26 11:41 - 01998168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2012-06-06 00:30 - 2010-05-26 11:41 - 01907552 ____A (Microsoft Corporation) C:\Windows\System32\d3dcsx_43.dll
2012-06-06 00:30 - 2010-05-26 11:41 - 01868128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2012-06-06 00:30 - 2010-05-26 11:41 - 00511328 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_43.dll
2012-06-06 00:30 - 2010-05-26 11:41 - 00470880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2012-06-06 00:30 - 2010-05-26 11:41 - 00276832 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_43.dll
2012-06-06 00:30 - 2010-05-26 11:41 - 00248672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2012-06-06 00:30 - 2010-02-04 10:01 - 00530776 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_6.dll
2012-06-06 00:30 - 2010-02-04 10:01 - 00528216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2012-06-06 00:30 - 2010-02-04 10:01 - 00238936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2012-06-06 00:30 - 2010-02-04 10:01 - 00176984 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_6.dll
2012-06-06 00:30 - 2010-02-04 10:01 - 00078680 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_4.dll
2012-06-06 00:30 - 2010-02-04 10:01 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2012-06-06 00:30 - 2010-02-04 10:01 - 00024920 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_7.dll
2012-06-06 00:30 - 2010-02-04 10:01 - 00022360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2012-06-06 00:30 - 2009-09-04 17:44 - 00517960 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_5.dll
2012-06-06 00:30 - 2009-09-04 17:44 - 00515416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2012-06-06 00:30 - 2009-09-04 17:44 - 00238936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2012-06-06 00:30 - 2009-09-04 17:44 - 00176968 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_5.dll
2012-06-06 00:30 - 2009-09-04 17:44 - 00073544 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_3.dll
2012-06-06 00:30 - 2009-09-04 17:44 - 00069464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2012-06-06 00:30 - 2009-09-04 17:29 - 05554512 ____A (Microsoft Corporation) C:\Windows\System32\d3dcsx_42.dll
2012-06-06 00:30 - 2009-09-04 17:29 - 05501792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2012-06-06 00:30 - 2009-09-04 17:29 - 02582888 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_42.dll
2012-06-06 00:30 - 2009-09-04 17:29 - 02475352 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_42.dll
2012-06-06 00:30 - 2009-09-04 17:29 - 01974616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2012-06-06 00:30 - 2009-09-04 17:29 - 01892184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2012-06-06 00:30 - 2009-09-04 17:29 - 00523088 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_42.dll
2012-06-06 00:30 - 2009-09-04 17:29 - 00453456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2012-06-06 00:30 - 2009-09-04 17:29 - 00285024 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_42.dll
2012-06-06 00:30 - 2009-09-04 17:29 - 00235344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2012-06-06 00:30 - 2009-03-16 14:18 - 00521560 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_4.dll
2012-06-06 00:30 - 2009-03-16 14:18 - 00517448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2012-06-06 00:30 - 2009-03-16 14:18 - 00235352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2012-06-06 00:30 - 2009-03-16 14:18 - 00174936 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_4.dll
2012-06-06 00:30 - 2009-03-16 14:18 - 00024920 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_6.dll
2012-06-06 00:30 - 2009-03-16 14:18 - 00022360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2012-06-06 00:30 - 2009-03-09 15:27 - 05425496 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_41.dll
2012-06-06 00:30 - 2009-03-09 15:27 - 04178264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2012-06-06 00:30 - 2009-03-09 15:27 - 02430312 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_41.dll
2012-06-06 00:30 - 2009-03-09 15:27 - 01846632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2012-06-06 00:30 - 2009-03-09 15:27 - 00520544 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_41.dll
2012-06-06 00:30 - 2009-03-09 15:27 - 00453456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2012-06-06 00:30 - 2008-10-27 10:04 - 00518480 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_3.dll
2012-06-06 00:30 - 2008-10-27 10:04 - 00514384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2012-06-06 00:30 - 2008-10-27 10:04 - 00235856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2012-06-06 00:30 - 2008-10-27 10:04 - 00175440 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_3.dll
2012-06-06 00:30 - 2008-10-27 10:04 - 00074576 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_2.dll
2012-06-06 00:30 - 2008-10-27 10:04 - 00070992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2012-06-06 00:30 - 2008-10-27 10:04 - 00025936 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_5.dll
2012-06-06 00:30 - 2008-10-27 10:04 - 00023376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2012-06-06 00:30 - 2008-10-10 04:52 - 05631312 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_40.dll
2012-06-06 00:30 - 2008-10-10 04:52 - 04379984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2012-06-06 00:30 - 2008-10-10 04:52 - 02605920 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_40.dll
2012-06-06 00:30 - 2008-10-10 04:52 - 02036576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2012-06-06 00:30 - 2008-10-10 04:52 - 00519000 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_40.dll
2012-06-06 00:30 - 2008-10-10 04:52 - 00452440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2012-06-06 00:30 - 2008-07-31 10:41 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2012-06-06 00:30 - 2008-07-31 10:41 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_2.dll
2012-06-06 00:30 - 2008-07-31 10:41 - 00072200 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_1.dll
2012-06-06 00:30 - 2008-07-31 10:41 - 00068616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2012-06-06 00:30 - 2008-07-31 10:40 - 00513544 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_2.dll
2012-06-06 00:30 - 2008-07-31 10:40 - 00509448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2012-06-06 00:30 - 2008-07-10 11:01 - 00467984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2012-06-06 00:30 - 2008-07-10 11:00 - 04992520 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_39.dll
2012-06-06 00:30 - 2008-07-10 11:00 - 03851784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2012-06-06 00:30 - 2008-07-10 11:00 - 01942552 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_39.dll
2012-06-06 00:30 - 2008-07-10 11:00 - 01493528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2012-06-06 00:30 - 2008-07-10 11:00 - 00540688 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_39.dll
2012-06-06 00:29 - 2008-05-30 14:19 - 00511496 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_1.dll
2012-06-06 00:29 - 2008-05-30 14:19 - 00507400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2012-06-06 00:29 - 2008-05-30 14:18 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2012-06-06 00:29 - 2008-05-30 14:18 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_1.dll
2012-06-06 00:29 - 2008-05-30 14:17 - 00068104 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_0.dll
2012-06-06 00:29 - 2008-05-30 14:17 - 00065032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2012-06-06 00:29 - 2008-05-30 14:17 - 00025608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2012-06-06 00:29 - 2008-05-30 14:16 - 00028168 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_4.dll
2012-06-06 00:29 - 2008-05-30 14:11 - 04991496 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_38.dll
2012-06-06 00:29 - 2008-05-30 14:11 - 03850760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2012-06-06 00:29 - 2008-05-30 14:11 - 01941528 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_38.dll
2012-06-06 00:29 - 2008-05-30 14:11 - 01491992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2012-06-06 00:29 - 2008-05-30 14:11 - 00540688 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_38.dll
2012-06-06 00:29 - 2008-05-30 14:11 - 00467984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2012-06-06 00:29 - 2008-03-05 16:04 - 00489480 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_0.dll
2012-06-06 00:29 - 2008-03-05 16:03 - 00479752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2012-06-06 00:29 - 2008-03-05 16:03 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2012-06-06 00:29 - 2008-03-05 16:03 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_0.dll
2012-06-06 00:29 - 2008-03-05 16:00 - 00028168 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_3.dll
2012-06-06 00:29 - 2008-03-05 16:00 - 00025608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2012-06-06 00:29 - 2008-03-05 15:56 - 04910088 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_37.dll
2012-06-06 00:29 - 2008-03-05 15:56 - 03786760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2012-06-06 00:29 - 2008-03-05 15:56 - 01860120 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_37.dll
2012-06-06 00:29 - 2008-03-05 15:56 - 01420824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2012-06-06 00:29 - 2008-02-05 23:07 - 00529424 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_37.dll
2012-06-06 00:29 - 2008-02-05 23:07 - 00462864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2012-06-06 00:29 - 2007-10-22 03:40 - 00411656 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_10.dll
2012-06-06 00:29 - 2007-10-22 03:39 - 00267272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2012-06-06 00:29 - 2007-10-22 03:37 - 00021000 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_2.dll
2012-06-06 00:29 - 2007-10-22 03:37 - 00017928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2012-06-06 00:29 - 2007-10-12 15:14 - 05081608 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_36.dll
2012-06-06 00:29 - 2007-10-12 15:14 - 03734536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2012-06-06 00:29 - 2007-10-12 15:14 - 02006552 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_36.dll
2012-06-06 00:29 - 2007-10-12 15:14 - 01374232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2012-06-06 00:29 - 2007-10-02 09:56 - 00508264 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_36.dll
2012-06-06 00:29 - 2007-10-02 09:56 - 00444776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2012-06-06 00:29 - 2007-07-20 00:57 - 00411496 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_9.dll
2012-06-06 00:29 - 2007-07-20 00:57 - 00267112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2012-06-06 00:29 - 2007-07-19 18:14 - 05073256 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_35.dll
2012-06-06 00:29 - 2007-07-19 18:14 - 03727720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2012-06-06 00:29 - 2007-07-19 18:14 - 01985904 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_35.dll
2012-06-06 00:29 - 2007-07-19 18:14 - 01358192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2012-06-06 00:29 - 2007-07-19 18:14 - 00508264 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_35.dll
2012-06-06 00:29 - 2007-07-19 18:14 - 00444776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2012-06-06 00:29 - 2007-06-20 20:49 - 00409960 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_8.dll
2012-06-06 00:29 - 2007-06-20 20:46 - 00266088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2012-06-06 00:29 - 2007-05-16 16:45 - 04496232 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_34.dll
2012-06-06 00:29 - 2007-05-16 16:45 - 03497832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2012-06-06 00:29 - 2007-05-16 16:45 - 01401200 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_34.dll
2012-06-06 00:29 - 2007-05-16 16:45 - 01124720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2012-06-06 00:29 - 2007-05-16 16:45 - 00506728 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_34.dll
2012-06-06 00:29 - 2007-05-16 16:45 - 00443752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2012-06-06 00:29 - 2007-04-04 18:55 - 00403304 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_7.dll
2012-06-06 00:29 - 2007-04-04 18:55 - 00261480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2012-06-06 00:29 - 2007-04-04 18:54 - 00107368 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_3.dll
2012-06-06 00:29 - 2007-04-04 18:53 - 00081768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2012-06-06 00:29 - 2007-03-15 16:57 - 00506728 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_33.dll
2012-06-06 00:29 - 2007-03-15 16:57 - 00443752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2012-06-06 00:29 - 2007-03-12 16:42 - 04494184 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_33.dll
2012-06-06 00:29 - 2007-03-12 16:42 - 03495784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2012-06-06 00:29 - 2007-03-12 16:42 - 01400176 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_33.dll
2012-06-06 00:29 - 2007-03-12 16:42 - 01123696 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2012-06-06 00:29 - 2007-03-05 12:42 - 00017688 ____A (Microsoft Corporation) C:\Windows\System32\x3daudio1_1.dll
2012-06-06 00:29 - 2007-03-05 12:42 - 00015128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2012-06-06 00:29 - 2007-01-24 15:27 - 00393576 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_6.dll
2012-06-06 00:29 - 2007-01-24 15:27 - 00255848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2012-06-06 00:29 - 2006-12-08 12:02 - 00251672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2012-06-06 00:29 - 2006-12-08 12:00 - 00390424 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_5.dll
2012-06-06 00:29 - 2006-11-29 13:06 - 00469264 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10.dll
2012-06-06 00:29 - 2006-11-29 13:06 - 00440080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2012-06-06 00:29 - 2006-09-28 16:05 - 03977496 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_31.dll
2012-06-06 00:29 - 2006-09-28 16:05 - 02414360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2012-06-06 00:29 - 2006-09-28 16:05 - 00237848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2012-06-06 00:29 - 2006-09-28 16:04 - 00364824 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_4.dll
2012-06-06 00:29 - 2006-07-28 09:31 - 00083736 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_2.dll
2012-06-06 00:29 - 2006-07-28 09:30 - 00363288 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_3.dll
2012-06-06 00:29 - 2006-07-28 09:30 - 00236824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2012-06-06 00:29 - 2006-07-28 09:30 - 00062744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2012-06-06 00:29 - 2006-05-31 07:24 - 00230168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2012-06-06 00:29 - 2006-05-31 07:22 - 00354072 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_2.dll
2012-06-06 00:29 - 2006-03-31 12:41 - 03927248 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_30.dll
2012-06-06 00:29 - 2006-03-31 12:40 - 02388176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2012-06-06 00:29 - 2006-03-31 12:40 - 00352464 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_1.dll
2012-06-06 00:29 - 2006-03-31 12:39 - 00229584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2012-06-06 00:29 - 2006-03-31 12:39 - 00083664 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_1.dll
2012-06-06 00:29 - 2006-03-31 12:39 - 00062672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2012-06-06 00:29 - 2006-02-03 08:43 - 03830992 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_29.dll
2012-06-06 00:29 - 2006-02-03 08:43 - 02332368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2012-06-06 00:29 - 2006-02-03 08:42 - 00355536 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_0.dll
2012-06-06 00:29 - 2006-02-03 08:42 - 00230096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2012-06-06 00:29 - 2006-02-03 08:41 - 00016592 ____A (Microsoft Corporation) C:\Windows\System32\x3daudio1_0.dll
2012-06-06 00:29 - 2006-02-03 08:41 - 00014032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2012-06-06 00:29 - 2005-12-05 18:09 - 03815120 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_28.dll
2012-06-06 00:29 - 2005-12-05 18:09 - 02323664 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2012-06-06 00:29 - 2005-07-22 19:59 - 03807440 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_27.dll
2012-06-06 00:29 - 2005-07-22 19:59 - 02319568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2012-06-06 00:29 - 2005-05-26 15:34 - 03767504 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_26.dll
2012-06-06 00:29 - 2005-05-26 15:34 - 02297552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2012-06-06 00:29 - 2005-03-18 17:19 - 03823312 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_25.dll
2012-06-06 00:29 - 2005-03-18 17:19 - 02337488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2012-06-06 00:29 - 2005-02-05 19:45 - 03544272 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_24.dll
2012-06-06 00:29 - 2005-02-05 19:45 - 02222800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2012-06-06 00:22 - 2012-06-06 00:30 - 00000000 ___HD C:\Windows\SysWOW64\directx
2012-06-05 21:55 - 2012-06-05 21:55 - 01606656 ____A C:\Users\Bryan Holland\Downloads\SteamInstall.msi
2012-06-05 21:55 - 2012-06-05 21:55 - 01606656 ____A C:\Users\Bryan Holland\Downloads\SteamInstall (1).msi
2012-06-05 17:55 - 2012-06-12 14:41 - 00000000 ___HD C:\Users\Bryan Holland\Desktop\Brockdale Estates Files
2012-06-05 13:09 - 2012-06-05 13:09 - 00085824 ___AH C:\Users\Bryan Holland\Desktop\Summary1501653189[1].pdf

============ 3 Months Modified Files and Folders =============

2012-06-18 18:38 - 2012-06-18 18:37 - 00000000 ____D C:\FRST
2012-06-18 17:32 - 2009-12-05 00:00 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2012-06-18 17:31 - 2012-01-03 18:46 - 4253405184 __ASH C:\pagefile.sys
2012-06-18 17:31 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-18 17:31 - 2009-07-13 23:51 - 00044850 ____A C:\Windows\setupact.log
2012-06-18 17:30 - 2012-01-03 18:46 - 3190050816 __ASH C:\hiberfil.sys
2012-06-18 17:27 - 2012-06-18 17:27 - 00008212 ____A C:\Windows\mfebcdata
2012-06-18 17:27 - 2009-07-13 22:20 - 00000000 ____D C:\WINDOWS
2012-06-18 17:26 - 2012-01-04 00:10 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-18 17:26 - 2012-01-03 19:03 - 00000000 ___HD C:\Users\Default\AppData\Local\SoftThinks
2012-06-18 17:26 - 2012-01-03 19:03 - 00000000 ___HD C:\Users\Bryan Holland\Local Settings\SoftThinks
2012-06-18 17:26 - 2012-01-03 19:03 - 00000000 ___HD C:\Users\Bryan Holland\Local Settings\Application Data\SoftThinks
2012-06-18 17:26 - 2012-01-03 19:03 - 00000000 ___HD C:\Users\Bryan Holland\AppData\Local\SoftThinks
2012-06-18 17:19 - 2009-07-14 00:10 - 01325273 ____A C:\Windows\WindowsUpdate.log
2012-06-18 17:13 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-18 17:13 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-18 16:44 - 2012-04-22 17:35 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-18 16:35 - 2012-01-04 00:10 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-18 16:02 - 2009-12-05 01:42 - 00499972 ____A C:\Windows\PFRO.log
2012-06-18 15:32 - 2012-01-04 15:25 - 00000000 ___HD C:\Users\Bryan Holland\Local Settings\Application Data\6E264B5D-F54D-4BC9-87AF-A38D841A1D15.aplzod
2012-06-18 15:32 - 2012-01-04 15:25 - 00000000 ___HD C:\Users\Bryan Holland\Local Settings\6E264B5D-F54D-4BC9-87AF-A38D841A1D15.aplzod
2012-06-18 15:32 - 2012-01-04 15:25 - 00000000 ___HD C:\Users\Bryan Holland\AppData\Local\6E264B5D-F54D-4BC9-87AF-A38D841A1D15.aplzod
2012-06-18 15:32 - 2012-01-03 09:27 - 614581248 ____A C:\Users\Bryan Holland\Desktop\Outlook.pst
2012-06-16 18:24 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2012-06-16 03:13 - 2009-07-13 23:45 - 00426728 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-16 03:11 - 2012-06-16 03:11 - 464124811 ____A C:\Windows\MEMORY.DMP
2012-06-16 03:00 - 2012-01-03 18:46 - 00000000 __SHD C:\System Volume Information
2012-06-15 14:58 - 2012-06-15 14:58 - 00015889 ____A C:\Users\Bryan Holland\Desktop\MBRCheck_06.15.12_14.58.08.txt
2012-06-15 14:58 - 2012-06-15 14:57 - 00080384 ____A C:\Users\Bryan Holland\Desktop\MBRCheck.exe
2012-06-15 14:57 - 2012-06-15 14:53 - 00129924 ____A C:\TDSSKiller.2.7.40.0_15.06.2012_14.53.37_log.txt
2012-06-15 14:55 - 2012-06-15 14:55 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-06-15 14:53 - 2012-06-15 14:53 - 02127960 ____A (Kaspersky Lab ZAO) C:\Users\Bryan Holland\Desktop\tdsskiller.exe
2012-06-15 14:30 - 2012-01-03 18:52 - 00019849 ____A C:\Windows\System32\Config.MPF
2012-06-15 14:27 - 2012-06-15 14:27 - 00000005 ____A C:\Users\Bryan Holland\Application Data\mbam.context.scan
2012-06-15 14:27 - 2012-06-15 14:27 - 00000005 ____A C:\Users\Bryan Holland\AppData\Roaming\mbam.context.scan
2012-06-15 12:41 - 2012-06-15 12:41 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-06-15 12:38 - 2012-06-15 12:38 - 04731392 ____A (AVAST Software) C:\Users\Bryan Holland\Desktop\aswMBR.exe
2012-06-15 12:27 - 2012-06-15 12:27 - 00013247 ____A C:\Users\Bryan Holland\Desktop\combofix scan log 6.15.2102.txt
2012-06-15 12:26 - 2012-06-15 11:12 - 00000000 ____D C:\ComboFix
2012-06-15 12:26 - 2012-06-15 11:01 - 00000000 ____D C:\Qoobox
2012-06-15 12:25 - 2012-06-15 12:25 - 00013247 ____A C:\ComboFix.txt
2012-06-15 12:10 - 2012-06-15 11:03 - 00000000 ____D C:\Windows\ERDNT
2012-06-15 12:04 - 2009-07-13 21:34 - 00000215 ____A C:\Windows\system.ini
2012-06-15 12:03 - 2012-06-15 12:03 - 00000000 ____D C:\$RECYCLE.BIN
2012-06-15 12:03 - 2012-06-15 11:59 - 00000027 ____A C:\Windows\System32\Drivers\etc\hosts
2012-06-15 12:01 - 2009-07-13 21:34 - 73400320 ____A C:\Windows\System32\config\SOFTWARE.bak
2012-06-15 12:01 - 2009-07-13 21:34 - 13631488 ____A C:\Windows\System32\config\SYSTEM.bak
2012-06-15 12:01 - 2009-07-13 21:34 - 00524288 ____A C:\Windows\System32\config\DEFAULT.bak
2012-06-15 12:01 - 2009-07-13 21:34 - 00262144 ____A C:\Windows\System32\config\SECURITY.bak
2012-06-15 12:01 - 2009-07-13 21:34 - 00262144 ____A C:\Windows\System32\config\SAM.bak
2012-06-15 12:00 - 2012-06-15 12:00 - 00000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG2
2012-06-15 12:00 - 2012-06-15 12:00 - 00000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG1
2012-06-15 12:00 - 2012-06-15 12:00 - 00000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG2
2012-06-15 12:00 - 2012-06-15 12:00 - 00000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG1
2012-06-15 12:00 - 2012-06-15 12:00 - 00000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG2
2012-06-15 12:00 - 2012-06-15 12:00 - 00000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG1
2012-06-15 12:00 - 2012-06-15 12:00 - 00000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG2
2012-06-15 12:00 - 2012-06-15 12:00 - 00000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG1
2012-06-15 12:00 - 2012-06-15 12:00 - 00000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG2
2012-06-15 12:00 - 2012-06-15 12:00 - 00000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG1
2012-06-15 11:57 - 2009-07-13 22:20 - 00000000 ___RD C:\Program Files (x86)
2012-06-15 11:54 - 2009-07-13 22:20 - 00000000 ____D C:\ProgramData
2012-06-15 10:42 - 2012-06-15 10:42 - 04558642 ____R (Swearware) C:\Users\Bryan Holland\Desktop\ComboFix.exe
2012-06-15 03:10 - 2009-07-14 00:13 - 00810502 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-15 03:05 - 2012-01-11 10:55 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-15 00:52 - 2012-06-15 00:52 - 00006318 ____A C:\Users\Bryan Holland\Desktop\mbam-log-2012-06-15 (00-52-00).txt
2012-06-15 00:38 - 2009-07-13 22:20 - 00000000 ___HD C:\Windows\System32\config\TxR
2012-06-14 23:22 - 2012-01-05 13:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-14 23:21 - 2012-06-14 23:21 - 00012681 ____A C:\Users\Bryan Holland\Desktop\mbam - Shortcut.lnk
2012-06-14 22:49 - 2012-01-03 18:52 - 00000000 ____D C:\users\Bryan Holland
2012-06-14 22:48 - 2012-01-03 23:04 - 00000000 ____D C:\Program Files\Bonjour
2012-06-14 22:48 - 2009-12-05 00:00 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Online
2012-06-14 22:47 - 2009-12-05 01:44 - 00000000 ____D C:\Windows\SysWOW64\x64
2012-06-14 22:47 - 2009-12-05 01:44 - 00000000 ____D C:\Windows\SysWOW64\Lang
2012-06-14 22:47 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\SysWOW64\sysprep
2012-06-14 22:47 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\TAPI
2012-06-14 22:47 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\Recovery
2012-06-14 22:46 - 2012-01-11 10:38 - 00000000 ____D C:\Windows\System32\SPReview
2012-06-14 22:46 - 2012-01-11 10:35 - 00000000 ____D C:\Windows\System32\EventProviders
2012-06-14 22:46 - 2012-01-03 18:30 - 00000000 ____D C:\Windows\SMINST
2012-06-14 22:46 - 2009-12-05 01:44 - 00000000 ____D C:\Windows\System32\SRSLabs
2012-06-14 22:46 - 2009-07-14 02:45 - 00000000 ____D C:\Windows\ShellNew
2012-06-14 22:46 - 2009-07-13 23:45 - 00000000 ____D C:\Windows\Setup
2012-06-14 22:46 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\tr-TR
2012-06-14 22:46 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\th-TH
2012-06-14 22:46 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\sysprep
2012-06-14 22:46 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\sl-SI
2012-06-14 22:46 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\sk-SK
2012-06-14 22:46 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\ro-RO
2012-06-14 22:46 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\oobe
2012-06-14 22:46 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\NDF
2012-06-14 22:46 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\Msdtc
2012-06-14 22:46 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\lv-LV
2012-06-14 22:46 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\lt-LT
2012-06-14 22:46 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\hr-HR
2012-06-14 22:46 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\he-IL
2012-06-14 22:46 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\et-EE
2012-06-14 22:46 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\bg-BG
2012-06-14 22:46 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\ar-SA
2012-06-14 22:46 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\security
2012-06-14 22:46 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2012-06-14 22:46 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Help
2012-06-14 22:45 - 2012-06-12 14:00 - 00000000 ____D C:\Program Files\iTunes
2012-06-14 22:45 - 2012-06-12 14:00 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-06-14 22:45 - 2012-02-24 16:38 - 00000000 ___HD C:\Users\Bryan Holland\Desktop\.picasaoriginals
2012-06-14 22:45 - 2012-02-11 13:27 - 00000000 ____D C:\Users\Bryan Holland\Local Settings\InvisibleHand
2012-06-14 22:45 - 2012-02-11 13:27 - 00000000 ____D C:\Users\Bryan Holland\Local Settings\Application Data\InvisibleHand
2012-06-14 22:45 - 2012-02-11 13:27 - 00000000 ____D C:\Users\Bryan Holland\AppData\Local\InvisibleHand
2012-06-14 22:45 - 2012-01-07 23:27 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-06-14 22:45 - 2012-01-07 23:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-06-14 22:45 - 2012-01-05 23:54 - 00000000 ____D C:\Users\Bryan Holland\My Documents\Baker Homework
2012-06-14 22:45 - 2012-01-05 23:54 - 00000000 ____D C:\Users\Bryan Holland\Documents\Baker Homework
2012-06-14 22:45 - 2012-01-04 19:43 - 00000000 ____D C:\Program Files\Microsoft IntelliPoint
2012-06-14 22:45 - 2012-01-04 00:00 - 00000000 ____D C:\Program Files\Google
2012-06-14 22:45 - 2012-01-03 23:49 - 00000000 ____D C:\Program Files (x86)\Picasa2
2012-06-14 22:45 - 2012-01-03 23:49 - 00000000 ____D C:\Program Files (x86)\Google
2012-06-14 22:45 - 2012-01-03 23:48 - 00000000 ____D C:\Users\Bryan Holland\Local Settings\Application Data\{65C4FCC8-92F7-437F-9C64-65FEA59C946B}
2012-06-14 22:45 - 2012-01-03 23:48 - 00000000 ____D C:\Users\Bryan Holland\Local Settings\Application Data\{4F717BFB-FF31-477F-85D1-7BABC44363EC}
2012-06-14 22:45 - 2012-01-03 23:48 - 00000000 ____D C:\Users\Bryan Holland\Local Settings\{65C4FCC8-92F7-437F-9C64-65FEA59C946B}
2012-06-14 22:45 - 2012-01-03 23:48 - 00000000 ____D C:\Users\Bryan Holland\Local Settings\{4F717BFB-FF31-477F-85D1-7BABC44363EC}
2012-06-14 22:45 - 2012-01-03 23:48 - 00000000 ____D C:\Users\Bryan Holland\AppData\Local\{65C4FCC8-92F7-437F-9C64-65FEA59C946B}
2012-06-14 22:45 - 2012-01-03 23:48 - 00000000 ____D C:\Users\Bryan Holland\AppData\Local\{4F717BFB-FF31-477F-85D1-7BABC44363EC}
2012-06-14 22:45 - 2012-01-03 23:04 - 00000000 ____D C:\Program Files\Common Files\Apple
2012-06-14 22:45 - 2012-01-03 20:43 - 00000000 ____D C:\Program Files (x86)\Microsoft Small Business
2012-06-14 22:45 - 2012-01-03 20:41 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2012-06-14 22:45 - 2012-01-03 20:41 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2012-06-14 22:45 - 2012-01-03 20:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2012-06-14 22:45 - 2012-01-03 20:38 - 00000000 ____D C:\Users\Bryan Holland\Local Settings\Microsoft Help
2012-06-14 22:45 - 2012-01-03 20:38 - 00000000 ____D C:\Users\Bryan Holland\Local Settings\Application Data\Microsoft Help
2012-06-14 22:45 - 2012-01-03 20:38 - 00000000 ____D C:\Users\Bryan Holland\AppData\Local\Microsoft Help
2012-06-14 22:45 - 2012-01-03 19:02 - 00000000 ____D C:\Users\Bryan Holland\Local Settings\Stardock_Corporation
2012-06-14 22:45 - 2012-01-03 19:02 - 00000000 ____D C:\Users\Bryan Holland\Local Settings\Application Data\Stardock_Corporation
2012-06-14 22:45 - 2012-01-03 19:02 - 00000000 ____D C:\Users\Bryan Holland\Application Data\Roxio
2012-06-14 22:45 - 2012-01-03 19:02 - 00000000 ____D C:\Users\Bryan Holland\AppData\Roaming\Roxio
2012-06-14 22:45 - 2012-01-03 19:02 - 00000000 ____D C:\Users\Bryan Holland\AppData\Local\Stardock_Corporation
2012-06-14 22:45 - 2009-12-05 01:44 - 00000000 ____D C:\Program Files\IDT
2012-06-14 22:45 - 2009-12-05 01:33 - 00000000 ____D C:\Program Files\DellTPad
2012-06-14 22:45 - 2009-12-05 00:14 - 00000000 ____D C:\Program Files\McAfee
2012-06-14 22:45 - 2009-12-05 00:14 - 00000000 ____D C:\Program Files\Common Files\McAfee
2012-06-14 22:45 - 2009-12-05 00:14 - 00000000 ____D C:\Program Files (x86)\McAfee.com
2012-06-14 22:45 - 2009-12-05 00:06 - 00000000 ____D C:\Program Files (x86)\Windows Live SkyDrive
2012-06-14 22:45 - 2009-12-05 00:06 - 00000000 ____D C:\Program Files (x86)\Windows Live
2012-06-14 22:45 - 2009-12-05 00:00 - 00000000 ____D C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2012-06-14 22:45 - 2009-12-05 00:00 - 00000000 ____D C:\Program Files (x86)\Dell
2012-06-14 22:45 - 2009-12-04 23:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2012-06-14 22:45 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2012-06-14 22:45 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Microsoft Games
2012-06-14 22:45 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2012-06-14 22:45 - 2009-07-13 22:20 - 00000000 ___RD C:\Program Files
2012-06-14 22:45 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat
2012-06-14 22:45 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-06-14 22:44 - 2012-02-27 13:59 - 00000000 ____D C:\gmaps
2012-06-14 22:44 - 2012-02-11 12:49 - 00000000 ____D C:\Program Files (x86)\Acoolsoft
2012-06-14 22:44 - 2012-01-03 23:04 - 00000000 ____D C:\Program Files (x86)\Bonjour
2012-06-14 22:44 - 2012-01-03 23:04 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2012-06-14 22:44 - 2009-12-05 01:27 - 00000000 ____D C:\Drivers
2012-06-14 22:44 - 2009-12-05 01:18 - 00000000 ____D C:\dell
2012-06-14 22:44 - 2009-12-05 00:09 - 00000000 ____D C:\Program Files (x86)\Creative
2012-06-14 22:44 - 2009-12-05 00:08 - 00000000 ____D C:\Program Files (x86)\Creative Live! Cam
2012-06-14 22:44 - 2009-12-05 00:05 - 00000000 ____D C:\Program Files (x86)\CyberLink
2012-06-14 22:44 - 2009-12-04 23:58 - 00000000 ____D C:\Program Files (x86)\Citrix
2012-06-14 22:43 - 2009-07-14 02:44 - 00000000 __RHD C:\Users\Public\Recorded TV
2012-06-14 22:41 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\SysWOW64\winrm
2012-06-14 22:41 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\SysWOW64\WCN
2012-06-14 22:41 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\SysWOW64\slmgr
2012-06-14 22:41 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2012-06-14 22:41 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\SysWOW64\WindowsPowerShell
2012-06-14 22:41 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Web
2012-06-14 22:41 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Vss
2012-06-14 22:41 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\spp
2012-06-14 22:41 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\Speech
2012-06-14 22:41 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\NetworkList
2012-06-14 22:41 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\MUI
2012-06-14 22:41 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\Msdtc
2012-06-14 22:41 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2012-06-14 22:41 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2012-06-14 22:40 - 2009-12-04 23:52 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2012-06-14 22:40 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\InstallShield
2012-06-14 22:40 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\IME
2012-06-14 22:40 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2012-06-14 22:38 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\System32\winrm
2012-06-14 22:38 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\System32\WCN
2012-06-14 22:38 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\System32\WindowsPowerShell
2012-06-14 22:38 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\System32\WinBioPlugIns
2012-06-14 22:38 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\com
2012-06-14 22:37 - 2012-01-06 10:05 - 00000000 ____D C:\Windows\System32\Macromed
2012-06-14 22:37 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\System32\slmgr
2012-06-14 22:37 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\System32\Printing_Admin_Scripts
2012-06-14 22:37 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\spp
2012-06-14 22:37 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\spool
2012-06-14 22:37 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\Speech
2012-06-14 22:37 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\SMI
2012-06-14 22:37 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\NetworkList
2012-06-14 22:37 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\MUI
2012-06-14 22:37 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\migwiz
2012-06-14 22:37 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\IME
2012-06-14 22:37 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\Dism
2012-06-14 22:37 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\com
2012-06-14 22:36 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\Performance
2012-06-14 22:36 - 2009-07-13 23:45 - 00000000 ____D C:\Windows\ServiceProfiles
2012-06-14 22:36 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Speech
2012-06-14 22:36 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\schemas
2012-06-14 22:36 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Resources
2012-06-14 22:36 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2012-06-14 22:36 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PLA
2012-06-14 22:30 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\IME
2012-06-14 22:30 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Globalization
2012-06-14 22:29 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Branding
2012-06-14 22:27 - 2012-02-16 11:55 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2012-06-14 22:27 - 2009-07-13 22:20 - 00000000 __RHD C:\users\Default
2012-06-14 22:27 - 2009-07-13 22:20 - 00000000 ___RD C:\Users
2012-06-14 22:26 - 2012-06-06 16:33 - 00000000 ____D C:\Users\Bryan Holland\My Documents\My Games
2012-06-14 22:26 - 2012-06-06 16:33 - 00000000 ____D C:\Users\Bryan Holland\Documents\My Games
2012-06-14 22:26 - 2012-01-04 00:08 - 00000000 ____D C:\Users\Bryan Holland\Application Data\WD
2012-06-14 22:26 - 2012-01-04 00:08 - 00000000 ____D C:\Users\Bryan Holland\AppData\Roaming\WD
2012-06-14 22:25 - 2012-01-05 13:20 - 00000000 ____D C:\Users\Bryan Holland\Application Data\Malwarebytes
2012-06-14 22:25 - 2012-01-05 13:20 - 00000000 ____D C:\Users\Bryan

bh071texas
Novice
Novice

Posts Posts : 11
Joined Joined : 2012-06-15
OS OS : Windows 7 Home Edition
Points Points : 16503
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected by S.M.A.R.T. now sporadic background audio advertisments

Post by bh071texas on Mon Jun 18, 2012 10:49 pm

PART 2

Holland\AppData\Roaming\Malwarebytes
2012-06-14 22:25 - 2012-01-03 19:19 - 00000000 ____D C:\Users\Bryan Holland\Application Data\Adobe
2012-06-14 22:25 - 2012-01-03 19:19 - 00000000 ____D C:\Users\Bryan Holland\AppData\Roaming\Adobe
2012-06-14 22:25 - 2012-01-03 19:02 - 00000000 ____D C:\Users\Bryan Holland\Local Settings\SupportSoft
2012-06-14 22:25 - 2012-01-03 19:02 - 00000000 ____D C:\Users\Bryan Holland\Local Settings\Application Data\SupportSoft
2012-06-14 22:25 - 2012-01-03 19:02 - 00000000 ____D C:\Users\Bryan Holland\AppData\Local\SupportSoft
2012-06-14 22:24 - 2012-04-16 16:33 - 00000000 ____D C:\Users\Bryan Holland\Local Settings\Microsoft Games
2012-06-14 22:24 - 2012-04-16 16:33 - 00000000 ____D C:\Users\Bryan Holland\Local Settings\Application Data\Microsoft Games
2012-06-14 22:24 - 2012-04-16 16:33 - 00000000 ____D C:\Users\Bryan Holland\AppData\Local\Microsoft Games
2012-06-14 22:24 - 2012-01-04 12:00 - 00000000 ____D C:\Users\Bryan Holland\Local Settings\Application Data\Adobe
2012-06-14 22:24 - 2012-01-04 12:00 - 00000000 ____D C:\Users\Bryan Holland\Local Settings\Adobe
2012-06-14 22:24 - 2012-01-04 12:00 - 00000000 ____D C:\Users\Bryan Holland\AppData\Local\Adobe
2012-06-14 22:24 - 2012-01-03 23:49 - 00000000 ____D C:\Users\Bryan Holland\Local Settings\Google
2012-06-14 22:24 - 2012-01-03 23:49 - 00000000 ____D C:\Users\Bryan Holland\Local Settings\Application Data\Google
2012-06-14 22:24 - 2012-01-03 23:49 - 00000000 ____D C:\Users\Bryan Holland\AppData\Local\Google
2012-06-14 22:24 - 2009-12-05 00:03 - 00000000 ____D C:\Program Files\Microsoft Office
2012-06-14 22:24 - 2009-07-14 02:45 - 00000000 ____D C:\Program Files\Windows Journal
2012-06-14 22:24 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2012-06-14 22:24 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Defender
2012-06-14 22:24 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Reference Assemblies
2012-06-14 22:24 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\MSBuild
2012-06-14 22:24 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Windows NT
2012-06-14 22:23 - 2012-06-12 14:00 - 00000000 ____D C:\Program Files\iPod
2012-06-14 22:23 - 2009-12-04 23:53 - 00000000 ____D C:\Program Files\Java
2012-06-14 22:23 - 2009-12-04 23:53 - 00000000 ____D C:\Program Files\Dell
2012-06-14 22:23 - 2009-12-04 23:51 - 00000000 ____D C:\Program Files\Dell Inc
2012-06-14 22:23 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\DVD Maker
2012-06-14 22:23 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2012-06-14 22:23 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2012-06-14 22:23 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\System
2012-06-14 22:23 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2012-06-14 22:23 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files (x86)\Windows NT
2012-06-14 22:22 - 2012-01-04 00:07 - 00000000 ____D C:\Program Files (x86)\WD
2012-06-14 22:22 - 2012-01-03 23:48 - 00000000 ____D C:\Program Files (x86)\Western Digital
2012-06-14 22:22 - 2012-01-03 23:47 - 00000000 ____D C:\Program Files (x86)\Western Digital Technologies
2012-06-14 22:22 - 2009-12-05 00:12 - 00000000 ____D C:\Program Files (x86)\Roxio
2012-06-14 22:22 - 2009-12-05 00:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Sync Framework
2012-06-14 22:22 - 2009-12-05 00:07 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-06-14 22:22 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2012-06-14 22:22 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2012-06-14 22:21 - 2009-12-04 23:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2012-06-14 22:20 - 2009-12-05 00:14 - 00000000 ____D C:\Program Files (x86)\McAfee
2012-06-14 22:19 - 2009-12-04 23:55 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-06-14 22:19 - 2009-12-04 23:55 - 00000000 ____D C:\Program Files (x86)\Intel
2012-06-14 22:19 - 2009-12-04 23:52 - 00000000 ____D C:\Program Files (x86)\Java
2012-06-14 22:18 - 2009-12-05 00:09 - 00000000 ____D C:\Program Files (x86)\Dell Webcam
2012-06-14 22:18 - 2009-12-05 00:01 - 00000000 ____D C:\Program Files (x86)\Dell Support Center
2012-06-14 22:15 - 2012-02-16 11:53 - 00000000 ____D C:\Program Files (x86)\Adobe
2012-06-14 22:15 - 2009-12-04 23:55 - 00000000 ____D C:\Program Files (x86)\Cisco
2012-06-14 22:14 - 2012-04-12 09:27 - 00000000 ____D C:\2nd Story Software
2012-06-14 22:14 - 2009-12-05 00:02 - 00000000 ___RD C:\MSOCache
2012-06-14 21:58 - 2012-06-14 21:58 - 00003288 ____N C:\bootsqm.dat
2012-06-14 20:46 - 2012-01-05 09:16 - 00000000 ___HD C:\Users\Bryan Holland\Local Settings\ElevatedDiagnostics
2012-06-14 20:46 - 2012-01-05 09:16 - 00000000 ___HD C:\Users\Bryan Holland\Local Settings\Application Data\ElevatedDiagnostics
2012-06-14 20:46 - 2012-01-05 09:16 - 00000000 ___HD C:\Users\Bryan Holland\AppData\Local\ElevatedDiagnostics
2012-06-12 14:57 - 2012-01-03 23:05 - 00000000 ___HD C:\Users\Bryan Holland\Local Settings\Application Data\Apple Computer
2012-06-12 14:57 - 2012-01-03 23:05 - 00000000 ___HD C:\Users\Bryan Holland\Local Settings\Apple Computer
2012-06-12 14:57 - 2012-01-03 23:05 - 00000000 ___HD C:\Users\Bryan Holland\Application Data\Apple Computer
2012-06-12 14:57 - 2012-01-03 23:05 - 00000000 ___HD C:\Users\Bryan Holland\AppData\Roaming\Apple Computer
2012-06-12 14:57 - 2012-01-03 23:05 - 00000000 ___HD C:\Users\Bryan Holland\AppData\Local\Apple Computer
2012-06-12 14:41 - 2012-06-05 17:55 - 00000000 ___HD C:\Users\Bryan Holland\Desktop\Brockdale Estates Files
2012-06-12 14:32 - 2012-04-22 17:35 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-12 14:32 - 2012-01-06 10:05 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-12 14:01 - 2012-06-12 14:01 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-06-11 23:37 - 2012-02-16 11:54 - 00002346 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-06-10 22:40 - 2012-06-14 23:11 - 00000114 ____A C:\Program Files\Common Files\cc.bat
2012-06-10 22:29 - 2012-06-14 23:11 - 00000680 ____A C:\Program Files\Common Files\11.reg
2012-06-06 00:30 - 2012-06-06 00:22 - 00000000 ___HD C:\Windows\SysWOW64\directx
2012-06-06 00:29 - 2009-12-05 00:07 - 00041343 ____A C:\Windows\DirectX.log
2012-06-05 21:55 - 2012-06-05 21:55 - 01606656 ____A C:\Users\Bryan Holland\Downloads\SteamInstall.msi
2012-06-05 21:55 - 2012-06-05 21:55 - 01606656 ____A C:\Users\Bryan Holland\Downloads\SteamInstall (1).msi
2012-06-05 13:09 - 2012-06-05 13:09 - 00085824 ___AH C:\Users\Bryan Holland\Desktop\Summary1501653189[1].pdf
2012-05-18 14:02 - 2012-05-18 14:02 - 00051331 ___AH C:\Users\Bryan Holland\My Documents\Summary1770199952[1].pdf
2012-05-18 14:02 - 2012-05-18 14:02 - 00051331 ___AH C:\Users\Bryan Holland\Documents\Summary1770199952[1].pdf
2012-05-16 20:22 - 2012-05-16 20:22 - 00025088 ___AH C:\Users\Bryan Holland\Downloads\decimal_quiz_compare_and_order.doc
2012-05-15 12:37 - 2012-04-27 13:59 - 00252928 ___AH C:\Users\Bryan Holland\My Documents\Colleyville GLADE and BLACK Land Assembly Map.pub
2012-05-15 12:37 - 2012-04-27 13:59 - 00252928 ___AH C:\Users\Bryan Holland\Documents\Colleyville GLADE and BLACK Land Assembly Map.pub
2012-05-15 12:13 - 2012-05-15 12:13 - 00015791 ___AH C:\Users\Bryan Holland\My Documents\Dear Linds.docx
2012-05-15 12:13 - 2012-05-15 12:13 - 00015791 ___AH C:\Users\Bryan Holland\Documents\Dear Linds.docx
2012-05-14 23:01 - 2012-06-15 14:53 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-14 22:59 - 2012-06-15 14:53 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-14 22:03 - 2012-06-15 14:53 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-14 22:00 - 2012-06-15 14:53 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-14 20:32 - 2012-06-15 14:51 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-13 20:21 - 2012-05-13 20:21 - 00026624 ___AH C:\Users\Bryan Holland\Downloads\what_is_another_name_for_the_tetrahedron_shape.doc
2012-05-09 21:47 - 2012-05-09 20:25 - 00017107 ___AH C:\Users\Bryan Holland\Downloads\european_union_scavenger_hunt.docx
2012-05-08 21:06 - 2012-05-08 21:06 - 00028160 ___AH C:\Users\Bryan Holland\Downloads\Multi Genre Directions 2012 for GT.doc
2012-05-07 22:47 - 2012-05-07 22:47 - 00020992 ___AH C:\Users\Bryan Holland\Downloads\europevocab112 (1).doc
2012-05-07 21:20 - 2012-05-07 21:20 - 00020992 ___AH C:\Users\Bryan Holland\Downloads\europevocab112.doc
2012-05-04 13:44 - 2012-05-04 13:44 - 08769696 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-05-04 06:06 - 2012-06-15 14:52 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 05:03 - 2012-06-15 14:52 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 05:03 - 2012-06-15 14:52 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-02 10:40 - 2012-05-02 10:40 - 00217722 ___AH C:\Users\Bryan Holland\My Documents\Grading and wall plan adjacent to Wolfe Property.pdf
2012-05-02 10:40 - 2012-05-02 10:40 - 00217722 ___AH C:\Users\Bryan Holland\Documents\Grading and wall plan adjacent to Wolfe Property.pdf
2012-05-01 00:40 - 2012-06-15 14:53 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-30 11:38 - 2012-04-30 11:24 - 00020500 ___AH C:\Users\Bryan Holland\My Documents\Brockdale Form LOI.docx
2012-04-30 11:38 - 2012-04-30 11:24 - 00020500 ___AH C:\Users\Bryan Holland\Documents\Brockdale Form LOI.docx
2012-04-27 22:55 - 2012-06-15 14:51 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-26 00:41 - 2012-06-15 14:52 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-26 00:41 - 2012-06-15 14:52 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-26 00:34 - 2012-06-15 14:52 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-25 08:07 - 2012-04-25 08:07 - 00027136 ___AH C:\Users\Bryan Holland\My Documents\Narrative
2012-04-25 08:07 - 2012-04-25 08:07 - 00027136 ___AH C:\Users\Bryan Holland\Documents\Narrative
2012-04-24 00:37 - 2012-06-15 14:53 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-24 00:37 - 2012-06-15 14:53 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-24 00:37 - 2012-06-15 14:53 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 23:36 - 2012-06-15 14:53 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 23:36 - 2012-06-15 14:53 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 23:36 - 2012-06-15 14:53 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-23 19:51 - 2012-04-23 19:51 - 00017666 ___AH C:\Users\Bryan Holland\Downloads\Virtual_Architecture_Day_5_Narrative.pdf
2012-04-22 21:00 - 2012-04-22 21:00 - 00084883 ___AH C:\Users\Bryan Holland\Downloads\6th_grade_revised_taks_questions_1_.docx
2012-04-22 21:00 - 2012-04-22 21:00 - 00084883 ___AH C:\Users\Bryan Holland\Downloads\6th_grade_revised_taks_questions_1_ (2).docx
2012-04-22 21:00 - 2012-04-22 21:00 - 00084883 ___AH C:\Users\Bryan Holland\Downloads\6th_grade_revised_taks_questions_1_ (1).docx
2012-04-21 08:36 - 2012-04-21 08:36 - 00002214 ____A C:\Users\Public\Desktop\Google Earth.lnk
2012-04-20 00:42 - 2012-06-15 14:53 - 12297216 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-20 00:42 - 2012-06-15 14:53 - 09059840 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-20 00:42 - 2012-06-15 14:53 - 02454528 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-20 00:42 - 2012-06-15 14:53 - 01494016 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-20 00:42 - 2012-06-15 14:53 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-04-20 00:42 - 2012-06-15 14:53 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-20 00:42 - 2012-06-15 14:53 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-20 00:42 - 2012-06-15 14:53 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-20 00:00 - 2012-06-15 14:53 - 01231360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-04-20 00:00 - 2012-06-15 14:53 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-04-19 23:57 - 2012-06-15 14:53 - 06027776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-04-19 23:57 - 2012-06-15 14:53 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-04-19 23:57 - 2012-06-15 14:53 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-04-19 23:56 - 2012-06-15 14:53 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-04-19 23:56 - 2012-06-15 14:53 - 02073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-04-19 23:56 - 2012-06-15 14:53 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-04-19 22:45 - 2012-06-15 14:53 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-19 22:16 - 2012-06-15 14:53 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-04-17 00:31 - 2012-06-15 14:50 - 00918016 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-04-16 23:34 - 2012-06-15 14:50 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-04-15 23:15 - 2012-04-15 23:15 - 00025088 ___AH C:\Users\Bryan Holland\Downloads\Baker%27s project (4).doc
2012-04-15 23:15 - 2012-04-15 23:15 - 00025088 ___AH C:\Users\Bryan Holland\Downloads\Baker%27s project (3).doc
2012-04-15 23:14 - 2012-04-15 23:14 - 00025600 ___AH C:\Users\Bryan Holland\Downloads\Baker%27s project (2).doc
2012-04-15 23:05 - 2012-04-15 23:05 - 00025600 ___AH C:\Users\Bryan Holland\Downloads\Baker%27s project.doc
2012-04-15 23:05 - 2012-04-15 23:05 - 00025600 ___AH C:\Users\Bryan Holland\Downloads\Baker%27s project (1).doc
2012-04-15 23:05 - 2012-04-15 23:05 - 00000023 ___AH C:\Users\Bryan Holland\Downloads\ATT00001.txt
2012-04-13 10:33 - 2012-04-12 09:27 - 00000061 ____A C:\Windows\TaxACT11.ini
2012-04-12 22:15 - 2012-04-12 21:45 - 00000123 ____A C:\Windows\SysWOW64\msxkwn.vxp
2012-04-12 22:14 - 2012-04-12 09:30 - 00000000 ___HD C:\Users\Bryan Holland\My Documents\TaxACT 2011
2012-04-12 22:14 - 2012-04-12 09:30 - 00000000 ___HD C:\Users\Bryan Holland\Documents\TaxACT 2011
2012-04-12 09:27 - 2012-04-12 09:27 - 00001656 ____A C:\Users\Public\Desktop\TaxACT 2011.lnk
2012-04-12 09:17 - 2012-04-12 09:16 - 08830080 ____A C:\Users\Bryan Holland\Downloads\ta11dndw.exe
2012-04-09 22:02 - 2012-04-09 22:02 - 00011170 ___AH C:\Users\Bryan Holland\My Documents\Ballad.docx
2012-04-09 22:02 - 2012-04-09 22:02 - 00011170 ___AH C:\Users\Bryan Holland\Documents\Ballad.docx
2012-04-08 21:15 - 2012-04-08 20:29 - 00032256 ___AH C:\Users\Bryan Holland\Downloads\russiavocab_3.doc
2012-04-07 07:31 - 2012-06-15 14:53 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-04-07 06:26 - 2012-06-15 14:53 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-04-02 19:58 - 2012-04-02 19:58 - 00175616 ___AH C:\Users\Bryan Holland\Downloads\d_43_ctd180 (1).doc
2012-04-02 19:50 - 2012-04-02 19:50 - 00175616 ___AH C:\Users\Bryan Holland\Downloads\d_43_ctd180.doc
2012-04-02 19:47 - 2012-04-02 19:47 - 00461824 ___AH C:\Users\Bryan Holland\Downloads\pi_project.doc
2012-04-02 19:47 - 2012-04-02 19:47 - 00461824 ___AH C:\Users\Bryan Holland\Downloads\pi_project (1).doc
2012-04-02 12:32 - 2012-04-02 12:32 - 00079872 ___AH C:\Users\Bryan Holland\Downloads\TS001234202.xlt
2012-04-01 15:22 - 2012-04-01 14:59 - 00308858 ___AH C:\Users\Bryan Holland\Downloads\billboard_ad.docx
2012-04-01 14:09 - 2012-03-05 12:07 - 00012228 ___AH C:\Users\Bryan Holland\My Documents\5101 RENT RECONCILIATION March 5, 2012.xlsx
2012-04-01 14:09 - 2012-03-05 12:07 - 00012228 ___AH C:\Users\Bryan Holland\Documents\5101 RENT RECONCILIATION March 5, 2012.xlsx
2012-03-30 06:35 - 2012-05-09 13:01 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-28 19:06 - 2012-03-25 23:44 - 00010840 ___AH C:\Users\Bryan Holland\My Documents\Shopping sonnet.docx
2012-03-28 19:06 - 2012-03-25 23:44 - 00010840 ___AH C:\Users\Bryan Holland\Documents\Shopping sonnet.docx
2012-03-27 12:53 - 2012-03-27 12:53 - 00108032 ___AH C:\Users\Bryan Holland\Downloads\PedesphereSpecRev093011.doc
2012-03-27 12:47 - 2012-03-27 12:47 - 00102912 ___AH C:\Users\Bryan Holland\Downloads\MultiColumnSpecRev093011.doc
2012-03-22 17:01 - 2009-07-14 00:32 - 00000000 ___HD C:\Windows\System32\FxsTmp
2012-03-22 14:12 - 2012-03-22 14:12 - 04435968 ____A (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr
2012-03-21 16:55 - 2012-01-11 11:18 - 01809819 ___AH C:\Users\Bryan Holland\Desktop\Brockdale Park NEW Flyer.pdf
2012-03-21 16:52 - 2012-03-21 16:52 - 00171490 ___AH C:\Users\Bryan Holland\Desktop\Bryan Holland Resume.pdf

ZeroAccess:
C:\Windows\Installer\{ff3c5f34-6e49-11eb-cc8f-67534bbe83fe}
C:\Windows\Installer\{ff3c5f34-6e49-11eb-cc8f-67534bbe83fe}\@
C:\Windows\Installer\{ff3c5f34-6e49-11eb-cc8f-67534bbe83fe}\L
C:\Windows\Installer\{ff3c5f34-6e49-11eb-cc8f-67534bbe83fe}\n
C:\Windows\Installer\{ff3c5f34-6e49-11eb-cc8f-67534bbe83fe}\U
C:\Windows\Installer\{ff3c5f34-6e49-11eb-cc8f-67534bbe83fe}\L\00000004.@
C:\Windows\Installer\{ff3c5f34-6e49-11eb-cc8f-67534bbe83fe}\L\201d3dde
C:\Windows\Installer\{ff3c5f34-6e49-11eb-cc8f-67534bbe83fe}\U\00000004.@
C:\Windows\Installer\{ff3c5f34-6e49-11eb-cc8f-67534bbe83fe}\U\00000008.@
C:\Windows\Installer\{ff3c5f34-6e49-11eb-cc8f-67534bbe83fe}\U\000000cb.@
C:\Windows\Installer\{ff3c5f34-6e49-11eb-cc8f-67534bbe83fe}\U\80000000.@
C:\Windows\Installer\{ff3c5f34-6e49-11eb-cc8f-67534bbe83fe}\U\80000032.@
C:\Windows\Installer\{ff3c5f34-6e49-11eb-cc8f-67534bbe83fe}\U\80000064.@

ZeroAccess:
C:\Users\Bryan Holland\AppData\Local\{ff3c5f34-6e49-11eb-cc8f-67534bbe83fe}

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 4056.36 MB
Available physical RAM: 3468.21 MB
Total Pagefile: 4054.51 MB
Available Pagefile: 3461.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:283.39 GB) (Free:189.51 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:9.61 GB) NTFS
3 Drive e: (HP v125w) (Removable) (Total:1.86 GB) (Free:0.01 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 8 MB
Disk 1 No Media 0 B 0 B
Disk 2 Online 1912 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 14 GB 40 MB
Partition 3 Primary 283 GB 14 GB

======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 FAT Partition 39 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D RECOVERY NTFS Partition 14 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 283 GB Healthy

======================================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1911 MB 32 KB

======================================================================================================

Disk: 2
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 E HP v125w FAT32 Removable 1911 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-06-18 00:28

======================= End Of Log ==========================

bh071texas
Novice
Novice

Posts Posts : 11
Joined Joined : 2012-06-15
OS OS : Windows 7 Home Edition
Points Points : 16503
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected by S.M.A.R.T. now sporadic background audio advertisments

Post by bh071texas on Mon Jun 18, 2012 10:57 pm

ANOTHER, AND POSSIBLY MORE DISTURBING ISSUES . . .

When all of this happened, i had a large external hard drive connected to my PC where I saved all of my important files and backed up my entire system occassionaly. I plugged this external HD into my wife's computer to try and access critical docs for my business and it shows this HD as having "no files". However, it also shows under memory when I click properties that there is a good amount of the memory used. Therefore I'm thinking this malware got to the external HD also and is hiding the files so I can not access them. Do I need to start another thread on this or can you help me with this also or should I take it to maybe the Geek Squad or other computer repair place and have them recover these files and put them on another non-infected drive for my use????

bh071texas
Novice
Novice

Posts Posts : 11
Joined Joined : 2012-06-15
OS OS : Windows 7 Home Edition
Points Points : 16503
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected by S.M.A.R.T. now sporadic background audio advertisments

Post by Dr Jay on Tue Jun 19, 2012 4:36 pm

We can get to the external drive after the fixes are done here (we can use good recovery tools), so we can focus on one thing at a time, please.

Please run the following

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
C:\Users\Bryan Holland\AppData\Local\{ff3c5f34-6e49-11eb-cc8f-67534bbe83fe}
C:\Windows\Installer\{ff3c5f34-6e49-11eb-cc8f-67534bbe83fe}
C:\Windows\Installer\{ff3c5f34-6e49-11eb-cc8f-67534bbe83fe}\@
C:\Windows\Installer\{ff3c5f34-6e49-11eb-cc8f-67534bbe83fe}\L
C:\Windows\Installer\{ff3c5f34-6e49-11eb-cc8f-67534bbe83fe}\n
C:\Windows\Installer\{ff3c5f34-6e49-11eb-cc8f-67534bbe83fe}\U
C:\Windows\Installer\{ff3c5f34-6e49-11eb-cc8f-67534bbe83fe}\L\00000004.@
C:\Windows\Installer\{ff3c5f34-6e49-11eb-cc8f-67534bbe83fe}\L\201d3dde
C:\Windows\Installer\{ff3c5f34-6e49-11eb-cc8f-67534bbe83fe}\U\00000004.@
C:\Windows\Installer\{ff3c5f34-6e49-11eb-cc8f-67534bbe83fe}\U\00000008.@
C:\Windows\Installer\{ff3c5f34-6e49-11eb-cc8f-67534bbe83fe}\U\000000cb.@
C:\Windows\Installer\{ff3c5f34-6e49-11eb-cc8f-67534bbe83fe}\U\80000000.@
C:\Windows\Installer\{ff3c5f34-6e49-11eb-cc8f-67534bbe83fe}\U\80000032.@
C:\Windows\Installer\{ff3c5f34-6e49-11eb-cc8f-67534bbe83fe}\U\80000064.@
C:\Program Files\Common Files\11.reg
C:\Program Files\Common Files\cc.bat
HKLM\...\InprocServer32: [Default-wbemess] \\.\globalroot\systemroot\Installer\{ff3c5f34-6e49-11eb-cc8f-67534bbe83fe}\n.
end



NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system


Now please enter System Recovery Options then select Command Prompt

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.




After that is done, please run TDSSKiller as above.

Also, delete your copy of ComboFix, download a new copy, and run it as instructed above, as well!


In your next reply, please include:

  • Log from FRST
  • Log from TDSSKiller
  • Log from ComboFix


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13719
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302143
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Infected by S.M.A.R.T. now sporadic background audio advertisments

Post by Dr Jay on Sat Jun 23, 2012 5:49 pm

Are you still with us? How did this go?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13719
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302143
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Infected by S.M.A.R.T. now sporadic background audio advertisments

Post by Dr Jay on Sat Jun 30, 2012 8:00 pm

Are you still with us? Please update us on your situation.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13719
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302143
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum