Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

redirect - scour - Google search with Firefox


  • This topic is locked This topic is locked
34 replies to this topic

#1 fiery

fiery

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 05 May 2012 - 07:42 PM

We use the Firefox browser on a computer that has multiple user accounts for different family members. When performing a Google search, if you click on the search results, you will often but not always be taken to Scour. Sometimes you go to other sites. If you go back and click the search result again, you go to the real page.

The problem is consistently happening on one account, and shows up inconsistently on the other accounts.

Malwarebytes found nothing. Norton Internet Security found nothing. Did a system restore before I realized that would do nothing. Would appreciate some help getting rid of this thing.


Here is the DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by laptop at 18:33:11 on 2012-05-05
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2012.1256 [GMT -4:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Skype\Updater\Updater.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.dell.com
uDefault_Page_URL = hxxp://www.dell.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\19.6.2.10\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\19.6.2.10\ips\IPSBHO.DLL
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\19.6.2.10\coIEPlg.dll
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{E3D3E935-AFB0-424C-8471-DFAF286876C2} : DhcpNameServer = 75.75.75.75 75.75.76.76
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\822\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\laptop\appdata\roaming\mozilla\firefox\profiles\bthx9005.default\
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1306020.00a\symds.sys [2012-3-23 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1306020.00a\symefa.sys [2012-3-23 905336]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1306020.00a\ccsetx86.sys [2012-3-23 132744]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.1.3\definitions\ipsdefs\20120406.003\IDSvix86.sys [2012-4-10 368248]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1306020.00a\ironx86.sys [2012-3-23 149624]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\nis\1306020.00a\symnets.sys [2012-3-23 318584]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2012-1-4 822624]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\19.6.2.10\ccsvchst.exe [2012-3-23 138232]
R2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2011-10-17 47104]
R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2011-10-17 49152]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2011-10-1 508776]
R2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-1-31 158856]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2011-11-3 147392]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-10-17 167936]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2011-10-1 579944]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2011-10-1 194408]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2011-10-1 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2011-10-1 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2011-10-1 219496]
S1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.1.3\definitions\bashdefs\20120402.001\BHDrvx86.sys [2012-4-2 821880]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2011-10-27 13336]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [2011-11-3 134144]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-4-7 106104]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2011-10-17 132480]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2011-10-17 38400]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-11-7 1343400]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-7-13 20480]
.
=============== Created Last 30 ================
.
2012-05-05 22:17:20 3971440 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-05 22:17:19 3915632 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 01:31:21 -------- d-----w- c:\windows\system32\DBBK
2012-05-03 22:56:24 -------- d-----w- c:\users\laptop\appdata\roaming\Malwarebytes
2012-05-03 22:56:18 -------- d-----w- c:\programdata\Malwarebytes
2012-05-03 22:56:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2012-03-23 12:01:33 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-03-01 21:32:00 103272 ----a-w- c:\users\laptop\GoToAssistDownloadHelper.exe
2012-03-01 05:53:27 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 05:49:05 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 05:45:05 158720 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 05:40:44 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-29 03:09:44 0 ----a-w- c:\windows\system32\sho36D0.tmp
2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-15 05:44:57 826368 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-15 04:22:43 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:22:18 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-14 16:09:44 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-10 05:41:38 1074176 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:41:20 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-10 05:41:20 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-10 05:41:20 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-10 05:41:19 739840 ----a-w- c:\windows\system32\d2d1.dll
.
============= FINISH: 18:33:57.10 ===============


Here is the GMER log:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-05-05 20:17:45
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD16 rev.11.0
Running: 6ly0oud6.exe; Driver: C:\Users\laptop\AppData\Local\Temp\uxdirpow.sys


---- System - GMER 1.0.15 ----

SSDT 874258D8 ZwAlpcConnectPort
SSDT 84A7F110 ZwLoadDriver

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13C1 82A7BA19 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82AB5312 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 278 82ABCB38 4 Bytes [D8, 58, 42, 87]
.text ntkrnlpa.exe!RtlSidHashLookup + 48C 82ABCD4C 4 Bytes [10, F1, A7, 84]
? C:\Users\laptop\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[2268] ntdll.dll!LdrLoadDll 7749F445 5 Bytes JMP 67235B60 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000050 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,276 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:15 PM

Posted 05 May 2012 - 08:20 PM

Hi,

Please do the following

Refer to the ComboFix User's Guide

  • Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.


NEXT


Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System is found then ensure Delete is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif
Microsoft MVP - 2010, 2011, 2012, 2013

#3 fiery

fiery
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 05 May 2012 - 10:22 PM

We have Norton Internet Security - I went to disable it and it gave me an error message - told me that the file the shortcut was pointing to wasn't there. So I decided to uninstall and reinstall it when I was done with Combofix - except that isn't working either - it won't let me uninstall. I can't even do a manual delete (I know it's bad option anyway) because it says the files are in use. Any suggestions? Should I just run combofix?

#4 fiery

fiery
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 05 May 2012 - 10:47 PM

thought I had it, but it didn't work. I'm stumped - Norton is clearly damaged, and even it's online repair tool can't seem to get it uninstalled/reinstalled.

Edited by fiery, 05 May 2012 - 10:52 PM.


#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,276 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:15 PM

Posted 06 May 2012 - 06:51 AM

Hi,

Please do the following:


For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.


Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]type exit and reboot the computer normally
[*]FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.[/list]
The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif
Microsoft MVP - 2010, 2011, 2012, 2013

#6 fiery

fiery
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 08 May 2012 - 05:32 AM

Sorry for not responding - dealing with sick kids, hope to get to this today.

#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,276 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:15 PM

Posted 08 May 2012 - 04:53 PM

ok, hope everyone is feeling better
The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif
Microsoft MVP - 2010, 2011, 2012, 2013

#8 fiery

fiery
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 08 May 2012 - 08:42 PM

Here's the log:

Scan result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 08-05-2012
Ran by SYSTEM at 08-05-2012 21:38:03
Running from F:\
Windows 7 Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [292208 2010-06-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [136216 2010-07-23] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [171032 2010-07-23] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [170520 2010-07-23] (Intel Corporation)
HKLM\...\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-06-08] (Intel Corporation)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-06-06] (Adobe Systems Incorporated)
HKU\Erica\...\Run: [Update] rundll32.exe "C:\Users\Erica\AppData\Roaming\Skype\Skype\mijimxh.dll",DllRegisterServer [x]
HKU\Erica\...\Policies\system: [LogonHoursAction] 2
HKU\Erica\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\laptop\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [17148552 2012-02-29] (Skype Technologies S.A.)
HKU\laptop\...\Policies\system: [LogonHoursAction] 2
HKU\laptop\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Rick\...\Policies\system: [LogonHoursAction] 2
HKU\Rick\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\RJ\...\Policies\system: [LogonHoursAction] 2
HKU\RJ\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Sina\...\Policies\system: [LogonHoursAction] 2
HKU\Sina\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Will\...\Policies\system: [LogonHoursAction] 2
HKU\Will\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\822\G2AWinLogon.dll [X]
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

================================ Services (Whitelisted) ==================

3 GoToAssist; "C:\Program Files\Citrix\GoToAssist\822\g2aservice.exe" Start=service [13160 2012-03-01] (Citrix Online, a division of Citrix Systems, Inc.)
2 HsfXAudioService; C:\Windows\system32\XAudio32.dll [417336 2010-05-10] (Conexant Systems, Inc.)
2 NIS; "C:\Program Files\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe" /s "NIS" /m "C:\Program Files\Norton Internet Security\Engine\19.6.2.10\diMaster.dll" /prefetch:1 [309688 2012-01-24] (Symantec Corporation)
2 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [158856 2012-01-31] (Skype Technologies)

========================== Drivers (Whitelisted) =============

3 ApfiltrService; C:\Windows\System32\DRIVERS\Apfiltr.sys [255096 2010-06-21] (Alps Electric Co., Ltd.)
1 BHDrvx86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120402.001\BHDrvx86.sys [821880 2012-04-02] (Symantec Corporation)
3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [78336 2009-07-13] (Microsoft Corporation)
1 ccSet_NIS; C:\Windows\System32\drivers\NIS\1306020.00A\ccSetx86.sys [132744 2011-11-29] (Symantec Corporation)
1 eeCtrl; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [374392 2012-02-03] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106104 2012-02-03] (Symantec Corporation)
1 IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120406.003\IDSvix86.sys [368248 2012-03-06] (Symantec Corporation)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120410.003\NAVENG.SYS [86136 2011-11-18] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120410.003\NAVEX15.SYS [1576312 2011-11-18] (Symantec Corporation)
2 rimspci; C:\Windows\System32\DRIVERS\rimspe86.sys [47104 2009-07-02] (REDC)
2 risdpcie; C:\Windows\System32\DRIVERS\risdpe86.sys [49152 2009-06-30] (REDC)
3 rixdpcie; C:\Windows\System32\DRIVERS\rixdpe86.sys [38400 2009-07-04] (REDC)
3 SRTSP; C:\Windows\System32\Drivers\NIS\1306020.00A\SRTSP.SYS [574584 2012-01-17] (Symantec Corporation)
1 SRTSPX; C:\Windows\System32\drivers\NIS\1306020.00A\SRTSPX.SYS [32888 2012-01-17] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\NIS\1306020.00A\SYMDS.SYS [340088 2011-07-25] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\NIS\1306020.00A\SYMEFA.SYS [905336 2012-01-17] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [141944 2012-03-23] (Symantec Corporation)
1 SymIRON; C:\Windows\System32\drivers\NIS\1306020.00A\Ironx86.SYS [149624 2012-01-17] (Symantec Corporation)
1 SymNetS; C:\Windows\System32\Drivers\NIS\1306020.00A\SYMNETS.SYS [318584 2012-01-17] (Symantec Corporation)
3 WSDPrintDevice; C:\Windows\System32\DRIVERS\WSDPrint.sys [17920 2009-07-13] (Microsoft Corporation)
3 WSDScan; C:\Windows\System32\DRIVERS\WSDScan.sys [20480 2009-07-13] (Microsoft Corporation)
2 XAudio; C:\Windows\System32\DRIVERS\XAudio32.sys [15416 2010-05-10] (Conexant Systems, Inc.)

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-05-08 21:37 - 2012-05-08 21:38 - 0000000 ____D C:\FRST
2012-05-08 17:26 - 2012-05-08 17:26 - 0869306 ____A C:\Users\laptop\Downloads\FRST.exe
2012-05-08 14:39 - 2012-05-08 17:10 - 0000000 ____D C:\Users\Sina\AppData\Roaming\Skype
2012-05-06 17:12 - 2012-02-29 21:53 - 0019312 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-05-06 17:12 - 2012-02-29 21:49 - 0172544 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-05-06 17:12 - 2012-02-29 21:45 - 0158720 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-05-06 17:12 - 2012-02-29 21:40 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-05-06 17:12 - 2012-02-27 17:52 - 12281856 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-06 17:12 - 2012-02-27 17:27 - 9705984 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-06 17:12 - 2012-02-27 17:18 - 1799168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-06 17:12 - 2012-02-27 17:12 - 1103360 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-06 17:12 - 2012-02-27 17:11 - 1427456 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-06 17:12 - 2012-02-27 17:11 - 1127424 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-06 17:12 - 2012-02-27 17:09 - 0231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-06 17:12 - 2012-02-27 17:08 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-06 17:12 - 2012-02-27 17:06 - 0716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-06 17:12 - 2012-02-27 17:04 - 1792000 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-06 17:12 - 2012-02-27 17:03 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-06 17:12 - 2012-02-27 17:03 - 0072704 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-06 17:12 - 2012-02-27 16:59 - 0176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-05 19:54 - 2012-03-05 21:59 - 3971440 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-05-05 19:54 - 2012-03-05 21:59 - 3915632 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-05 19:48 - 2012-05-05 19:49 - 0000000 ___SD C:\32788R22FWJFW
2012-05-05 19:48 - 2012-05-05 19:48 - 4485629 ____R (Swearware) C:\Users\laptop\Downloads\ComboFix.exe
2012-05-05 19:27 - 2012-05-05 19:27 - 0000000 ____D C:\Users\laptop\AppData\Local\CrashDumps
2012-05-05 19:26 - 2012-05-05 19:26 - 0920096 ____A C:\Users\laptop\Downloads\Norton_Removal_Tool.exe
2012-05-05 19:06 - 2012-05-05 19:13 - 0000000 ____D C:\Users\laptop\AppData\Local\NPE
2012-05-05 18:56 - 2012-05-05 19:42 - 0000000 ____D C:\ComboFix
2012-05-05 18:56 - 2012-05-05 18:56 - 0000000 ____D C:\Windows\ERDNT
2012-05-05 18:55 - 2012-05-05 18:56 - 0000000 ____D C:\Qoobox
2012-05-05 16:17 - 2012-05-05 16:17 - 0002371 ____A C:\Users\laptop\Desktop\ark.txt
2012-05-05 14:36 - 2012-05-05 14:36 - 0007438 ____A C:\Users\laptop\Desktop\Attach.txt
2012-05-05 14:35 - 2012-05-05 14:35 - 0012589 ____A C:\Users\laptop\Desktop\DDS.txt
2012-05-05 14:28 - 2012-05-05 14:28 - 0000000 ____A C:\Users\laptop\defogger_reenable
2012-05-03 17:47 - 2012-05-03 17:49 - 0001412 ____A C:\Users\laptop\Desktop\RKreport[1].txt
2012-05-03 17:45 - 2012-05-03 17:47 - 0000000 ____D C:\Users\laptop\Desktop\RK_Quarantine
2012-05-03 17:31 - 2012-05-05 19:42 - 0000000 ____D C:\Windows\System32\DBBK
2012-05-03 17:30 - 2012-05-03 17:41 - 0187696 ____A C:\Users\laptop\Downloads\yorkyt.exe.log
2012-05-03 17:29 - 2012-05-03 17:29 - 0003843 ____A C:\Users\laptop\Desktop\gamerlog.log
2012-05-03 16:18 - 2012-05-03 16:18 - 0000000 ____D C:\Users\Public\Sina
2012-05-03 14:56 - 2012-05-03 16:39 - 0000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-05-03 14:56 - 2012-05-03 14:56 - 0000000 ____D C:\Users\laptop\AppData\Roaming\Malwarebytes
2012-05-03 14:56 - 2012-05-03 14:56 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-05-03 14:56 - 2012-05-03 14:56 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-04-25 12:11 - 2012-04-25 12:11 - 9908002 ____A C:\Users\Will\Downloads\MassiveCraft-Factions-1defa29.tar.gz
2012-04-11 01:45 - 2012-04-11 01:45 - 0000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2012-04-11 01:45 - 2012-04-11 01:45 - 0000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help

============ 3 Months Modified Files and Folders ===============

2012-05-08 21:38 - 2012-05-08 21:37 - 0000000 ____D C:\FRST
2012-05-08 17:34 - 2009-07-13 20:55 - 1138682 ____A C:\Windows\WindowsUpdate.log
2012-05-08 17:27 - 2011-10-27 14:19 - 0727182 ____A C:\Windows\System32\PerfStringBackup.INI
2012-05-08 17:26 - 2012-05-08 17:26 - 0869306 ____A C:\Users\laptop\Downloads\FRST.exe
2012-05-08 17:26 - 2012-02-18 12:13 - 0010214 ____A C:\Windows\setupact.log
2012-05-08 17:20 - 2009-07-13 20:34 - 0014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-05-08 17:20 - 2009-07-13 20:34 - 0014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-05-08 17:11 - 2011-10-27 15:54 - 1582583808 __ASH C:\hiberfil.sys
2012-05-08 17:11 - 2009-07-13 20:53 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-05-08 17:10 - 2012-05-08 14:39 - 0000000 ____D C:\Users\Sina\AppData\Roaming\Skype
2012-05-08 14:39 - 2012-02-03 16:15 - 0002503 ____A C:\Users\Public\Desktop\Skype.lnk
2012-05-08 14:36 - 2012-02-03 16:15 - 0000000 ____D C:\Users\Will\AppData\Roaming\Skype
2012-05-06 17:13 - 2011-11-17 21:54 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-05-06 17:13 - 2011-11-17 21:54 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-05-06 17:13 - 2009-07-13 18:04 - 0000478 ____A C:\Windows\win.ini
2012-05-05 19:49 - 2012-05-05 19:48 - 0000000 ___SD C:\32788R22FWJFW
2012-05-05 19:48 - 2012-05-05 19:48 - 4485629 ____R (Swearware) C:\Users\laptop\Downloads\ComboFix.exe
2012-05-05 19:47 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\config\TxR
2012-05-05 19:44 - 2009-07-13 20:53 - 0032596 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-05-05 19:44 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\wfp
2012-05-05 19:44 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\DriverStore
2012-05-05 19:43 - 2012-02-25 14:58 - 0000000 ____D C:\Users\Erica\AppData\Roaming\Skype
2012-05-05 19:43 - 2011-11-20 14:13 - 0000000 ____D C:\Windows\System32\Drivers\NIS
2012-05-05 19:43 - 2011-11-20 14:11 - 0000000 ____D C:\Users\All Users\Norton
2012-05-05 19:43 - 2011-11-20 14:11 - 0000000 ____D C:\ProgramData\Norton
2012-05-05 19:43 - 2011-11-11 08:19 - 0000000 ____D C:\users\Rick
2012-05-05 19:43 - 2011-11-07 12:41 - 0000000 ____D C:\users\Will
2012-05-05 19:43 - 2011-11-07 12:05 - 0000000 ____D C:\users\Sina
2012-05-05 19:43 - 2011-11-07 12:03 - 0000000 ____D C:\users\RJ
2012-05-05 19:43 - 2011-11-07 11:59 - 0000000 ____D C:\users\Erica
2012-05-05 19:43 - 2011-11-03 17:13 - 0000000 ____D C:\Windows\Minidump
2012-05-05 19:43 - 2011-11-03 17:11 - 0000000 ____D C:\users\laptop
2012-05-05 19:42 - 2012-05-05 18:56 - 0000000 ____D C:\ComboFix
2012-05-05 19:42 - 2012-05-03 17:31 - 0000000 ____D C:\Windows\System32\DBBK
2012-05-05 19:42 - 2012-02-18 09:30 - 0000000 ____D C:\Program Files\CCleaner
2012-05-05 19:42 - 2011-11-20 14:13 - 0000000 ____D C:\Program Files\Norton Internet Security
2012-05-05 19:42 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\registration
2012-05-05 19:41 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\Microsoft.NET
2012-05-05 19:40 - 2011-11-22 17:43 - 0000000 ____D C:\Users\Will\AppData\Roaming\.minecraft
2012-05-05 19:40 - 2011-11-20 16:10 - 0000000 ____D C:\Users\Will\AppData\Roaming\Mozilla
2012-05-05 19:40 - 2011-11-20 16:10 - 0000000 ____D C:\Users\Will\AppData\Local\Mozilla
2012-05-05 19:40 - 2011-11-07 12:41 - 0000000 ____D C:\Users\Will\AppData\LocalLow
2012-05-05 19:40 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\AppCompat
2012-05-05 19:39 - 2009-07-13 18:37 - 0000000 ___RD C:\users\Public
2012-05-05 19:38 - 2011-11-20 14:13 - 0000000 ____D C:\Program Files\NortonInstaller
2012-05-05 19:27 - 2012-05-05 19:27 - 0000000 ____D C:\Users\laptop\AppData\Local\CrashDumps
2012-05-05 19:26 - 2012-05-05 19:26 - 0920096 ____A C:\Users\laptop\Downloads\Norton_Removal_Tool.exe
2012-05-05 19:25 - 2011-11-20 14:13 - 0000000 ____D C:\Users\All Users\NortonInstaller
2012-05-05 19:25 - 2011-11-20 14:13 - 0000000 ____D C:\ProgramData\NortonInstaller
2012-05-05 19:13 - 2012-05-05 19:06 - 0000000 ____D C:\Users\laptop\AppData\Local\NPE
2012-05-05 18:56 - 2012-05-05 18:56 - 0000000 ____D C:\Windows\ERDNT
2012-05-05 18:56 - 2012-05-05 18:55 - 0000000 ____D C:\Qoobox
2012-05-05 16:17 - 2012-05-05 16:17 - 0002371 ____A C:\Users\laptop\Desktop\ark.txt
2012-05-05 14:36 - 2012-05-05 14:36 - 0007438 ____A C:\Users\laptop\Desktop\Attach.txt
2012-05-05 14:35 - 2012-05-05 14:35 - 0012589 ____A C:\Users\laptop\Desktop\DDS.txt
2012-05-05 14:28 - 2012-05-05 14:28 - 0000000 ____A C:\Users\laptop\defogger_reenable
2012-05-03 17:49 - 2012-05-03 17:47 - 0001412 ____A C:\Users\laptop\Desktop\RKreport[1].txt
2012-05-03 17:47 - 2012-05-03 17:45 - 0000000 ____D C:\Users\laptop\Desktop\RK_Quarantine
2012-05-03 17:41 - 2012-05-03 17:30 - 0187696 ____A C:\Users\laptop\Downloads\yorkyt.exe.log
2012-05-03 17:29 - 2012-05-03 17:29 - 0003843 ____A C:\Users\laptop\Desktop\gamerlog.log
2012-05-03 16:39 - 2012-05-03 14:56 - 0000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-05-03 16:18 - 2012-05-03 16:18 - 0000000 ____D C:\Users\Public\Sina
2012-05-03 16:17 - 2011-11-11 08:19 - 0086080 ____A C:\Users\Rick\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-03 14:56 - 2012-05-03 14:56 - 0000000 ____D C:\Users\laptop\AppData\Roaming\Malwarebytes
2012-05-03 14:56 - 2012-05-03 14:56 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-05-03 14:56 - 2012-05-03 14:56 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-05-03 14:07 - 2011-12-13 11:45 - 0000000 ____D C:\Users\Erica\Documents\Other
2012-05-02 16:04 - 2012-01-12 16:47 - 0000000 ____D C:\Users\Erica\Documents\Outlook Files
2012-05-02 02:21 - 2011-12-01 18:09 - 0000000 ____D C:\Users\Erica\Documents\English
2012-04-25 12:11 - 2012-04-25 12:11 - 9908002 ____A C:\Users\Will\Downloads\MassiveCraft-Factions-1defa29.tar.gz
2012-04-18 18:04 - 2011-12-20 16:18 - 0000000 ____D C:\Users\Erica\Documents\Science
2012-04-11 01:45 - 2012-04-11 01:45 - 0000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2012-04-11 01:45 - 2012-04-11 01:45 - 0000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2012-04-09 06:54 - 2012-02-28 04:15 - 0000000 ____D C:\Users\RJ\AppData\Roaming\Skype
2012-04-07 09:14 - 2012-04-07 09:14 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2012-04-06 20:32 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\LogFiles
2012-03-29 16:03 - 2012-03-01 13:18 - 0000000 ____D C:\Users\laptop\AppData\Roaming\Skype
2012-03-28 13:01 - 2012-03-28 12:48 - 0081764 ____A C:\Users\Will\Documents\Animal abuse.docx
2012-03-27 07:07 - 2012-03-27 07:07 - 0012762 ____A C:\Users\RJ\Documents\scininiin.docx
2012-03-23 04:01 - 2011-11-20 14:13 - 0141944 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT.SYS
2012-03-23 04:01 - 2011-11-20 14:13 - 0007468 ____A C:\Windows\System32\Drivers\SYMEVENT.CAT
2012-03-23 04:01 - 2011-11-20 14:13 - 0000805 ____A C:\Windows\System32\Drivers\SYMEVENT.INF
2012-03-23 04:01 - 2011-11-20 14:13 - 0000000 ____D C:\Program Files\Symantec
2012-03-22 11:13 - 2012-02-02 12:16 - 0034304 ____A C:\Users\Will\Downloads\Homework Checklist(1).doc
2012-03-22 04:09 - 2012-03-22 04:09 - 0000000 ____D C:\Users\RJ\AppData\Roaming\Unity
2012-03-18 13:57 - 2012-03-18 13:57 - 0000000 ____D C:\Users\Will\AppData\Local\CrashDumps
2012-03-14 16:31 - 2009-07-13 20:33 - 0342400 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-10 05:21 - 2012-02-03 16:15 - 0000000 ___RD C:\Program Files\Skype
2012-03-05 21:59 - 2012-05-05 19:54 - 3971440 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-03-05 21:59 - 2012-05-05 19:54 - 3915632 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-05 03:43 - 2012-03-02 14:46 - 0030208 ____A C:\Users\Sina\Documents\Proposed 504 plan for Will Kniseley - 3rd draft.doc
2012-03-01 13:55 - 2012-03-01 13:55 - 0000334 ____A C:\Windows\PFRO.log
2012-03-01 13:32 - 2011-11-03 17:46 - 0103272 ____A C:\Users\laptop\GoToAssistDownloadHelper.exe
2012-03-01 13:18 - 2011-11-03 17:11 - 0000174 ___SH C:\Users\laptop\Start Menu\Programs\Startup\desktop.ini
2012-03-01 13:18 - 2011-11-03 17:11 - 0000174 ___SH C:\Users\laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-03-01 12:44 - 2012-01-15 13:10 - 0000000 ____D C:\Users\laptop\AppData\Local\ElevatedDiagnostics
2012-03-01 03:05 - 2011-12-09 02:59 - 0000000 ____D C:\Users\Erica\Documents\Math
2012-02-29 21:53 - 2012-05-06 17:12 - 0019312 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-02-29 21:49 - 2012-05-06 17:12 - 0172544 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-02-29 21:45 - 2012-05-06 17:12 - 0158720 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-02-29 21:40 - 2012-05-06 17:12 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-02-29 14:49 - 2012-02-29 14:49 - 0002448 ____A C:\{E6287D81-0D85-46C8-A3EE-260D68E686E7}
2012-02-28 19:09 - 2012-02-28 19:09 - 0000000 ____A C:\Windows\System32\sho36D0.tmp
2012-02-28 13:15 - 2012-02-28 13:15 - 0000000 ____D C:\Users\Will\AppData\Local\Adobe
2012-02-28 13:15 - 2011-11-22 17:42 - 0000000 ____D C:\Users\Will\AppData\Roaming\Adobe
2012-02-27 17:52 - 2012-05-06 17:12 - 12281856 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-27 17:27 - 2012-05-06 17:12 - 9705984 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-27 17:18 - 2012-05-06 17:12 - 1799168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-02-27 17:12 - 2012-05-06 17:12 - 1103360 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-27 17:11 - 2012-05-06 17:12 - 1427456 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-02-27 17:11 - 2012-05-06 17:12 - 1127424 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-27 17:09 - 2012-05-06 17:12 - 0231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-27 17:08 - 2012-05-06 17:12 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-27 17:06 - 2012-05-06 17:12 - 0716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-02-27 17:04 - 2012-05-06 17:12 - 1792000 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-27 17:03 - 2012-05-06 17:12 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-27 17:03 - 2012-05-06 17:12 - 0072704 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-27 16:59 - 2012-05-06 17:12 - 0176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-27 14:22 - 2012-02-27 14:22 - 0000162 ___AH C:\Users\Will\Downloads\~$mework Checklist(1).doc
2012-02-27 13:34 - 2012-02-02 12:16 - 0034816 ___AH C:\Users\Will\Downloads\~WRL0003.tmp
2012-02-25 08:02 - 2012-02-25 08:01 - 0146440 ____A C:\Windows\Minidump\022512-19593-01.dmp
2012-02-25 08:01 - 2012-02-25 08:01 - 325717957 ____A C:\Windows\MEMORY.DMP
2012-02-21 09:19 - 2011-11-07 12:09 - 0000000 ____D C:\Program Files\Mozilla Firefox
2012-02-20 17:44 - 2011-12-27 14:09 - 0000000 ____D C:\Users\Erica\Documents\Colleges
2012-02-18 12:13 - 2012-02-18 12:13 - 0000000 ____A C:\Windows\setuperr.log
2012-02-18 09:32 - 2011-10-17 09:31 - 0000000 ____D C:\Windows\Panther
2012-02-18 09:30 - 2012-02-18 09:30 - 0000967 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-02-18 09:29 - 2012-02-18 09:29 - 3587688 ____A (Piriform Ltd) C:\Users\Sina\Downloads\ccsetup315.exe
2012-02-17 20:15 - 2012-02-17 20:15 - 0000017 ____A C:\Windows\System32\shortcut_ex.dat
2012-02-16 15:47 - 2012-02-16 15:37 - 0015441 ____A C:\Users\RJ\Documents\Word wall words.docx
2012-02-16 04:11 - 2011-11-07 12:05 - 0000174 ___SH C:\Users\Sina\Start Menu\Programs\Startup\desktop.ini
2012-02-16 04:11 - 2011-11-07 12:05 - 0000174 ___SH C:\Users\Sina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-15 12:47 - 2011-11-07 12:41 - 0000174 __ASH C:\Users\Will\Start Menu\Programs\Startup\desktop.ini
2012-02-15 12:47 - 2011-11-07 12:41 - 0000174 __ASH C:\Users\Will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-15 12:29 - 2011-11-07 12:00 - 0000174 ___SH C:\Users\Erica\Start Menu\Programs\Startup\desktop.ini
2012-02-15 12:29 - 2011-11-07 12:00 - 0000174 ___SH C:\Users\Erica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-15 04:16 - 2011-11-07 12:03 - 0000174 __ASH C:\Users\RJ\Start Menu\Programs\Startup\desktop.ini
2012-02-15 04:16 - 2011-11-07 12:03 - 0000174 __ASH C:\Users\RJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-15 04:12 - 2011-11-17 17:12 - 0000000 ____D C:\Program Files\Microsoft Application Virtualization Client
2012-02-14 21:44 - 2012-03-13 11:34 - 0826368 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-14 20:22 - 2012-03-13 11:34 - 0177152 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-14 20:22 - 2012-03-13 11:34 - 0024064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-14 08:09 - 2012-02-14 08:09 - 1070352 ____A (Microsoft Corporation) C:\Windows\System32\MSCOMCTL.OCX
2012-02-11 14:03 - 2012-02-11 14:03 - 0000000 ____D C:\Users\RJ\AppData\Local\Adobe
2012-02-11 14:03 - 2011-11-21 17:11 - 0000000 ____D C:\Users\RJ\AppData\Roaming\Adobe
2012-02-11 14:03 - 2011-11-07 12:03 - 0000000 ____D C:\Users\RJ\AppData\LocalLow
2012-02-10 17:00 - 2012-02-05 09:41 - 0000000 ____D C:\Users\RJ\AppData\Local\CrashDumps
2012-02-09 21:41 - 2012-03-13 11:35 - 1170944 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-02-09 21:41 - 2012-03-13 11:35 - 1074176 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-09 21:41 - 2012-03-13 11:35 - 0739840 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-02-09 21:41 - 2012-03-13 11:35 - 0218624 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-02-09 21:41 - 2012-03-13 11:35 - 0161792 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\User32.dll
[2009-07-13 15:24] - [2009-07-13 17:16] - 0811520 ____A (Microsoft Corporation) 34B7E222E81FAFA885F0C5F2CFA56861

C:\Windows\System32\userinit.exe
[2009-07-13 15:34] - [2009-07-13 17:14] - 0026112 ____A (Microsoft Corporation) 6DE80F60D7DE9CE6B8C2DDFDF79EF175

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 20%
Total physical RAM: 2012.36 MB
Available physical RAM: 1608.53 MB
Total Pagefile: 2012.36 MB
Available Pagefile: 1607.81 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.56 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:148.18 GB) (Free:117.87 GB) NTFS
3 Drive f: (KINGSTON) (Removable) (Total:29.06 GB) (Free:28.94 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (RECOVERY) (Fixed) (Total:0.73 GB) (Free:0.53 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 149 GB 4096 KB
Disk 1 Online 29 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 133 MB 31 KB
Partition 2 Primary 748 MB 136 MB
Partition 3 Primary 148 GB 884 MB

======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 133 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y RECOVERY NTFS Partition 748 MB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 148 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 29 GB 4032 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F KINGSTON FAT32 Removable 29 GB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-05-02 16:38

======================= End Of Log ==========================

#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,276 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:15 PM

Posted 08 May 2012 - 09:01 PM

nothing is showing in that log, previous attempts at running tools may have removed any malware entries.ComboFix created it's quarantine folder, so it must have done something

Have a look at c:\combofix.txt, see if there is a log, if not,

try the Norton removal Tool, then boot into safe mode and give ComboFix another try
  • Download the appropriate Norton Removal Tool from HERE and save it to your desktop.
  • Next Double click on Norton_Removal_Tool.exe to run the tool.
  • Follow the on-screen instructions.
  • Your computer may be restarted more than once, and you may be asked to repeat some steps after the computer restarts.


Download a fresh copy of ComboFix:
(delete the copy from your desktop first)

Link 1


To Enter Safemode
  • Go to Start> Shut off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY repeatedly,
  • this will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to Safemode
  • Then press the Enter Key on your Keyboard
  • go into your usual account

The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif
Microsoft MVP - 2010, 2011, 2012, 2013

#10 fiery

fiery
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 09 May 2012 - 08:39 PM

Here's the combo fix log:

ComboFix 12-05-09.01 - laptop 05/09/2012 21:29:44.1.1 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2012.1288 [GMT -4:00]
Running from: c:\users\laptop\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\laptop\GoToAssistDownloadHelper.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-04-10 to 2012-05-10 )))))))))))))))))))))))))))))))
.
.
2012-05-10 01:35 . 2012-05-10 01:35 -------- d-----w- c:\users\laptop\AppData\Local\temp
2012-05-10 01:35 . 2012-05-10 01:35 -------- d-----w- c:\users\Will\AppData\Local\temp
2012-05-10 01:35 . 2012-05-10 01:35 -------- d-----w- c:\users\Sina\AppData\Local\temp
2012-05-10 01:35 . 2012-05-10 01:35 -------- d-----w- c:\users\RJ\AppData\Local\temp
2012-05-09 05:37 . 2012-05-09 05:38 -------- d-----w- C:\FRST
2012-05-08 22:39 . 2012-05-09 01:10 -------- d-----w- c:\users\Sina\AppData\Roaming\Skype
2012-05-06 03:54 . 2012-03-06 05:59 3971440 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-06 03:54 . 2012-03-06 05:59 3915632 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-06 03:27 . 2012-05-06 03:27 -------- d-----w- c:\users\laptop\AppData\Local\CrashDumps
2012-05-06 03:06 . 2012-05-06 03:13 -------- d-----w- c:\users\laptop\AppData\Local\NPE
2012-05-04 01:31 . 2012-05-06 03:42 -------- d-----w- c:\windows\system32\DBBK
2012-05-04 00:18 . 2012-05-04 00:18 -------- d-----w- c:\users\Public\Sina
2012-05-03 22:56 . 2012-05-03 22:56 -------- d-----w- c:\users\laptop\AppData\Roaming\Malwarebytes
2012-05-03 22:56 . 2012-05-03 22:56 -------- d-----w- c:\programdata\Malwarebytes
2012-05-03 22:56 . 2012-05-04 00:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-11 09:45 . 2012-04-11 09:45 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-29 03:09 . 2012-02-29 03:09 0 ----a-w- c:\windows\system32\sho36D0.tmp
2012-02-15 05:44 . 2012-03-13 19:34 826368 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-15 04:22 . 2012-03-13 19:34 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:22 . 2012-03-13 19:34 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-14 16:09 . 2012-02-14 16:09 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-10 05:41 . 2012-03-13 19:35 1074176 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:41 . 2012-03-13 19:35 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-10 05:41 . 2012-03-13 19:35 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-10 05:41 . 2012-03-13 19:35 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-10 05:41 . 2012-03-13 19:35 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-02-21 17:18 . 2011-11-07 20:09 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-06-04 292208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-24 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-24 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-24 170520]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2012-03-01 21:32 13672 ----a-w- c:\program files\Citrix\GoToAssist\822\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-01-31 158856]
R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [2009-05-28 134144]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 132480]
R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [2009-07-05 38400]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-07 1343400]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-06-08 13336]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2009-07-02 47104]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2009-07-01 49152]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 147392]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-23 167936]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 579944]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 194408]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 20480]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dell.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\laptop\AppData\Roaming\Mozilla\Firefox\Profiles\bthx9005.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-09 21:37:25
ComboFix-quarantined-files.txt 2012-05-10 01:37
.
Pre-Run: 124,990,771,200 bytes free
Post-Run: 125,007,093,760 bytes free
.
- - End Of File - - 0141417137943C656A3F2F13EB033B3D

#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,276 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:15 PM

Posted 09 May 2012 - 09:03 PM

Hi,

Please run the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

DirLook::
c:\users\Sina\AppData\Roaming\Skype
C:\Users\RJ\AppData\Roaming\Skype
C:\Users\laptop\AppData\Roaming\Skype
C:\Users\Erica\AppData\Roaming\Skype
C:\Users\Will\AppData\Roaming\Skype


Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.

The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif
Microsoft MVP - 2010, 2011, 2012, 2013

#12 fiery

fiery
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 09 May 2012 - 09:06 PM

TDSS Killer found nothing, but the redirect is still happening.

Here is the log:

22:03:26.0286 5704 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
22:03:27.0908 5704 ============================================================
22:03:27.0908 5704 Current date / time: 2012/05/09 22:03:27.0908
22:03:27.0908 5704 SystemInfo:
22:03:27.0908 5704
22:03:27.0908 5704 OS Version: 6.1.7600 ServicePack: 0.0
22:03:27.0908 5704 Product type: Workstation
22:03:27.0908 5704 ComputerName: LAPTOP-PC
22:03:27.0908 5704 UserName: laptop
22:03:27.0908 5704 Windows directory: C:\Windows
22:03:27.0908 5704 System windows directory: C:\Windows
22:03:27.0908 5704 Processor architecture: Intel x86
22:03:27.0908 5704 Number of processors: 1
22:03:27.0908 5704 Page size: 0x1000
22:03:27.0908 5704 Boot type: Normal boot
22:03:27.0908 5704 ============================================================
22:03:28.0454 5704 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:03:28.0454 5704 Drive \Device\Harddisk1\DR1 - Size: 0x744ED0000 (29.08 Gb), SectorSize: 0x200, Cylinders: 0xED3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:03:28.0454 5704 ============================================================
22:03:28.0454 5704 \Device\Harddisk0\DR0:
22:03:28.0454 5704 MBR partitions:
22:03:28.0454 5704 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x44000, BlocksNum 0x176000
22:03:28.0454 5704 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1BA000, BlocksNum 0x1285E000
22:03:28.0454 5704 \Device\Harddisk1\DR1:
22:03:28.0454 5704 MBR partitions:
22:03:28.0454 5704 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x3A25700
22:03:28.0454 5704 ============================================================
22:03:28.0501 5704 C: <-> \Device\Harddisk0\DR0\Partition1
22:03:28.0501 5704 ============================================================
22:03:28.0501 5704 Initialize success
22:03:28.0501 5704 ============================================================
22:04:01.0917 4336 ============================================================
22:04:01.0917 4336 Scan started
22:04:01.0917 4336 Mode: Manual; TDLFS;
22:04:01.0917 4336 ============================================================
22:04:02.0509 4336 1394ohci (d01e0b1cef9ee82100c2bb07294880ef) C:\Windows\system32\DRIVERS\1394ohci.sys
22:04:02.0509 4336 1394ohci - ok
22:04:02.0587 4336 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
22:04:02.0587 4336 ACPI - ok
22:04:02.0619 4336 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
22:04:02.0650 4336 AcpiPmi - ok
22:04:02.0759 4336 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
22:04:02.0759 4336 AdobeARMservice - ok
22:04:02.0837 4336 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
22:04:02.0853 4336 adp94xx - ok
22:04:02.0884 4336 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
22:04:02.0899 4336 adpahci - ok
22:04:02.0931 4336 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
22:04:02.0946 4336 adpu320 - ok
22:04:02.0993 4336 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
22:04:02.0993 4336 AeLookupSvc - ok
22:04:03.0087 4336 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
22:04:03.0102 4336 AFD - ok
22:04:03.0118 4336 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
22:04:03.0133 4336 agp440 - ok
22:04:03.0180 4336 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
22:04:03.0180 4336 aic78xx - ok
22:04:03.0211 4336 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
22:04:03.0211 4336 ALG - ok
22:04:03.0274 4336 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
22:04:03.0274 4336 aliide - ok
22:04:03.0305 4336 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
22:04:03.0305 4336 amdagp - ok
22:04:03.0321 4336 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
22:04:03.0321 4336 amdide - ok
22:04:03.0367 4336 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
22:04:03.0383 4336 AmdK8 - ok
22:04:03.0383 4336 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
22:04:03.0383 4336 AmdPPM - ok
22:04:03.0445 4336 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\DRIVERS\amdsata.sys
22:04:03.0445 4336 amdsata - ok
22:04:03.0492 4336 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
22:04:03.0492 4336 amdsbs - ok
22:04:03.0523 4336 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\DRIVERS\amdxata.sys
22:04:03.0523 4336 amdxata - ok
22:04:03.0617 4336 ApfiltrService (e8a8e6072cb7e2032e85e7735daa511f) C:\Windows\system32\DRIVERS\Apfiltr.sys
22:04:03.0617 4336 ApfiltrService - ok
22:04:03.0664 4336 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
22:04:03.0664 4336 AppID - ok
22:04:03.0742 4336 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
22:04:03.0742 4336 AppIDSvc - ok
22:04:03.0789 4336 Appinfo (7dead9e3f65dcb2794f2711003bbf650) C:\Windows\System32\appinfo.dll
22:04:03.0789 4336 Appinfo - ok
22:04:03.0835 4336 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
22:04:03.0867 4336 arc - ok
22:04:03.0882 4336 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
22:04:03.0898 4336 arcsas - ok
22:04:03.0929 4336 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
22:04:03.0945 4336 AsyncMac - ok
22:04:04.0007 4336 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
22:04:04.0023 4336 atapi - ok
22:04:04.0163 4336 athr (76bab0c824e2d05b940c4dd40a9b08bf) C:\Windows\system32\DRIVERS\athr.sys
22:04:04.0210 4336 athr - ok
22:04:04.0303 4336 AudioEndpointBuilder (481c4bf564b2322fcdce343a782bf0a2) C:\Windows\System32\Audiosrv.dll
22:04:04.0319 4336 AudioEndpointBuilder - ok
22:04:04.0319 4336 Audiosrv (481c4bf564b2322fcdce343a782bf0a2) C:\Windows\System32\Audiosrv.dll
22:04:04.0335 4336 Audiosrv - ok
22:04:04.0413 4336 AxInstSV (dd6a431b43e34b91a767d1ce33728175) C:\Windows\System32\AxInstSV.dll
22:04:04.0413 4336 AxInstSV - ok
22:04:04.0553 4336 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
22:04:04.0569 4336 b06bdrv - ok
22:04:04.0662 4336 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
22:04:04.0662 4336 b57nd60x - ok
22:04:04.0725 4336 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
22:04:04.0725 4336 BDESVC - ok
22:04:04.0756 4336 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
22:04:04.0756 4336 Beep - ok
22:04:04.0834 4336 BFE (85ac71c045ceb054ed48a7841aae0c11) C:\Windows\System32\bfe.dll
22:04:04.0865 4336 BFE - ok
22:04:05.0193 4336 BHDrvx86 (a503d32ae26f77cb942aed530112edaa) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\BASHDefs\20120402.001\BHDrvx86.sys
22:04:05.0239 4336 BHDrvx86 - ok
22:04:05.0302 4336 BITS (53f476476f55a27f580661bde09c4ec4) C:\Windows\system32\qmgr.dll
22:04:05.0317 4336 BITS - ok
22:04:05.0395 4336 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
22:04:05.0395 4336 blbdrive - ok
22:04:05.0442 4336 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
22:04:05.0458 4336 bowser - ok
22:04:05.0473 4336 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:04:05.0473 4336 BrFiltLo - ok
22:04:05.0505 4336 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:04:05.0505 4336 BrFiltUp - ok
22:04:05.0598 4336 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
22:04:05.0598 4336 BridgeMP - ok
22:04:05.0661 4336 Browser (598e1280e7ff3744f4b8329366cc5635) C:\Windows\System32\browser.dll
22:04:05.0676 4336 Browser - ok
22:04:05.0723 4336 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
22:04:05.0723 4336 Brserid - ok
22:04:05.0754 4336 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
22:04:05.0754 4336 BrSerWdm - ok
22:04:05.0770 4336 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:04:05.0770 4336 BrUsbMdm - ok
22:04:05.0801 4336 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
22:04:05.0817 4336 BrUsbSer - ok
22:04:05.0848 4336 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
22:04:05.0848 4336 BTHMODEM - ok
22:04:05.0895 4336 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
22:04:05.0910 4336 bthserv - ok
22:04:06.0019 4336 catchme - ok
22:04:06.0144 4336 ccSet_NIS (599e7f6259a127c174c49938d2aa6a60) C:\Windows\system32\drivers\NIS\1307000.009\ccSetx86.sys
22:04:06.0144 4336 ccSet_NIS - ok
22:04:06.0222 4336 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
22:04:06.0222 4336 cdfs - ok
22:04:06.0285 4336 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
22:04:06.0285 4336 cdrom - ok
22:04:06.0331 4336 CertPropSvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
22:04:06.0331 4336 CertPropSvc - ok
22:04:06.0394 4336 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
22:04:06.0394 4336 circlass - ok
22:04:06.0441 4336 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
22:04:06.0441 4336 CLFS - ok
22:04:06.0565 4336 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:04:06.0581 4336 clr_optimization_v2.0.50727_32 - ok
22:04:06.0675 4336 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:04:06.0690 4336 clr_optimization_v4.0.30319_32 - ok
22:04:06.0721 4336 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
22:04:06.0721 4336 CmBatt - ok
22:04:06.0737 4336 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
22:04:06.0753 4336 cmdide - ok
22:04:06.0831 4336 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys
22:04:06.0846 4336 CNG - ok
22:04:06.0924 4336 CnxtHdAudService (ae7c11564ecde146ca5fe35e07cc227e) C:\Windows\system32\drivers\CHDRT32.sys
22:04:06.0940 4336 CnxtHdAudService - ok
22:04:07.0002 4336 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
22:04:07.0002 4336 Compbatt - ok
22:04:07.0049 4336 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
22:04:07.0049 4336 CompositeBus - ok
22:04:07.0065 4336 COMSysApp - ok
22:04:07.0111 4336 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
22:04:07.0111 4336 crcdisk - ok
22:04:07.0158 4336 CryptSvc (9c231178ce4fb385f4b54b0a9080b8a4) C:\Windows\system32\cryptsvc.dll
22:04:07.0158 4336 CryptSvc - ok
22:04:07.0252 4336 CtAudDrv (0f538df1673e5216f3baacb6911d9d0f) C:\Windows\system32\Drivers\CtAudDrv.sys
22:04:07.0267 4336 CtAudDrv - ok
22:04:07.0345 4336 CtClsFlt (a9ebb9eb004a3f293896223ca2360781) C:\Windows\system32\DRIVERS\CtClsFlt.sys
22:04:07.0345 4336 CtClsFlt - ok
22:04:07.0533 4336 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
22:04:07.0548 4336 cvhsvc - ok
22:04:07.0611 4336 DcomLaunch (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
22:04:07.0626 4336 DcomLaunch - ok
22:04:07.0689 4336 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
22:04:07.0689 4336 defragsvc - ok
22:04:07.0798 4336 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
22:04:07.0798 4336 DfsC - ok
22:04:07.0876 4336 Dhcp (c56495fbd770712367cad35e5de72da6) C:\Windows\system32\dhcpcore.dll
22:04:07.0876 4336 Dhcp - ok
22:04:07.0923 4336 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
22:04:07.0938 4336 discache - ok
22:04:08.0001 4336 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
22:04:08.0016 4336 Disk - ok
22:04:08.0047 4336 Dnscache (b15be77a2bacf9c3177d27518afe26a9) C:\Windows\System32\dnsrslvr.dll
22:04:08.0063 4336 Dnscache - ok
22:04:08.0094 4336 dot3svc (4408c85c21eea48eb0ce486baeef0502) C:\Windows\System32\dot3svc.dll
22:04:08.0125 4336 dot3svc - ok
22:04:08.0188 4336 DPS (7fa81c6e11caa594adb52084da73a1e5) C:\Windows\system32\dps.dll
22:04:08.0203 4336 DPS - ok
22:04:08.0266 4336 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
22:04:08.0266 4336 drmkaud - ok
22:04:08.0344 4336 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
22:04:08.0359 4336 DXGKrnl - ok
22:04:08.0391 4336 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
22:04:08.0391 4336 EapHost - ok
22:04:08.0640 4336 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
22:04:08.0687 4336 ebdrv - ok
22:04:08.0843 4336 EFS (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\System32\lsass.exe
22:04:08.0843 4336 EFS - ok
22:04:08.0937 4336 ehRecvr (1697c39978cd69f6fbc15302edcece1f) C:\Windows\ehome\ehRecvr.exe
22:04:08.0968 4336 ehRecvr - ok
22:04:08.0999 4336 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
22:04:09.0030 4336 ehSched - ok
22:04:09.0124 4336 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
22:04:09.0124 4336 elxstor - ok
22:04:09.0155 4336 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
22:04:09.0155 4336 ErrDev - ok
22:04:09.0217 4336 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
22:04:09.0233 4336 EventSystem - ok
22:04:09.0249 4336 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
22:04:09.0264 4336 exfat - ok
22:04:09.0311 4336 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
22:04:09.0327 4336 fastfat - ok
22:04:09.0405 4336 Fax (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\Windows\system32\fxssvc.exe
22:04:09.0405 4336 Fax - ok
22:04:09.0420 4336 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
22:04:09.0436 4336 fdc - ok
22:04:09.0436 4336 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
22:04:09.0451 4336 fdPHost - ok
22:04:09.0467 4336 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
22:04:09.0467 4336 FDResPub - ok
22:04:09.0498 4336 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
22:04:09.0498 4336 FileInfo - ok
22:04:09.0514 4336 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
22:04:09.0514 4336 Filetrace - ok
22:04:09.0529 4336 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
22:04:09.0529 4336 flpydisk - ok
22:04:09.0576 4336 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
22:04:09.0576 4336 FltMgr - ok
22:04:09.0670 4336 FontCache (7fe4995528a7529a761875151ee3d512) C:\Windows\system32\FntCache.dll
22:04:09.0685 4336 FontCache - ok
22:04:09.0795 4336 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:04:09.0795 4336 FontCache3.0.0.0 - ok
22:04:09.0841 4336 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
22:04:09.0841 4336 FsDepends - ok
22:04:09.0873 4336 Fs_Rec (500a9814fd9446a8126858a5a7f7d273) C:\Windows\system32\drivers\Fs_Rec.sys
22:04:09.0873 4336 Fs_Rec - ok
22:04:09.0951 4336 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
22:04:09.0966 4336 fvevol - ok
22:04:10.0013 4336 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:04:10.0029 4336 gagp30kx - ok
22:04:10.0138 4336 GoToAssist (80d6ea9c46904608cea146c4996a824a) C:\Program Files\Citrix\GoToAssist\822\g2aservice.exe
22:04:10.0138 4336 GoToAssist - ok
22:04:10.0231 4336 gpsvc (8ba3c04702bf8f927ab36ae8313ca4ee) C:\Windows\System32\gpsvc.dll
22:04:10.0231 4336 gpsvc - ok
22:04:10.0247 4336 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
22:04:10.0278 4336 hcw85cir - ok
22:04:10.0325 4336 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:04:10.0325 4336 HDAudBus - ok
22:04:10.0356 4336 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
22:04:10.0356 4336 HidBatt - ok
22:04:10.0387 4336 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
22:04:10.0387 4336 HidBth - ok
22:04:10.0450 4336 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
22:04:10.0450 4336 HidIr - ok
22:04:10.0465 4336 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
22:04:10.0481 4336 hidserv - ok
22:04:10.0543 4336 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
22:04:10.0559 4336 HidUsb - ok
22:04:10.0590 4336 hkmsvc (741c2a45ca8407e374aaba3e330b7872) C:\Windows\system32\kmsvc.dll
22:04:10.0590 4336 hkmsvc - ok
22:04:10.0621 4336 HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\Windows\system32\ListSvc.dll
22:04:10.0621 4336 HomeGroupListener - ok
22:04:10.0668 4336 HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\Windows\system32\provsvc.dll
22:04:10.0668 4336 HomeGroupProvider - ok
22:04:10.0699 4336 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
22:04:10.0699 4336 HpSAMD - ok
22:04:10.0793 4336 HsfXAudioService (bfbdbca42710795c4446c54243970fd1) C:\Windows\system32\XAudio32.dll
22:04:10.0793 4336 HsfXAudioService - ok
22:04:10.0887 4336 HSF_DPV (0cee084d6fd31836d830054e4d55dcb1) C:\Windows\system32\DRIVERS\HSX_DPV.sys
22:04:10.0902 4336 HSF_DPV - ok
22:04:10.0949 4336 HSXHWAZL (505a930db626abb3ec1e65f056551923) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
22:04:10.0949 4336 HSXHWAZL - ok
22:04:11.0011 4336 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
22:04:11.0027 4336 HTTP - ok
22:04:11.0043 4336 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
22:04:11.0043 4336 hwpolicy - ok
22:04:11.0121 4336 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
22:04:11.0121 4336 i8042prt - ok
22:04:11.0214 4336 iaStor (d80aa0907748d7cc8efab3773f32629b) C:\Windows\system32\DRIVERS\iaStor.sys
22:04:11.0214 4336 iaStor - ok
22:04:11.0355 4336 IAStorDataMgrSvc (a9be186abf28b3d3d698cb855edf457e) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
22:04:11.0355 4336 IAStorDataMgrSvc - ok
22:04:11.0448 4336 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\DRIVERS\iaStorV.sys
22:04:11.0479 4336 iaStorV - ok
22:04:11.0651 4336 idsvc (5af815eb5bc9802e5a064e2ba62bfc0c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:04:11.0698 4336 idsvc - ok
22:04:11.0947 4336 IDSVix86 (b6662611e8fa3a71473c4a9bd0d23755) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\IPSDefs\20120202.002\IDSVix86.sys
22:04:11.0963 4336 IDSVix86 - ok
22:04:12.0634 4336 igfx (c5589781f75de0bfb26e221649c80d00) C:\Windows\system32\DRIVERS\igdkmd32.sys
22:04:12.0805 4336 igfx - ok
22:04:12.0977 4336 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
22:04:12.0977 4336 iirsp - ok
22:04:13.0071 4336 IKEEXT (fac0ee6562b121b1399d6e855583f7a5) C:\Windows\System32\ikeext.dll
22:04:13.0086 4336 IKEEXT - ok
22:04:13.0133 4336 Impcd (e3c36ac5ae87ec970ae8ea2a93d59ae1) C:\Windows\system32\DRIVERS\Impcd.sys
22:04:13.0149 4336 Impcd - ok
22:04:13.0195 4336 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
22:04:13.0195 4336 intelide - ok
22:04:13.0242 4336 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
22:04:13.0242 4336 intelppm - ok
22:04:13.0305 4336 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
22:04:13.0305 4336 IPBusEnum - ok
22:04:13.0336 4336 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:04:13.0351 4336 IpFilterDriver - ok
22:04:13.0398 4336 iphlpsvc (477397b432a256a50ee7e4339eb9ea14) C:\Windows\System32\iphlpsvc.dll
22:04:13.0414 4336 iphlpsvc - ok
22:04:13.0445 4336 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
22:04:13.0445 4336 IPMIDRV - ok
22:04:13.0461 4336 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
22:04:13.0476 4336 IPNAT - ok
22:04:13.0523 4336 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
22:04:13.0539 4336 IRENUM - ok
22:04:13.0570 4336 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
22:04:13.0570 4336 isapnp - ok
22:04:13.0601 4336 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
22:04:13.0648 4336 iScsiPrt - ok
22:04:13.0695 4336 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
22:04:13.0695 4336 kbdclass - ok
22:04:13.0757 4336 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
22:04:13.0757 4336 kbdhid - ok
22:04:13.0819 4336 KeyIso (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
22:04:13.0819 4336 KeyIso - ok
22:04:13.0835 4336 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys
22:04:13.0851 4336 KSecDD - ok
22:04:13.0866 4336 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys
22:04:13.0882 4336 KSecPkg - ok
22:04:13.0929 4336 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
22:04:13.0960 4336 KtmRm - ok
22:04:14.0022 4336 LanmanServer (8f6bf790d3168224c16f2af68a84438c) C:\Windows\System32\srvsvc.dll
22:04:14.0038 4336 LanmanServer - ok
22:04:14.0069 4336 LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\Windows\System32\wkssvc.dll
22:04:14.0069 4336 LanmanWorkstation - ok
22:04:14.0147 4336 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
22:04:14.0147 4336 lltdio - ok
22:04:14.0209 4336 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
22:04:14.0225 4336 lltdsvc - ok
22:04:14.0241 4336 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
22:04:14.0241 4336 lmhosts - ok
22:04:14.0303 4336 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:04:14.0334 4336 LSI_FC - ok
22:04:14.0350 4336 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:04:14.0350 4336 LSI_SAS - ok
22:04:14.0365 4336 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:04:14.0381 4336 LSI_SAS2 - ok
22:04:14.0397 4336 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:04:14.0397 4336 LSI_SCSI - ok
22:04:14.0443 4336 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
22:04:14.0443 4336 luafv - ok
22:04:14.0490 4336 Mcx2Svc (e2b0887816ed336685954e3d8fdaa51d) C:\Windows\system32\Mcx2Svc.dll
22:04:14.0506 4336 Mcx2Svc - ok
22:04:14.0537 4336 mdmxsdk (a027de1e6c11bd2daf61f6f276b2299f) C:\Windows\system32\DRIVERS\mdmxsdk.sys
22:04:14.0537 4336 mdmxsdk - ok
22:04:14.0568 4336 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
22:04:14.0568 4336 megasas - ok
22:04:14.0599 4336 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
22:04:14.0599 4336 MegaSR - ok
22:04:14.0646 4336 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
22:04:14.0646 4336 MMCSS - ok
22:04:14.0677 4336 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
22:04:14.0677 4336 Modem - ok
22:04:14.0740 4336 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
22:04:14.0740 4336 monitor - ok
22:04:14.0802 4336 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
22:04:14.0818 4336 mouclass - ok
22:04:14.0880 4336 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
22:04:14.0880 4336 mouhid - ok
22:04:14.0911 4336 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
22:04:14.0911 4336 mountmgr - ok
22:04:14.0927 4336 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
22:04:14.0927 4336 mpio - ok
22:04:14.0974 4336 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
22:04:14.0974 4336 mpsdrv - ok
22:04:15.0052 4336 MpsSvc (5cd996cecf45cbc3e8d109c86b82d69e) C:\Windows\system32\mpssvc.dll
22:04:15.0067 4336 MpsSvc - ok
22:04:15.0083 4336 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
22:04:15.0083 4336 MRxDAV - ok
22:04:15.0130 4336 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:04:15.0145 4336 mrxsmb - ok
22:04:15.0177 4336 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:04:15.0192 4336 mrxsmb10 - ok
22:04:15.0208 4336 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:04:15.0223 4336 mrxsmb20 - ok
22:04:15.0255 4336 msahci (cb5d37e91135b0f15cee64d1f1ba5de5) C:\Windows\system32\DRIVERS\msahci.sys
22:04:15.0270 4336 msahci - ok
22:04:15.0301 4336 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
22:04:15.0317 4336 msdsm - ok
22:04:15.0379 4336 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
22:04:15.0395 4336 MSDTC - ok
22:04:15.0457 4336 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
22:04:15.0457 4336 Msfs - ok
22:04:15.0489 4336 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
22:04:15.0489 4336 mshidkmdf - ok
22:04:15.0520 4336 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
22:04:15.0520 4336 msisadrv - ok
22:04:15.0582 4336 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
22:04:15.0598 4336 MSiSCSI - ok
22:04:15.0598 4336 msiserver - ok
22:04:15.0660 4336 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
22:04:15.0660 4336 MSKSSRV - ok
22:04:15.0738 4336 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
22:04:15.0738 4336 MSPCLOCK - ok
22:04:15.0754 4336 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
22:04:15.0754 4336 MSPQM - ok
22:04:15.0785 4336 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
22:04:15.0801 4336 MsRPC - ok
22:04:15.0832 4336 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
22:04:15.0832 4336 mssmbios - ok
22:04:15.0847 4336 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
22:04:15.0847 4336 MSTEE - ok
22:04:15.0863 4336 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
22:04:15.0863 4336 MTConfig - ok
22:04:15.0894 4336 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
22:04:15.0894 4336 Mup - ok
22:04:15.0957 4336 napagent (80284f1985c70c86f0b5f86da2dfe1df) C:\Windows\system32\qagentRT.dll
22:04:15.0972 4336 napagent - ok
22:04:16.0050 4336 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
22:04:16.0050 4336 NativeWifiP - ok
22:04:16.0347 4336 NAVENG (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\VirusDefs\20120509.002\NAVENG.SYS
22:04:16.0347 4336 NAVENG - ok
22:04:16.0471 4336 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\VirusDefs\20120509.002\NAVEX15.SYS
22:04:16.0503 4336 NAVEX15 - ok
22:04:16.0705 4336 NDIS (1f4b318f88984545cd108bd777258924) C:\Windows\system32\drivers\ndis.sys
22:04:16.0721 4336 NDIS - ok
22:04:16.0783 4336 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
22:04:16.0783 4336 NdisCap - ok
22:04:16.0846 4336 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
22:04:16.0846 4336 NdisTapi - ok
22:04:16.0893 4336 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
22:04:16.0893 4336 Ndisuio - ok
22:04:16.0924 4336 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
22:04:16.0939 4336 NdisWan - ok
22:04:16.0955 4336 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
22:04:16.0955 4336 NDProxy - ok
22:04:17.0017 4336 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
22:04:17.0017 4336 NetBIOS - ok
22:04:17.0049 4336 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
22:04:17.0049 4336 NetBT - ok
22:04:17.0111 4336 Netlogon (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
22:04:17.0111 4336 Netlogon - ok
22:04:17.0189 4336 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
22:04:17.0189 4336 Netman - ok
22:04:17.0220 4336 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
22:04:17.0220 4336 netprofm - ok
22:04:17.0345 4336 NetTcpPortSharing (fe2aa5a684b0dd9b1fae57b7817c198b) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:04:17.0392 4336 NetTcpPortSharing - ok
22:04:17.0454 4336 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
22:04:17.0470 4336 nfrd960 - ok
22:04:17.0719 4336 NIS (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe
22:04:17.0719 4336 NIS - ok
22:04:17.0813 4336 NlaSvc (2226496e34bd40734946a054b1cd657f) C:\Windows\System32\nlasvc.dll
22:04:17.0813 4336 NlaSvc - ok
22:04:17.0860 4336 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
22:04:17.0860 4336 Npfs - ok
22:04:17.0875 4336 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
22:04:17.0875 4336 nsi - ok
22:04:17.0922 4336 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
22:04:17.0922 4336 nsiproxy - ok
22:04:18.0031 4336 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
22:04:18.0063 4336 Ntfs - ok
22:04:18.0078 4336 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
22:04:18.0078 4336 Null - ok
22:04:18.0109 4336 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\DRIVERS\nvraid.sys
22:04:18.0109 4336 nvraid - ok
22:04:18.0156 4336 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\DRIVERS\nvstor.sys
22:04:18.0172 4336 nvstor - ok
22:04:18.0187 4336 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
22:04:18.0187 4336 nv_agp - ok
22:04:18.0234 4336 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
22:04:18.0234 4336 ohci1394 - ok
22:04:18.0343 4336 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:04:18.0375 4336 ose - ok
22:04:18.0718 4336 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:04:18.0749 4336 osppsvc - ok
22:04:18.0921 4336 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
22:04:18.0936 4336 p2pimsvc - ok
22:04:18.0999 4336 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
22:04:19.0030 4336 p2psvc - ok
22:04:19.0077 4336 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
22:04:19.0077 4336 Parport - ok
22:04:19.0108 4336 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
22:04:19.0108 4336 partmgr - ok
22:04:19.0139 4336 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
22:04:19.0139 4336 Parvdm - ok
22:04:19.0170 4336 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
22:04:19.0186 4336 PcaSvc - ok
22:04:19.0248 4336 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
22:04:19.0264 4336 pci - ok
22:04:19.0279 4336 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
22:04:19.0279 4336 pciide - ok
22:04:19.0311 4336 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
22:04:19.0326 4336 pcmcia - ok
22:04:19.0357 4336 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
22:04:19.0357 4336 pcw - ok
22:04:19.0435 4336 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
22:04:19.0451 4336 PEAUTH - ok
22:04:19.0591 4336 pla (9c1bff7910c89a1d12e57343475840cb) C:\Windows\system32\pla.dll
22:04:19.0623 4336 pla - ok
22:04:19.0810 4336 PlugPlay (71def5ec79774c798342d0ea16e41780) C:\Windows\system32\umpnpmgr.dll
22:04:19.0825 4336 PlugPlay - ok
22:04:19.0841 4336 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
22:04:19.0841 4336 PNRPAutoReg - ok
22:04:19.0888 4336 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
22:04:19.0888 4336 PNRPsvc - ok
22:04:19.0981 4336 PolicyAgent (48e1b75c6dc0232fd92baae4bd344721) C:\Windows\System32\ipsecsvc.dll
22:04:19.0997 4336 PolicyAgent - ok
22:04:20.0059 4336 Power (dbff83f709a91049621c1d35dd45c92c) C:\Windows\system32\umpo.dll
22:04:20.0059 4336 Power - ok
22:04:20.0169 4336 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
22:04:20.0169 4336 PptpMiniport - ok
22:04:20.0215 4336 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
22:04:20.0231 4336 Processor - ok
22:04:20.0278 4336 ProfSvc (630cf26f0227498b7d5a92b12548960f) C:\Windows\system32\profsvc.dll
22:04:20.0293 4336 ProfSvc - ok
22:04:20.0340 4336 ProtectedStorage (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
22:04:20.0340 4336 ProtectedStorage - ok
22:04:20.0403 4336 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
22:04:20.0403 4336 Psched - ok
22:04:20.0512 4336 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
22:04:20.0543 4336 ql2300 - ok
22:04:20.0668 4336 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
22:04:20.0668 4336 ql40xx - ok
22:04:20.0715 4336 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
22:04:20.0730 4336 QWAVE - ok
22:04:20.0761 4336 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
22:04:20.0761 4336 QWAVEdrv - ok
22:04:20.0777 4336 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
22:04:20.0777 4336 RasAcd - ok
22:04:20.0839 4336 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:04:20.0839 4336 RasAgileVpn - ok
22:04:20.0886 4336 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
22:04:20.0886 4336 RasAuto - ok
22:04:20.0917 4336 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:04:20.0917 4336 Rasl2tp - ok
22:04:20.0949 4336 RasMan (0ce66ec736b7fc526d78f7624c7d2a94) C:\Windows\System32\rasmans.dll
22:04:20.0964 4336 RasMan - ok
22:04:20.0980 4336 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
22:04:20.0980 4336 RasPppoe - ok
22:04:21.0042 4336 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
22:04:21.0058 4336 RasSstp - ok
22:04:21.0089 4336 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
22:04:21.0105 4336 rdbss - ok
22:04:21.0136 4336 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
22:04:21.0136 4336 rdpbus - ok
22:04:21.0151 4336 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:04:21.0151 4336 RDPCDD - ok
22:04:21.0198 4336 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
22:04:21.0198 4336 RDPENCDD - ok
22:04:21.0229 4336 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
22:04:21.0229 4336 RDPREFMP - ok
22:04:21.0292 4336 RDPWD (0399c725a9c95a6f1862b93f008ddf4a) C:\Windows\system32\drivers\RDPWD.sys
22:04:21.0323 4336 RDPWD - ok
22:04:21.0401 4336 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
22:04:21.0417 4336 rdyboost - ok
22:04:21.0448 4336 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
22:04:21.0448 4336 RemoteAccess - ok
22:04:21.0495 4336 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
22:04:21.0495 4336 RemoteRegistry - ok
22:04:21.0541 4336 rimmptsk (df672613fbbcd58c38bb0bc2694bcfb0) C:\Windows\system32\DRIVERS\rimmptsk.sys
22:04:21.0557 4336 rimmptsk - ok
22:04:21.0588 4336 rimspci (af213955c4d952c914620e8db0cd0cf7) C:\Windows\system32\DRIVERS\rimspe86.sys
22:04:21.0604 4336 rimspci - ok
22:04:21.0651 4336 rimsptsk (9bfb54d3559f2ff7301271d29d383564) C:\Windows\system32\DRIVERS\rimsptsk.sys
22:04:21.0651 4336 rimsptsk - ok
22:04:21.0666 4336 risdpcie (6978decc2c38c5ce10a8b0f2b12f4451) C:\Windows\system32\DRIVERS\risdpe86.sys
22:04:21.0666 4336 risdpcie - ok
22:04:21.0713 4336 rismxdp (dcb87da83cc1010cbc9fc4dc9e395bbc) C:\Windows\system32\DRIVERS\rixdptsk.sys
22:04:21.0713 4336 rismxdp - ok
22:04:21.0744 4336 rixdpcie (764c1f3453e779724ba647327de7ddd4) C:\Windows\system32\DRIVERS\rixdpe86.sys
22:04:21.0744 4336 rixdpcie - ok
22:04:21.0760 4336 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
22:04:21.0760 4336 RpcEptMapper - ok
22:04:21.0791 4336 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
22:04:21.0807 4336 RpcLocator - ok
22:04:21.0853 4336 RpcSs (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
22:04:21.0869 4336 RpcSs - ok
22:04:21.0931 4336 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
22:04:21.0931 4336 rspndr - ok
22:04:22.0009 4336 RTL8167 (26a9d6227d12b9d9da5a81bb9b55d810) C:\Windows\system32\DRIVERS\Rt86win7.sys
22:04:22.0025 4336 RTL8167 - ok
22:04:22.0072 4336 SamSs (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
22:04:22.0087 4336 SamSs - ok
22:04:22.0134 4336 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
22:04:22.0150 4336 sbp2port - ok
22:04:22.0181 4336 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
22:04:22.0197 4336 SCardSvr - ok
22:04:22.0212 4336 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
22:04:22.0212 4336 scfilter - ok
22:04:22.0353 4336 Schedule (df1e5c82e4d09cf8105cc644980c4803) C:\Windows\system32\schedsvc.dll
22:04:22.0368 4336 Schedule - ok
22:04:22.0399 4336 SCPolicySvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
22:04:22.0399 4336 SCPolicySvc - ok
22:04:22.0431 4336 SDRSVC (5fd90abdbfaee85986802622cbb03446) C:\Windows\System32\SDRSVC.dll
22:04:22.0462 4336 SDRSVC - ok
22:04:22.0509 4336 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:04:22.0509 4336 secdrv - ok
22:04:22.0540 4336 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
22:04:22.0540 4336 seclogon - ok
22:04:22.0571 4336 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
22:04:22.0571 4336 SENS - ok
22:04:22.0602 4336 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
22:04:22.0602 4336 SensrSvc - ok
22:04:22.0633 4336 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
22:04:22.0633 4336 Serenum - ok
22:04:22.0649 4336 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
22:04:22.0680 4336 Serial - ok
22:04:22.0680 4336 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
22:04:22.0680 4336 sermouse - ok
22:04:22.0743 4336 SessionEnv (8f55ce568c543d5adf45c409d16718fc) C:\Windows\system32\sessenv.dll
22:04:22.0743 4336 SessionEnv - ok
22:04:22.0758 4336 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
22:04:22.0758 4336 sffdisk - ok
22:04:22.0789 4336 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
22:04:22.0789 4336 sffp_mmc - ok
22:04:22.0805 4336 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
22:04:22.0821 4336 sffp_sd - ok
22:04:22.0821 4336 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
22:04:22.0836 4336 sfloppy - ok
22:04:22.0930 4336 Sftfs (d9b734638dd8dba9d59aad3189cd0fad) C:\Windows\system32\DRIVERS\Sftfslh.sys
22:04:22.0945 4336 Sftfs - ok
22:04:23.0086 4336 sftlist (cb73bc422c07fb611f194da18d1e7f36) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
22:04:23.0086 4336 sftlist - ok
22:04:23.0117 4336 Sftplay (2f61bd46c0bff4eb36e1e359ca17bfc5) C:\Windows\system32\DRIVERS\Sftplaylh.sys
22:04:23.0133 4336 Sftplay - ok
22:04:23.0148 4336 Sftredir (518bac0179f94304f422696b47c0ec12) C:\Windows\system32\DRIVERS\Sftredirlh.sys
22:04:23.0164 4336 Sftredir - ok
22:04:23.0195 4336 Sftvol (747325236d88b3f05ffd27ff9ec711c5) C:\Windows\system32\DRIVERS\Sftvollh.sys
22:04:23.0195 4336 Sftvol - ok
22:04:23.0226 4336 sftvsa (a5812f0281ca5081bf696626f9bf324d) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
22:04:23.0226 4336 sftvsa - ok
22:04:23.0304 4336 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
22:04:23.0335 4336 SharedAccess - ok
22:04:23.0398 4336 ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\Windows\System32\shsvcs.dll
22:04:23.0413 4336 ShellHWDetection - ok
22:04:23.0460 4336 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
22:04:23.0460 4336 sisagp - ok
22:04:23.0523 4336 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:04:23.0523 4336 SiSRaid2 - ok
22:04:23.0554 4336 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
22:04:23.0554 4336 SiSRaid4 - ok
22:04:23.0663 4336 SkypeUpdate (17eab7852ff9f15fbaab4e95efc0b812) C:\Program Files\Skype\Updater\Updater.exe
22:04:23.0663 4336 SkypeUpdate - ok
22:04:23.0694 4336 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
22:04:23.0694 4336 Smb - ok
22:04:23.0757 4336 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
22:04:23.0772 4336 SNMPTRAP - ok
22:04:23.0788 4336 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
22:04:23.0788 4336 spldr - ok
22:04:23.0850 4336 Spooler (d1bb750eb51694de183e08b9c33be5b2) C:\Windows\System32\spoolsv.exe
22:04:23.0850 4336 Spooler - ok
22:04:24.0084 4336 sppsvc (4c287f9069fedbd791178876ee9de536) C:\Windows\system32\sppsvc.exe
22:04:24.0131 4336 sppsvc - ok
22:04:24.0256 4336 sppuinotify (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\Windows\system32\sppuinotify.dll
22:04:24.0256 4336 sppuinotify - ok
22:04:24.0443 4336 SRTSP (9dd258ee034afd36259cb7357e19d0b1) C:\Windows\system32\drivers\NIS\1307000.009\SRTSP.SYS
22:04:24.0459 4336 SRTSP - ok
22:04:24.0505 4336 SRTSPX (0cc3a10f363436c7b478419eb73f8d91) C:\Windows\system32\drivers\NIS\1307000.009\SRTSPX.SYS
22:04:24.0505 4336 SRTSPX - ok
22:04:24.0568 4336 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
22:04:24.0568 4336 srv - ok
22:04:24.0630 4336 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
22:04:24.0630 4336 srv2 - ok
22:04:24.0661 4336 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
22:04:24.0661 4336 srvnet - ok
22:04:24.0724 4336 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
22:04:24.0739 4336 SSDPSRV - ok
22:04:24.0771 4336 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
22:04:24.0786 4336 SstpSvc - ok
22:04:24.0849 4336 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
22:04:24.0864 4336 stexstor - ok
22:04:24.0942 4336 StiSvc (a22825e7bb7018e8af3e229a5af17221) C:\Windows\System32\wiaservc.dll
22:04:24.0942 4336 StiSvc - ok
22:04:24.0973 4336 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
22:04:24.0973 4336 swenum - ok
22:04:25.0005 4336 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
22:04:25.0036 4336 swprv - ok
22:04:25.0145 4336 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\Windows\system32\drivers\NIS\1307000.009\SYMDS.SYS
22:04:25.0161 4336 SymDS - ok
22:04:25.0285 4336 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\Windows\system32\drivers\NIS\1307000.009\SYMEFA.SYS
22:04:25.0332 4336 SymEFA - ok
22:04:25.0426 4336 SymEvent (74e2521e96176a4449570e50be91954d) C:\Windows\system32\Drivers\SYMEVENT.SYS
22:04:25.0441 4336 SymEvent - ok
22:04:25.0473 4336 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\Windows\system32\drivers\NIS\1307000.009\Ironx86.SYS
22:04:25.0488 4336 SymIRON - ok
22:04:25.0613 4336 SymNetS (3ee215d6fe821e3edf0f7134d9ae905a) C:\Windows\system32\drivers\NIS\1307000.009\SYMNETS.SYS
22:04:25.0629 4336 SymNetS - ok
22:04:25.0738 4336 SysMain (04105c8da62353589c29bdaeb8d88bd8) C:\Windows\system32\sysmain.dll
22:04:25.0769 4336 SysMain - ok
22:04:25.0800 4336 TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\Windows\System32\TabSvc.dll
22:04:25.0800 4336 TabletInputService - ok
22:04:25.0831 4336 TapiSrv (2f46b0c70a4adc8c90cf825da3b4feaf) C:\Windows\System32\tapisrv.dll
22:04:25.0847 4336 TapiSrv - ok
22:04:25.0863 4336 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
22:04:25.0878 4336 TBS - ok
22:04:26.0019 4336 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys
22:04:26.0081 4336 Tcpip - ok
22:04:26.0097 4336 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys
22:04:26.0112 4336 TCPIP6 - ok
22:04:26.0159 4336 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
22:04:26.0159 4336 tcpipreg - ok
22:04:26.0190 4336 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
22:04:26.0190 4336 TDPIPE - ok
22:04:26.0253 4336 TDTCP (7156308896d34ea75a582f9a09e50c17) C:\Windows\system32\drivers\tdtcp.sys
22:04:26.0268 4336 TDTCP - ok
22:04:26.0299 4336 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
22:04:26.0299 4336 tdx - ok
22:04:26.0331 4336 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
22:04:26.0331 4336 TermDD - ok
22:04:26.0393 4336 TermService (a01e50a04d7b1960b33e92b9080e6a94) C:\Windows\System32\termsrv.dll
22:04:26.0409 4336 TermService - ok
22:04:26.0440 4336 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
22:04:26.0440 4336 Themes - ok
22:04:26.0487 4336 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
22:04:26.0487 4336 THREADORDER - ok
22:04:26.0518 4336 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
22:04:26.0518 4336 TrkWks - ok
22:04:26.0596 4336 TrustedInstaller (41a4c781d2286208d397d72099304133) C:\Windows\servicing\TrustedInstaller.exe
22:04:26.0596 4336 TrustedInstaller - ok
22:04:26.0627 4336 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:04:26.0627 4336 tssecsrv - ok
22:04:26.0705 4336 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
22:04:26.0705 4336 tunnel - ok
22:04:26.0736 4336 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
22:04:26.0767 4336 uagp35 - ok
22:04:26.0814 4336 udfs (eb0a7bd4d471ac3ce55564a4c55b9d8e) C:\Windows\system32\DRIVERS\udfs.sys
22:04:26.0830 4336 udfs - ok
22:04:26.0877 4336 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
22:04:26.0877 4336 UI0Detect - ok
22:04:26.0939 4336 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
22:04:26.0955 4336 uliagpkx - ok
22:04:27.0001 4336 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
22:04:27.0001 4336 umbus - ok
22:04:27.0017 4336 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
22:04:27.0033 4336 UmPass - ok
22:04:27.0079 4336 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
22:04:27.0079 4336 upnphost - ok
22:04:27.0095 4336 usbccgp (5c233aefb566ee78c1efbc0493fb066a) C:\Windows\system32\DRIVERS\usbccgp.sys
22:04:27.0111 4336 usbccgp - ok
22:04:27.0142 4336 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
22:04:27.0157 4336 usbcir - ok
22:04:27.0189 4336 usbehci (5b71019a6aca0116fd21b368f19c0b91) C:\Windows\system32\DRIVERS\usbehci.sys
22:04:27.0189 4336 usbehci - ok
22:04:27.0251 4336 usbhub (5823d3965c2a4f6f785ed1a3b403f3b8) C:\Windows\system32\DRIVERS\usbhub.sys
22:04:27.0267 4336 usbhub - ok
22:04:27.0298 4336 usbohci (e753ed6c49da13967ebabf9ea616454a) C:\Windows\system32\DRIVERS\usbohci.sys
22:04:27.0298 4336 usbohci - ok
22:04:27.0329 4336 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
22:04:27.0329 4336 usbprint - ok
22:04:27.0391 4336 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:04:27.0391 4336 USBSTOR - ok
22:04:27.0423 4336 usbuhci (6a30928a469ce802600e1ea8c0f2f53f) C:\Windows\system32\DRIVERS\usbuhci.sys
22:04:27.0438 4336 usbuhci - ok
22:04:27.0485 4336 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\system32\Drivers\usbvideo.sys
22:04:27.0501 4336 usbvideo - ok
22:04:27.0547 4336 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
22:04:27.0547 4336 UxSms - ok
22:04:27.0610 4336 VaultSvc (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
22:04:27.0610 4336 VaultSvc - ok
22:04:27.0672 4336 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
22:04:27.0672 4336 vdrvroot - ok
22:04:27.0719 4336 vds (8c4e7c49d3641bc9e299e466a7f8867d) C:\Windows\System32\vds.exe
22:04:27.0735 4336 vds - ok
22:04:27.0797 4336 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
22:04:27.0797 4336 vga - ok
22:04:27.0813 4336 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
22:04:27.0813 4336 VgaSave - ok
22:04:27.0844 4336 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
22:04:27.0859 4336 vhdmp - ok
22:04:27.0906 4336 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
22:04:27.0906 4336 viaagp - ok
22:04:27.0937 4336 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
22:04:27.0937 4336 ViaC7 - ok
22:04:27.0969 4336 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
22:04:27.0969 4336 viaide - ok
22:04:28.0000 4336 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
22:04:28.0000 4336 volmgr - ok
22:04:28.0047 4336 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
22:04:28.0062 4336 volmgrx - ok
22:04:28.0171 4336 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
22:04:28.0203 4336 volsnap - ok
22:04:28.0265 4336 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
22:04:28.0265 4336 vsmraid - ok
22:04:28.0374 4336 VSS (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\Windows\system32\vssvc.exe
22:04:28.0437 4336 VSS - ok
22:04:28.0452 4336 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
22:04:28.0468 4336 vwifibus - ok
22:04:28.0515 4336 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
22:04:28.0515 4336 vwififlt - ok
22:04:28.0561 4336 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
22:04:28.0561 4336 vwifimp - ok
22:04:28.0624 4336 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
22:04:28.0639 4336 W32Time - ok
22:04:28.0671 4336 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
22:04:28.0686 4336 WacomPen - ok
22:04:28.0733 4336 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
22:04:28.0733 4336 WANARP - ok
22:04:28.0749 4336 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
22:04:28.0749 4336 Wanarpv6 - ok
22:04:28.0920 4336 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
22:04:29.0014 4336 WatAdminSvc - ok
22:04:29.0139 4336 wbengine (7790b77fe1e5ee47dcc66247095bb4c9) C:\Windows\system32\wbengine.exe
22:04:29.0170 4336 wbengine - ok
22:04:29.0201 4336 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
22:04:29.0217 4336 WbioSrvc - ok
22:04:29.0263 4336 wcncsvc (6d9b75275c3e3a5f51aef81affadb2b6) C:\Windows\System32\wcncsvc.dll
22:04:29.0263 4336 wcncsvc - ok
22:04:29.0295 4336 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
22:04:29.0295 4336 WcsPlugInService - ok
22:04:29.0373 4336 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
22:04:29.0373 4336 Wd - ok
22:04:29.0435 4336 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
22:04:29.0451 4336 Wdf01000 - ok
22:04:29.0482 4336 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
22:04:29.0482 4336 WdiServiceHost - ok
22:04:29.0497 4336 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
22:04:29.0497 4336 WdiSystemHost - ok
22:04:29.0544 4336 WebClient (bb5ec38f8d4600119b4720bc5d4211f1) C:\Windows\System32\webclnt.dll
22:04:29.0544 4336 WebClient - ok
22:04:29.0575 4336 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
22:04:29.0591 4336 Wecsvc - ok
22:04:29.0607 4336 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
22:04:29.0622 4336 wercplsupport - ok
22:04:29.0700 4336 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
22:04:29.0700 4336 WerSvc - ok
22:04:29.0794 4336 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
22:04:29.0794 4336 WfpLwf - ok
22:04:29.0809 4336 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
22:04:29.0809 4336 WIMMount - ok
22:04:29.0934 4336 winachsf (34b24b7a741f0dec40699403c43a7093) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
22:04:29.0950 4336 winachsf - ok
22:04:30.0059 4336 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
22:04:30.0075 4336 WinDefend - ok
22:04:30.0090 4336 WinHttpAutoProxySvc - ok
22:04:30.0262 4336 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
22:04:30.0277 4336 Winmgmt - ok
22:04:30.0371 4336 WinRM (c4f5d3901d1b41d602ddc196e0b95b51) C:\Windows\system32\WsmSvc.dll
22:04:30.0402 4336 WinRM - ok
22:04:30.0543 4336 WinUsb (b5ba3cc19d00f2eba92f1cfbebb5d650) C:\Windows\system32\DRIVERS\WinUsb.sys
22:04:30.0543 4336 WinUsb - ok
22:04:30.0636 4336 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
22:04:30.0652 4336 Wlansvc - ok
22:04:30.0714 4336 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
22:04:30.0714 4336 WmiAcpi - ok
22:04:30.0792 4336 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
22:04:30.0823 4336 wmiApSrv - ok
22:04:31.0011 4336 WMPNetworkSvc (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe
22:04:31.0026 4336 WMPNetworkSvc - ok
22:04:31.0057 4336 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
22:04:31.0073 4336 WPCSvc - ok
22:04:31.0104 4336 WPDBusEnum (b7f658a2ebc07129538ad9ab35212637) C:\Windows\system32\wpdbusenum.dll
22:04:31.0104 4336 WPDBusEnum - ok
22:04:31.0182 4336 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
22:04:31.0182 4336 ws2ifsl - ok
22:04:31.0213 4336 wscsvc (a661a76333057b383a06e65f0073222f) C:\Windows\system32\wscsvc.dll
22:04:31.0213 4336 wscsvc - ok
22:04:31.0276 4336 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
22:04:31.0276 4336 WSDPrintDevice - ok
22:04:31.0291 4336 WSDScan (7dc0270cfd4a05b4112e3ebbf083b595) C:\Windows\system32\DRIVERS\WSDScan.sys
22:04:31.0291 4336 WSDScan - ok
22:04:31.0307 4336 WSearch - ok
22:04:31.0447 4336 wuauserv (a33408cc036f9c08142b11be5e93f0a1) C:\Windows\system32\wuaueng.dll
22:04:31.0494 4336 wuauserv - ok
22:04:31.0681 4336 WudfPf (a52494b107afc92ddca21f0b64f83376) C:\Windows\system32\drivers\WudfPf.sys
22:04:31.0681 4336 WudfPf - ok
22:04:31.0728 4336 wudfsvc (f1fcb56102a8373ed86b6ff08fb17d67) C:\Windows\System32\WUDFSvc.dll
22:04:31.0744 4336 wudfsvc - ok
22:04:31.0775 4336 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
22:04:31.0791 4336 WwanSvc - ok
22:04:31.0822 4336 XAudio (311faffb280fca0d4a7739e2474eac9f) C:\Windows\system32\DRIVERS\XAudio32.sys
22:04:31.0822 4336 XAudio - ok
22:04:31.0869 4336 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:04:32.0009 4336 \Device\Harddisk0\DR0 - ok
22:04:32.0009 4336 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
22:04:37.0048 4336 \Device\Harddisk1\DR1 - ok
22:04:37.0048 4336 Boot (0x1200) (029c4d9899a63c24c2b62dd8f7fc1216) \Device\Harddisk0\DR0\Partition0
22:04:37.0063 4336 \Device\Harddisk0\DR0\Partition0 - ok
22:04:37.0110 4336 Boot (0x1200) (d6c7cbd83af1bd4d2fb45d3c7556c587) \Device\Harddisk0\DR0\Partition1
22:04:37.0110 4336 \Device\Harddisk0\DR0\Partition1 - ok
22:04:37.0126 4336 Boot (0x1200) (b0801f2a06e27ccd94a3cbde8cc06137) \Device\Harddisk1\DR1\Partition0
22:04:37.0126 4336 \Device\Harddisk1\DR1\Partition0 - ok
22:04:37.0126 4336 ============================================================
22:04:37.0126 4336 Scan finished
22:04:37.0126 4336 ============================================================
22:04:37.0157 5436 Detected object count: 0
22:04:37.0157 5436 Actual detected object count: 0

#13 fiery

fiery
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 09 May 2012 - 09:28 PM

Combo fix log:
ComboFix 12-05-09.01 - laptop 05/09/2012 22:14:38.2.1 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2012.1042 [GMT -4:00]
Running from: c:\users\laptop\Downloads\ComboFix.exe
Command switches used :: c:\users\laptop\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-10 to 2012-05-10 )))))))))))))))))))))))))))))))
.
.
2012-05-09 05:37 . 2012-05-09 05:38 -------- d-----w- C:\FRST
2012-05-08 22:39 . 2012-05-09 01:10 -------- d-----w- c:\users\Sina\AppData\Roaming\Skype
2012-05-06 03:54 . 2012-03-06 05:59 3971440 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-06 03:54 . 2012-03-06 05:59 3915632 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-06 03:27 . 2012-05-06 03:27 -------- d-----w- c:\users\laptop\AppData\Local\CrashDumps
2012-05-06 03:06 . 2012-05-06 03:13 -------- d-----w- c:\users\laptop\AppData\Local\NPE
2012-05-04 01:31 . 2012-05-06 03:42 -------- d-----w- c:\windows\system32\DBBK
2012-05-04 00:18 . 2012-05-04 00:18 -------- d-----w- c:\users\Public\Sina
2012-05-03 22:56 . 2012-05-03 22:56 -------- d-----w- c:\users\laptop\AppData\Roaming\Malwarebytes
2012-05-03 22:56 . 2012-05-03 22:56 -------- d-----w- c:\programdata\Malwarebytes
2012-05-03 22:56 . 2012-05-04 00:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-11 09:45 . 2012-04-11 09:45 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-29 03:09 . 2012-02-29 03:09 0 ----a-w- c:\windows\system32\sho36D0.tmp
2012-02-15 05:44 . 2012-03-13 19:34 826368 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-15 04:22 . 2012-03-13 19:34 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:22 . 2012-03-13 19:34 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-14 16:09 . 2012-02-14 16:09 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-10 05:41 . 2012-03-13 19:35 1074176 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:41 . 2012-03-13 19:35 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-10 05:41 . 2012-03-13 19:35 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-10 05:41 . 2012-03-13 19:35 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-10 05:41 . 2012-03-13 19:35 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-02-21 17:18 . 2011-11-07 20:09 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\Erica\AppData\Roaming\Skype ----
.
2012-03-29 09:57 . 2012-03-29 09:57 380928 ----a-w- c:\users\Erica\AppData\Roaming\Skype\Skype\ezbdzgg.dll
2012-02-25 22:58 . 2012-02-25 22:58 12824 ----a-w- c:\users\Erica\AppData\Roaming\Skype\shared_httpfe\queue.db-journal
2012-02-25 22:58 . 2012-02-25 22:58 36864 ----a-w- c:\users\Erica\AppData\Roaming\Skype\shared_httpfe\queue.db
2012-02-25 22:58 . 2012-02-25 22:58 0 ----a-w- c:\users\Erica\AppData\Roaming\Skype\shared_httpfe\queue.lock
2012-02-25 22:58 . 2012-02-26 01:47 1499 ----a-w- c:\users\Erica\AppData\Roaming\Skype\shared.xml
2012-02-25 22:58 . 2012-02-25 22:58 718712 ----a-w- c:\users\Erica\AppData\Roaming\Skype\shared_dynco\dc.db-journal
2012-02-25 22:58 . 2012-02-25 22:58 753664 ----a-w- c:\users\Erica\AppData\Roaming\Skype\shared_dynco\dc.db
2012-02-25 22:58 . 2012-02-25 22:58 0 ----a-w- c:\users\Erica\AppData\Roaming\Skype\shared_dynco\dc.lock
2012-02-25 22:58 . 2012-02-25 22:58 0 ----a-w- c:\users\Erica\AppData\Roaming\Skype\shared.lck
.
---- Directory of c:\users\laptop\AppData\Roaming\Skype ----
.
2012-03-01 21:18 . 2012-03-01 21:18 12824 ----a-w- c:\users\laptop\AppData\Roaming\Skype\shared_httpfe\queue.db-journal
2012-03-01 21:18 . 2012-03-01 21:18 36864 ----a-w- c:\users\laptop\AppData\Roaming\Skype\shared_httpfe\queue.db
2012-03-01 21:18 . 2012-03-01 21:18 0 ----a-w- c:\users\laptop\AppData\Roaming\Skype\shared_httpfe\queue.lock
2012-03-01 21:18 . 2012-05-10 01:13 1820 ----a-w- c:\users\laptop\AppData\Roaming\Skype\shared.xml
2012-03-01 21:18 . 2012-05-10 01:17 718712 ----a-w- c:\users\laptop\AppData\Roaming\Skype\shared_dynco\dc.db-journal
2012-03-01 21:18 . 2012-05-10 01:17 753664 ----a-w- c:\users\laptop\AppData\Roaming\Skype\shared_dynco\dc.db
2012-03-01 21:18 . 2012-03-01 21:18 0 ----a-w- c:\users\laptop\AppData\Roaming\Skype\shared_dynco\dc.lock
2012-03-01 21:18 . 2012-03-01 21:18 0 ----a-w- c:\users\laptop\AppData\Roaming\Skype\shared.lck
.
---- Directory of c:\users\RJ\AppData\Roaming\Skype ----
.
2012-04-09 14:45 . 2012-04-09 14:45 1955 ----a-w- c:\users\RJ\AppData\Roaming\Skype\dontlookthatway\chatsync\73\73fa0a41aad99710.dat
2012-04-09 14:30 . 2012-04-09 14:32 19137 ----a-w- c:\users\RJ\AppData\Roaming\Skype\dontlookthatway\chatsync\b3\b3f69bea31ffae5d.dat
2012-04-09 14:30 . 2012-04-09 14:54 13982 ----a-w- c:\users\RJ\AppData\Roaming\Skype\dontlookthatway\chatsync\be\be3395908e97d89b.dat
2012-04-09 14:30 . 2012-04-09 14:34 90276 ----a-w- c:\users\RJ\AppData\Roaming\Skype\dontlookthatway\chatsync\08\08578e440b71201f.dat
2012-04-09 14:30 . 2012-04-09 14:32 48212 ----a-w- c:\users\RJ\AppData\Roaming\Skype\dontlookthatway\chatsync\7f\7fc3696328dba0ba.dat
2012-04-09 14:30 . 2012-04-09 14:36 3447 ----a-w- c:\users\RJ\AppData\Roaming\Skype\dontlookthatway\chatsync\87\878e67ecbdcff867.dat
2012-04-09 14:30 . 2012-04-09 14:30 7554 ----a-w- c:\users\RJ\AppData\Roaming\Skype\dontlookthatway\chatsync\93\93a7faf835d4aba3.dat
2012-04-09 14:30 . 2012-04-09 14:48 7254 ----a-w- c:\users\RJ\AppData\Roaming\Skype\dontlookthatway\chatsync\53\5391012cf655b6a7.dat
2012-04-09 14:29 . 2012-04-09 14:38 4244 ----a-w- c:\users\RJ\AppData\Roaming\Skype\dontlookthatway\chatsync\c6\c671f824d4c6517f.dat
2012-04-09 14:29 . 2012-04-09 14:32 9395 ----a-w- c:\users\RJ\AppData\Roaming\Skype\dontlookthatway\chatsync\46\46bd74c313e9799a.dat
2012-04-09 14:29 . 2012-04-09 14:32 19033 ----a-w- c:\users\RJ\AppData\Roaming\Skype\dontlookthatway\chatsync\41\41ba3dc7eb8302ae.dat
2012-04-09 14:29 . 2012-04-09 14:30 9486 ----a-w- c:\users\RJ\AppData\Roaming\Skype\dontlookthatway\chatsync\ba\bacfc9627cd6d9b5.dat
2012-04-09 14:29 . 2012-04-09 14:32 9510 ----a-w- c:\users\RJ\AppData\Roaming\Skype\dontlookthatway\chatsync\9a\9af35a6f7fa229f6.dat
2012-04-09 14:29 . 2012-04-09 14:30 3227 ----a-w- c:\users\RJ\AppData\Roaming\Skype\dontlookthatway\chatsync\73\735b36c85df986b3.dat
2012-04-09 14:29 . 2012-04-09 14:29 33344 ----a-w- c:\users\RJ\AppData\Roaming\Skype\dontlookthatway\keyval.db-journal
2012-04-09 14:29 . 2012-04-09 14:51 25136 ----a-w- c:\users\RJ\AppData\Roaming\Skype\dontlookthatway\dc.db-journal
2012-04-09 14:29 . 2012-04-09 14:54 33344 ----a-w- c:\users\RJ\AppData\Roaming\Skype\dontlookthatway\bistats.db-journal
2012-04-09 14:29 . 2012-04-09 14:54 246752 ----a-w- c:\users\RJ\AppData\Roaming\Skype\dontlookthatway\main.db-journal
2012-04-09 14:29 . 2012-04-09 14:29 1544 ----a-w- c:\users\RJ\AppData\Roaming\Skype\temp-9pNq66V5kcZY3ACcivyVeWbN
2012-04-09 14:29 . 2012-04-09 14:29 0 ----a-w- c:\users\RJ\AppData\Roaming\Skype\shared_httpfe\queue.lock
2012-04-09 14:29 . 2012-04-09 14:29 4616 ----a-w- c:\users\RJ\AppData\Roaming\Skype\shared_dynco\dc.db-journal
2012-04-09 14:29 . 2012-04-09 14:29 0 ----a-w- c:\users\RJ\AppData\Roaming\Skype\shared_dynco\dc.lock
2012-03-27 16:37 . 2012-03-27 16:45 7938 ----a-w- c:\users\RJ\AppData\Roaming\Skype\dontlookthatway\chatsync\f1\f18572ef9f782476.dat
2012-03-27 16:36 . 2012-03-27 16:38 2963 ----a-w- c:\users\RJ\AppData\Roaming\Skype\dontlookthatway\chatsync\e6\e61764fb05cfb2b2.dat
2012-03-27 16:36 . 2012-04-09 14:30 19417 ----a-w- c:\users\RJ\AppData\Roaming\Skype\dontlookthatway\chatsync\23\239db6ccc850a2c7.dat
2012-03-27 16:36 . 2012-04-09 14:30 23205 ----a-w- c:\users\RJ\AppData\Roaming\Skype\dontlookthatway\chatsync\83\8338e655264cef74.dat
2012-03-27 16:36 . 2012-04-09 14:30 22140 ----a-w- c:\users\RJ\AppData\Roaming\Skype\dontlookthatway\chatsync\b2\b252741646a79b39.dat
2012-03-27 16:36 . 2012-04-09 14:30 18216 ----a-w- c:\users\RJ\AppData\Roaming\Skype\dontlookthatway\chatsync\95\954d58532f4bdb6a.dat
2012-03-27 16:36 . 2012-03-27 16:36 2973 ----a-w- c:\users\RJ\AppData\Roaming\Skype\dontlookthatway\chatsync\bb\bbb7d661b5f773b0.dat
2012-03-27 16:36 . 2012-04-09 14:29 6288 ----a-w- c:\users\RJ\AppData\Roaming\Skype\dontlookthatway\chatsync\97\97022523090f8b7a.dat
2012-02-28 12:27 . 2012-04-09 14:54 134 ----a-w- c:\users\RJ\AppData\Roaming\Skype\dontlookthatway\httpfe\cookies.dat
2012-02-28 12:16 . 2012-02-28 12:16 205451 ----a-w- c:\users\RJ\AppData\Roaming\Skype\Pictures\Picture of me 1.png
2012-02-28 12:16 . 2012-03-27 16:36 3545 ----a-w- c:\users\RJ\AppData\Roaming\Skype\dontlookthatway\chatsync\97\974aa9468e92f529.dat
2012-02-28 12:16 . 2012-03-27 16:36 6331 ----a-w- c:\users\RJ\AppData\Roaming\Skype\dontlookthatway\chatsync\5a\5a9c8facf084ff27.dat
2012-02-28 12:16 . 2012-04-09 14:51 45056 ----a-w- c:\users\RJ\AppData\Roaming\Skype\dontlookthatway\dc.db
2012-02-28 12:16 . 2012-03-27 16:37 2338 ----a-w- c:\users\RJ\AppData\Roaming\Skype\dontlookthatway\chatsync\08\08fa6ba83353af13.dat
2012-02-28 12:16 . 2012-04-09 14:54 61440 ----a-w- c:\users\RJ\AppData\Roaming\Skype\dontlookthatway\bistats.db
2012-02-28 12:16 . 2012-04-09 14:54 8222 ----a-w- c:\users\RJ\AppData\Roaming\Skype\dontlookthatway\config.xml
2012-02-28 12:16 . 2012-02-28 12:16 28672 ----a-w- c:\users\RJ\AppData\Roaming\Skype\dontlookthatway\griffin.db
2012-02-28 12:16 . 2012-04-09 14:29 40960 ----a-w- c:\users\RJ\AppData\Roaming\Skype\dontlookthatway\keyval.db
2012-02-28 12:16 . 2012-02-28 12:16 1544 ----a-w- c:\users\RJ\AppData\Roaming\Skype\temp-OkkZ1t0B6KMXrCUzdAfu8QHO
2012-02-28 12:16 . 2012-04-09 14:54 1036288 ----a-w- c:\users\RJ\AppData\Roaming\Skype\dontlookthatway\main.db
2012-02-28 12:16 . 2012-02-28 12:16 0 ----a-w- c:\users\RJ\AppData\Roaming\Skype\dontlookthatway\config.lck
2012-02-28 12:15 . 2012-02-28 12:15 36864 ----a-w- c:\users\RJ\AppData\Roaming\Skype\shared_httpfe\queue.db
2012-02-28 12:15 . 2012-04-09 14:54 57996 ----a-w- c:\users\RJ\AppData\Roaming\Skype\shared.xml
2012-02-28 12:15 . 2012-04-09 14:29 1466368 ----a-w- c:\users\RJ\AppData\Roaming\Skype\shared_dynco\dc.db
2012-02-28 12:15 . 2012-02-28 12:15 0 ----a-w- c:\users\RJ\AppData\Roaming\Skype\shared.lck
.
---- Directory of c:\users\Sina\AppData\Roaming\Skype ----
.
2012-05-08 22:46 . 2012-05-09 01:10 4998 ----a-w- c:\users\Sina\AppData\Roaming\Skype\sina.kniseley\chatsync\8f\8fd4b131e8e569c0.dat
2012-05-08 22:45 . 2012-05-09 01:10 21032 ----a-w- c:\users\Sina\AppData\Roaming\Skype\sina.kniseley\dc.db-journal
2012-05-08 22:45 . 2012-05-09 01:10 45056 ----a-w- c:\users\Sina\AppData\Roaming\Skype\sina.kniseley\dc.db
2012-05-08 22:45 . 2012-05-08 22:54 33344 ----a-w- c:\users\Sina\AppData\Roaming\Skype\sina.kniseley\bistats.db-journal
2012-05-08 22:45 . 2012-05-08 22:54 61440 ----a-w- c:\users\Sina\AppData\Roaming\Skype\sina.kniseley\bistats.db
2012-05-08 22:45 . 2012-05-08 22:45 12824 ----a-w- c:\users\Sina\AppData\Roaming\Skype\sina.kniseley\griffin.db-journal
2012-05-08 22:45 . 2012-05-08 22:45 28672 ----a-w- c:\users\Sina\AppData\Roaming\Skype\sina.kniseley\griffin.db
2012-05-08 22:45 . 2012-05-08 22:45 0 ----a-w- c:\users\Sina\AppData\Roaming\Skype\sina.kniseley\griffin.lock
2012-05-08 22:45 . 2012-05-08 22:45 12824 ----a-w- c:\users\Sina\AppData\Roaming\Skype\sina.kniseley\keyval.db-journal
2012-05-08 22:45 . 2012-05-08 22:45 40960 ----a-w- c:\users\Sina\AppData\Roaming\Skype\sina.kniseley\keyval.db
2012-05-08 22:45 . 2012-05-08 22:45 0 ----a-w- c:\users\Sina\AppData\Roaming\Skype\sina.kniseley\keyval.lock
2012-05-08 22:45 . 2012-05-08 22:45 7168 ----a-w- c:\users\Sina\AppData\Roaming\Skype\temp-Mfec0Bono7OYDQDTsCJq1glX
2012-05-08 22:45 . 2012-05-08 22:46 1544 ----a-w- c:\users\Sina\AppData\Roaming\Skype\temp-AfICSUkBH2nor2BLF2IND6Ni
2012-05-08 22:45 . 2012-05-09 01:10 131840 ----a-w- c:\users\Sina\AppData\Roaming\Skype\sina.kniseley\main.db-journal
2012-05-08 22:45 . 2012-05-09 01:10 331776 ----a-w- c:\users\Sina\AppData\Roaming\Skype\sina.kniseley\main.db
2012-05-08 22:45 . 2012-05-08 22:45 0 ----a-w- c:\users\Sina\AppData\Roaming\Skype\sina.kniseley\main.lock
2012-05-08 22:45 . 2012-05-09 01:10 5675 ----a-w- c:\users\Sina\AppData\Roaming\Skype\sina.kniseley\config.xml
2012-05-08 22:45 . 2012-05-08 22:45 0 ----a-w- c:\users\Sina\AppData\Roaming\Skype\sina.kniseley\config.lck
2012-05-08 22:39 . 2012-05-08 22:39 36864 ----a-w- c:\users\Sina\AppData\Roaming\Skype\shared_httpfe\queue.db
2012-05-08 22:39 . 2012-05-08 22:39 12824 ----a-w- c:\users\Sina\AppData\Roaming\Skype\shared_httpfe\queue.db-journal
2012-05-08 22:39 . 2012-05-08 22:39 0 ----a-w- c:\users\Sina\AppData\Roaming\Skype\shared_httpfe\queue.lock
2012-05-08 22:39 . 2012-05-09 01:10 56079 ----a-w- c:\users\Sina\AppData\Roaming\Skype\shared.xml
2012-05-08 22:39 . 2012-05-08 22:46 1490944 ----a-w- c:\users\Sina\AppData\Roaming\Skype\shared_dynco\dc.db
2012-05-08 22:39 . 2012-05-08 22:46 718712 ----a-w- c:\users\Sina\AppData\Roaming\Skype\shared_dynco\dc.db-journal
2012-05-08 22:39 . 2012-05-08 22:39 0 ----a-w- c:\users\Sina\AppData\Roaming\Skype\shared_dynco\dc.lock
2012-05-08 22:39 . 2012-05-08 22:39 0 ----a-w- c:\users\Sina\AppData\Roaming\Skype\shared.lck
.
---- Directory of c:\users\Will\AppData\Roaming\Skype ----
.
2012-05-08 22:36 . 2012-05-08 22:36 0 ----a-w- c:\users\Will\AppData\Roaming\Skype\shared_httpfe\queue.lock
2012-05-08 22:36 . 2012-05-08 22:36 4616 ----a-w- c:\users\Will\AppData\Roaming\Skype\shared_dynco\dc.db-journal
2012-05-08 22:36 . 2012-05-08 22:36 0 ----a-w- c:\users\Will\AppData\Roaming\Skype\shared_dynco\dc.lock
2012-05-01 19:18 . 2012-05-01 19:18 1949 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\65\654d28708aa7d6fb.dat
2012-05-01 19:18 . 2012-05-01 19:18 3069 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\0e\0e54bde8163f0a53.dat
2012-05-01 19:18 . 2012-05-01 19:18 7376 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\06\06dccdddb29a2d1c.dat
2012-05-01 19:18 . 2012-05-01 19:18 3401 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\b0\b05b697ec2bb3e41.dat
2012-05-01 19:18 . 2012-05-01 19:18 6872 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\59\59e6741b55f8de52.dat
2012-05-01 19:18 . 2012-05-01 19:18 3084 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\dd\dd2efbc4e714c39f.dat
2012-05-01 19:18 . 2012-05-01 19:18 2159 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\1d\1dfdae4953fd0338.dat
2012-05-01 19:18 . 2012-05-01 19:18 2291 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\4b\4b48fa3ab4c1b5ed.dat
2012-05-01 19:18 . 2012-05-01 19:18 7026 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\48\48902be77447894e.dat
2012-05-01 19:18 . 2012-05-01 19:18 4148 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\8a\8a31966004b58cab.dat
2012-05-01 19:18 . 2012-05-01 19:18 6240 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\3e\3e431f868b110469.dat
2012-05-01 19:18 . 2012-05-01 19:18 8553 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\69\69b7be03f315a7da.dat
2012-05-01 19:18 . 2012-05-01 19:18 7647 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\ad\ad53da0ca85e1307.dat
2012-05-01 19:18 . 2012-05-01 19:18 2736 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\8d\8d2edf71c4541100.dat
2012-05-01 19:18 . 2012-05-01 19:18 6612 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\cb\cb71c979655ddb28.dat
2012-05-01 19:18 . 2012-05-01 19:19 4612 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\97\97a69cf61db68799.dat
2012-05-01 19:18 . 2012-05-01 19:19 2815 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\d7\d7ff6672165a5b05.dat
2012-05-01 19:17 . 2012-05-01 19:17 2963 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\f4\f4d4f43f4600db06.dat
2012-05-01 19:17 . 2012-05-01 19:17 2910 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\91\9100cb8d452bf18c.dat
2012-04-21 18:46 . 2012-05-01 19:18 2449 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\f7\f75bfa8177fd0850.dat
2012-04-21 17:30 . 2012-04-21 17:30 15885 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\5a\5a2dc33da20097fc.dat
2012-04-19 21:39 . 2012-04-19 21:48 3889 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\b9\b93cead9e3db2208.dat
2012-04-19 21:38 . 2012-04-19 21:44 3409 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\94\94e35b25e074e784.dat
2012-04-19 21:32 . 2012-04-19 21:39 7669 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\c9\c9444bd0d14f27db.dat
2012-04-19 21:31 . 2012-04-19 21:31 8121 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\e0\e05e8503be288ada.dat
2012-04-19 21:31 . 2012-05-01 19:19 228670 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\33\330aa9725c47aa05.dat
2012-04-19 21:31 . 2012-05-01 19:18 21580 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\d6\d6cf85f8074762a3.dat
2012-04-17 19:23 . 2012-05-01 19:18 4816 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\86\8644a8f09550d97b.dat
2012-04-17 19:17 . 2012-05-01 19:18 41127 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\4c\4ca96e2da2cd7eac.dat
2012-04-17 19:17 . 2012-05-01 19:18 19942 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\5f\5f3fc08e4e1c6191.dat
2012-04-17 19:16 . 2012-04-17 19:16 2885 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\d0\d050156f1e6ed0f6.dat
2012-04-17 19:12 . 2012-04-17 19:16 2837 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\7c\7c76a3b7a590905e.dat
2012-04-14 16:24 . 2012-04-14 16:26 3358 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\19\19b23a92eb795fa5.dat
2012-04-14 16:24 . 2012-04-14 16:26 3972 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\04\04e63c5407e6f66f.dat
2012-04-14 16:23 . 2012-04-17 19:17 4002 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\fc\fc0cab6c794fc9e7.dat
2012-04-14 16:22 . 2012-04-14 16:26 3176 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\01\01c6efb27c48c945.dat
2012-04-14 16:21 . 2012-04-14 16:21 1955 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\07\07db4e6eb27346f1.dat
2012-04-14 16:20 . 2012-05-01 19:18 8242 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\e3\e3cf0db0623e113b.dat
2012-04-14 16:20 . 2012-04-17 19:17 7277 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\91\9148a307ffd7bcee.dat
2012-04-14 16:20 . 2012-04-19 21:31 50835 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\4d\4dc47b7b52dea332.dat
2012-04-14 16:20 . 2012-04-14 16:26 4575 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\62\62964bf4a1c8a48f.dat
2012-04-14 16:20 . 2012-05-01 19:18 10403 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\17\1762201f2621d666.dat
2012-04-14 16:20 . 2012-05-01 19:18 30178 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\96\96e5adb813246963.dat
2012-04-14 16:20 . 2012-05-01 19:18 134019 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\17\1794a998789e74c3.dat
2012-04-14 16:20 . 2012-05-01 19:18 23063 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\a2\a2bd5955b0e82e74.dat
2012-04-14 16:20 . 2012-05-01 19:18 36239 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\65\65967eddf0b1a21c.dat
2012-04-14 16:20 . 2012-04-17 19:17 8296 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\d9\d998f7bf331d6c86.dat
2012-04-14 16:20 . 2012-05-01 19:18 22632 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\f7\f76c16d812985703.dat
2012-04-14 16:20 . 2012-05-01 19:18 14509 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\8d\8da38f0cd2ff9c07.dat
2012-04-14 16:20 . 2012-05-01 19:18 9912 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\d0\d09b3fb4f263a74f.dat
2012-04-14 16:20 . 2012-04-14 16:24 2998 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\ab\ab0225815648df50.dat
2012-03-29 19:28 . 2012-04-19 21:31 1789 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\da\dae92cc82b3954b3.dat
2012-03-29 19:27 . 2012-03-29 19:35 4556 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\b3\b3f1ee7640599f19.dat
2012-03-29 19:16 . 2012-04-19 21:31 14846 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\8a\8a9521f3ed7a2b8a.dat
2012-03-29 19:15 . 2012-04-19 21:31 12201 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\8d\8d609cae98998e31.dat
2012-03-29 19:15 . 2012-03-29 19:19 3537 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\bb\bb371682986b3b55.dat
2012-03-29 19:15 . 2012-03-29 19:32 2796 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\41\416aa30fcd96f516.dat
2012-03-29 19:15 . 2012-03-29 19:43 2980 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\03\0345f07e8d60e141.dat
2012-03-29 19:15 . 2012-05-01 19:18 85118 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\18\18655f1b4fc07552.dat
2012-03-29 19:15 . 2012-04-19 21:31 3303 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\d3\d39fb13a7dd448ed.dat
2012-03-29 19:15 . 2012-03-29 19:43 3648 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\08\08d9762f00baf4b6.dat
2012-03-29 19:15 . 2012-03-29 19:17 11911 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\0f\0f27838830884673.dat
2012-03-29 19:15 . 2012-03-29 19:19 3081 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\fa\fadc6cfd51a628bc.dat
2012-03-29 19:15 . 2012-04-19 21:31 8048 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\e6\e61cbc1efda83b61.dat
2012-03-29 19:15 . 2012-04-19 21:31 8136 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\c3\c3a716f265c44d85.dat
2012-03-29 19:15 . 2012-03-29 19:43 6518 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\ea\eab289bf1adb4686.dat
2012-03-18 21:57 . 2012-03-18 21:57 1544 ----a-w- c:\users\Will\AppData\Roaming\Skype\temp-bjMJfFl0Ulz3b8JXiWN5S2ZS
2012-03-18 21:34 . 2012-04-14 16:20 8739 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\06\061e2cf664fc5799.dat
2012-03-18 21:34 . 2012-04-14 16:21 14616 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\66\664dfdb38ef0b64a.dat
2012-03-18 21:34 . 2012-03-18 21:34 4677 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\52\5216e2fcaee1cfb7.dat
2012-03-18 21:34 . 2012-04-14 16:20 11274 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\92\92e405b94066c868.dat
2012-03-18 21:34 . 2012-04-14 16:20 13544 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\88\88efe01f56269666.dat
2012-03-18 21:34 . 2012-04-19 21:31 6733 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\03\03dc6db8ab362963.dat
2012-03-18 21:34 . 2012-03-18 21:34 3181 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\ba\ba5627ec89f6b867.dat
2012-03-18 21:34 . 2012-03-18 21:34 4060 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\b8\b8012b05e66516e4.dat
2012-03-18 21:34 . 2012-03-18 21:51 4388 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\24\24dbba8df85b9c8c.dat
2012-03-18 21:34 . 2012-03-18 21:34 1972 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\26\2609164b08d35942.dat
2012-03-18 21:33 . 2012-03-18 21:57 7168 ----a-w- c:\users\Will\AppData\Roaming\Skype\temp-DfFFjFxmFyzA0EzMAT7YhR7f
2012-03-18 21:33 . 2012-03-18 21:34 1544 ----a-w- c:\users\Will\AppData\Roaming\Skype\temp-dv4XrocQyvvuLlDSBLEAtFju
2012-03-10 21:39 . 2012-03-10 21:39 4632 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\cd\cd67020342ddfbda.dat
2012-03-10 21:37 . 2012-03-10 21:39 13787 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\a1\a18d85138b3dfb2a.dat
2012-03-10 21:37 . 2012-03-10 21:37 2944 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\d2\d27def5c36b7ad97.dat
2012-03-10 21:37 . 2012-03-10 21:37 1544 ----a-w- c:\users\Will\AppData\Roaming\Skype\temp-vd90DT9D09J4Qb1wqLwKHx5X
2012-03-10 13:23 . 2012-03-18 21:34 11524 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\ea\eab8acef1c4e4676.dat
2012-03-10 13:23 . 2012-03-10 21:37 14701 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\1e\1e565331461b93c0.dat
2012-03-10 13:23 . 2012-04-14 16:20 5939 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\d5\d55668cce10a1cc7.dat
2012-03-10 13:23 . 2012-03-18 21:34 5473 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\23\23c4478200243055.dat
2012-03-10 13:23 . 2012-03-10 21:38 3031 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\79\79b8900ff6b79616.dat
2012-03-10 13:23 . 2012-03-18 21:34 5977 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\ae\ae98751ca3fc8a57.dat
2012-03-07 21:17 . 2012-03-07 21:17 1921 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\f6\f6b5f6f424f3fb8f.dat
2012-03-07 21:17 . 2012-03-29 19:15 9087 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\7f\7fa1e3ba5dd0c56d.dat
2012-03-07 21:17 . 2012-03-29 19:15 11806 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\77\77a5af67ff7b9ace.dat
2012-03-07 21:15 . 2012-03-07 21:16 2668 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\d8\d8ca1c93654170aa.dat
2012-03-07 21:15 . 2012-03-07 21:15 2001 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\1b\1bfbf0be3b98a281.dat
2012-03-07 21:15 . 2012-03-07 21:15 1947 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\7c\7c36134c10a1f147.dat
2012-03-07 21:14 . 2012-03-18 21:34 9825 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\0f\0fca17c1d9b85a90.dat
2012-03-07 21:13 . 2012-03-10 21:37 6468 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\2a\2a3657c9aaaad2b8.dat
2012-03-07 21:13 . 2012-03-10 21:38 24483 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\c7\c75f3dbabe39876d.dat
2012-03-07 21:13 . 2012-03-07 21:13 1544 ----a-w- c:\users\Will\AppData\Roaming\Skype\temp-Q2S5EDeijykhsLEeK2mJX4cD
2012-03-05 20:24 . 2012-03-10 21:37 9951 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\e6\e6ec0f8fbfe59396.dat
2012-03-05 20:23 . 2012-03-07 21:17 9127 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\38\38f30d7e21ad7241.dat
2012-03-05 20:23 . 2012-03-07 21:17 9720 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\a2\a2c5881bf0604252.dat
2012-03-05 20:23 . 2012-03-05 20:34 5068 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\5b\5b9fbfc4f724979f.dat
2012-03-05 20:23 . 2012-03-29 19:15 12227 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\f6\f6fb8738b77428e3.dat
2012-03-05 20:23 . 2012-03-05 20:23 8316 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\80\804fa0abd938ad22.dat
2012-03-05 20:23 . 2012-03-05 21:17 1544 ----a-w- c:\users\Will\AppData\Roaming\Skype\temp-RUI6yuSBlzCT342CmyoQlAkt
2012-03-04 00:44 . 2012-03-10 21:38 11046 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\92\929fcc2c0e0cada7.dat
2012-03-04 00:43 . 2012-03-04 00:43 5539 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\95\95ee0338791494e3.dat
2012-03-04 00:29 . 2012-03-04 01:01 4011 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\e1\e1fc1e3175c58ac0.dat
2012-03-04 00:03 . 2012-03-05 20:23 3583 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\7f\7fd5c3065296b5e9.dat
2012-03-04 00:03 . 2012-03-04 00:22 3807 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\21\212f13835c30d35a.dat
2012-03-04 00:03 . 2012-03-04 00:22 3433 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\46\46d360f188051880.dat
2012-03-04 00:03 . 2012-03-04 00:43 3918 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\53\534ebe42d6cfc215.dat
2012-03-04 00:03 . 2012-03-04 00:43 2861 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\d7\d72c80d63ebb1af9.dat
2012-03-04 00:03 . 2012-03-29 19:15 5041 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\3c\3cd5fc2acea64f9d.dat
2012-03-04 00:03 . 2012-03-29 19:15 5016 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\94\942a07f888d9eca3.dat
2012-03-04 00:03 . 2012-03-05 20:23 35844 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\8d\8d238802a313f2d5.dat
2012-03-04 00:03 . 2012-03-27 18:51 4781 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\9e\9e718e8f895a0e96.dat
2012-03-04 00:03 . 2012-03-04 00:04 3533 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\d2\d2dc4a68e28c48d3.dat
2012-03-04 00:03 . 2012-03-04 00:04 3934 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\78\789ee85d6fae319c.dat
2012-03-04 00:03 . 2012-03-04 01:46 24664 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\ef\ef3abdd6dacd4bf9.dat
2012-03-04 00:03 . 2012-03-04 00:32 1544 ----a-w- c:\users\Will\AppData\Roaming\Skype\temp-hOobOMIQGRkH5LtTt18Xjkl5
2012-02-28 22:25 . 2012-02-28 22:25 2338 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\8b\8b1cf093112b94aa.dat
2012-02-28 22:25 . 2012-02-28 22:25 2352 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\24\24aa4318d42cf443.dat
2012-02-28 22:25 . 2012-02-28 22:25 289848 ----a-w- c:\users\Will\AppData\Roaming\Skype\Pictures\Picture of me 7.png
2012-02-28 22:15 . 2012-02-28 22:23 5858 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\46\4672cf95e8173db4.dat
2012-02-28 22:15 . 2012-02-28 22:15 3464 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\93\93665baa7cc4ad1d.dat
2012-02-28 22:15 . 2012-02-28 22:15 1931 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\2b\2bc60be57daf9b44.dat
2012-02-27 21:37 . 2012-02-27 21:37 3458 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\72\72cd587d39fb423c.dat
2012-02-27 21:36 . 2012-02-27 21:37 3460 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\03\0369e8cf719391d6.dat
2012-02-27 21:36 . 2012-02-28 22:15 5903 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\22\22698125b2dda584.dat
2012-02-27 21:36 . 2012-02-27 21:39 1544 ----a-w- c:\users\Will\AppData\Roaming\Skype\temp-UldgVHgOHlDzywh27nUkOu2g
2012-02-26 16:46 . 2012-02-26 16:47 3854 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\40\4073f6bf2fbd6786.dat
2012-02-26 16:42 . 2012-02-26 16:42 3375 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\8f\8f51462ec3df5db1.dat
2012-02-26 16:42 . 2012-03-05 20:23 10493 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\8b\8b84d2d520100df4.dat
2012-02-26 16:42 . 2012-02-26 17:00 12946 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\cd\cd5aaa68f7a428d3.dat
2012-02-26 16:42 . 2012-02-26 17:00 7168 ----a-w- c:\users\Will\AppData\Roaming\Skype\temp-FVVhWNwFDqUynrUVFF6POYek
2012-02-26 16:42 . 2012-02-26 16:42 1544 ----a-w- c:\users\Will\AppData\Roaming\Skype\temp-Xwa9iLgPH0PvPuzDIkfc3y2y
2012-02-25 15:56 . 2012-03-18 21:34 14450 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\5f\5fad139cf9c922d7.dat
2012-02-25 15:56 . 2012-03-18 21:34 12393 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\84\84da4ac1ba4e5990.dat
2012-02-25 15:56 . 2012-02-25 15:58 4363 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\66\6682bd63a26444ba.dat
2012-02-25 15:56 . 2012-03-18 21:34 6839 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\6f\6fa31765aa8154c4.dat
2012-02-25 15:56 . 2012-03-18 21:34 5091 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\3b\3bf69d75ceb76314.dat
2012-02-25 15:56 . 2012-02-26 16:42 5864 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\a7\a702fd880867a873.dat
2012-02-25 15:56 . 2012-02-25 15:56 2718 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\1a\1a17ec2e9c0a9bb1.dat
2012-02-20 22:17 . 2012-02-20 22:18 2762 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\f6\f683c4da68560b0d.dat
2012-02-20 22:17 . 2012-02-20 22:17 3421 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\db\db5d6acbaf987fc2.dat
2012-02-16 01:41 . 2012-02-26 16:42 5378 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\02\0269e9aca13dc127.dat
2012-02-16 01:41 . 2012-02-16 01:41 3844 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\0c\0c44130be45b8902.dat
2012-02-16 01:41 . 2012-02-16 01:41 3025 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\f3\f36ad590236c189b.dat
2012-02-09 20:27 . 2012-02-09 20:27 195794 ----a-w- c:\users\Will\AppData\Roaming\Skype\Pictures\Picture of me 6.png
2012-02-09 20:26 . 2012-02-09 20:26 2003 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\c6\c67447f1eada9b80.dat
2012-02-09 20:26 . 2012-02-16 01:41 8532 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\f2\f293bf3e41452b01.dat
2012-02-09 20:26 . 2012-03-04 00:03 8770 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\e3\e38b12db4f3f3812.dat
2012-02-09 20:26 . 2012-03-04 00:03 5608 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\73\73483f84e045565f.dat
2012-02-09 20:26 . 2012-03-04 00:03 7021 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\7e\7ecc8309b6506af8.dat
2012-02-09 20:26 . 2012-02-20 22:17 7158 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\12\12fc9bfa55481ead.dat
2012-02-08 20:34 . 2012-02-08 20:34 192452 ----a-w- c:\users\Will\AppData\Roaming\Skype\Pictures\Picture of me 5.png
2012-02-08 20:32 . 2012-02-08 20:32 1544 ----a-w- c:\users\Will\AppData\Roaming\Skype\temp-DsNsktC1dewTYGgFsy02Crid
2012-02-07 21:03 . 2012-02-08 20:32 3810 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\99\99a77542a3ec5515.dat
2012-02-07 21:02 . 2012-02-07 21:02 223745 ----a-w- c:\users\Will\AppData\Roaming\Skype\Pictures\Picture of me 4.png
2012-02-07 21:02 . 2012-02-07 21:02 162638 ----a-w- c:\users\Will\AppData\Roaming\Skype\Pictures\Picture of me 3.png
2012-02-07 21:01 . 2012-03-04 00:35 6315 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\fd\fd948b0caf188807.dat
2012-02-07 21:01 . 2012-02-07 21:01 8433 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\91\91e11845ee097924.dat
2012-02-07 21:01 . 2012-02-27 21:37 11331 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\50\50759a98143a29c3.dat
2012-02-07 21:01 . 2012-02-20 22:17 9472 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\84\84a77fcd278336cc.dat
2012-02-07 21:01 . 2012-02-07 21:01 3345 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\2e\2ef12922ce73f875.dat
2012-02-04 14:01 . 2012-02-04 14:01 2799 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\5b\5b618f5808ff3183.dat
2012-02-04 14:00 . 2012-02-25 15:56 6387 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\d0\d035e27d130bf43c.dat
2012-02-04 14:00 . 2012-02-04 14:00 2735 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\e5\e557be72aa7c1305.dat
2012-02-04 14:00 . 2012-02-04 14:00 1544 ----a-w- c:\users\Will\AppData\Roaming\Skype\temp-Y1z7mWWeT0sciOq2zQb1aMTk
2012-02-04 00:51 . 2012-05-01 19:19 12 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\httpfe\cookies.dat
2012-02-04 00:19 . 2012-02-20 22:17 29739 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\d6\d6708d2cf10772a7.dat
2012-02-04 00:19 . 2012-02-04 00:27 2870 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\1c\1c5c6564221f33bf.dat
2012-02-04 00:18 . 2012-02-04 00:18 310051 ----a-w- c:\users\Will\AppData\Roaming\Skype\Pictures\Picture of me 2.png
2012-02-04 00:17 . 2012-02-04 00:17 303968 ----a-w- c:\users\Will\AppData\Roaming\Skype\Pictures\Picture of me 1.png
2012-02-04 00:16 . 2012-02-25 15:56 5883 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\05\056ca74869b43933.dat
2012-02-04 00:16 . 2012-03-04 00:03 27204 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\89\8997707c0bb31337.dat
2012-02-04 00:16 . 2012-02-27 21:36 12979 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\9d\9dd21046f168f829.dat
2012-02-04 00:16 . 2012-03-04 00:34 6477 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\49\49be45ae91acdb31.dat
2012-02-04 00:16 . 2012-03-04 00:34 6842 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\49\49f4678b38ecaf82.dat
2012-02-04 00:16 . 2012-02-25 15:56 12412 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\17\178d89743ebb580f.dat
2012-02-04 00:16 . 2012-02-09 20:26 12693 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\db\dba53922c4684875.dat
2012-02-04 00:16 . 2012-05-01 19:17 45056 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\dc.db
2012-02-04 00:16 . 2012-02-25 15:57 2344 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\chatsync\30\3017db358625d7d4.dat
2012-02-04 00:16 . 2012-05-01 19:19 7955 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\config.xml
2012-02-04 00:16 . 2012-05-01 19:19 61440 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\bistats.db
2012-02-04 00:16 . 2012-02-04 00:16 28672 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\griffin.db
2012-02-04 00:16 . 2012-05-01 19:18 49152 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\keyval.db
2012-02-04 00:16 . 2012-02-04 00:16 1544 ----a-w- c:\users\Will\AppData\Roaming\Skype\temp-5XULfgfnM6DinefHHKvRdW5H
2012-02-04 00:16 . 2012-05-01 19:19 3543040 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\main.db
2012-02-04 00:16 . 2012-02-04 00:16 0 ----a-w- c:\users\Will\AppData\Roaming\Skype\dontlookthatway\config.lck
2012-02-04 00:15 . 2012-02-04 00:15 36864 ----a-w- c:\users\Will\AppData\Roaming\Skype\shared_httpfe\queue.db
2012-02-04 00:15 . 2012-05-08 22:36 59005 ----a-w- c:\users\Will\AppData\Roaming\Skype\shared.xml
2012-02-04 00:15 . 2012-05-08 22:36 1486848 ----a-w- c:\users\Will\AppData\Roaming\Skype\shared_dynco\dc.db
2012-02-04 00:15 . 2012-02-04 00:15 0 ----a-w- c:\users\Will\AppData\Roaming\Skype\shared.lck
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-06-04 292208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-24 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-24 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-24 170520]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2012-03-01 21:32 13672 ----a-w- c:\program files\Citrix\GoToAssist\822\g2awinlogon.dll
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-01-31 158856]
R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [2009-05-28 134144]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 132480]
R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [2009-07-05 38400]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-07 1343400]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1307000.009\SYMDS.SYS [2012-03-29 340088]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1307000.009\SYMEFA.SYS [2012-03-29 905336]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\BASHDefs\20120402.001\BHDrvx86.sys [2012-04-04 821880]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1307000.009\ccSetx86.sys [2011-11-29 132744]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\IPSDefs\20120202.002\IDSVix86.sys [2012-03-29 368248]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1307000.009\Ironx86.SYS [2012-03-29 149624]
S1 SYMNETS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NIS\1307000.009\SYMNETS.SYS [2012-03-29 318584]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-06-08 13336]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe [2012-03-27 138232]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2009-07-02 47104]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2009-07-01 49152]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 147392]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-23 167936]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 579944]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 194408]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 20480]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 11567808
*NewlyCreated* - BHDRVX86
*NewlyCreated* - CCSET_NIS
*NewlyCreated* - EECTRL
*NewlyCreated* - IDSVIX86
*NewlyCreated* - NAVENG
*NewlyCreated* - NAVEX15
*NewlyCreated* - SRTSP
*NewlyCreated* - SRTSPX
*NewlyCreated* - SYMDS
*NewlyCreated* - SYMEFA
*NewlyCreated* - SYMIRON
*NewlyCreated* - SYMNETS
*Deregistered* - 11567808
*Deregistered* - EraserUtilDrv11122
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dell.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\laptop\AppData\Roaming\Mozilla\Firefox\Profiles\bthx9005.default\
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-Wdf01000.sys
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Norton Internet Security\Engine\19.7.0.9\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-09 22:25:57
ComboFix-quarantined-files.txt 2012-05-10 02:25
ComboFix2.txt 2012-05-10 01:37
.
Pre-Run: 124,271,308,800 bytes free
Post-Run: 124,238,839,808 bytes free
.
- - End Of File - - 41F5A455FFECA51537245076A5093313

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,276 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:15 PM

Posted 10 May 2012 - 07:12 PM

Hi,

Please run the following:

(you may need to show hidden files and folders)

submit a file to virustotal for analysis
  • Use the browse button on that page to navigate to the location of the file to be scanned.
  • In the right hand panel,
  • click on the file c:\users\Erica\AppData\Roaming\Skype\Skype\ezbdzgg.dll
  • then click the open button.
  • The file will now be displayed in the submit box.
  • Scroll down a bit and click "send file", wait for the results
  • If you get a message saying File has already been analyzed: click Reanalyze file now
  • Once scanned, copy and paste the link to the results page in your next reply.


to show hidden files and folders:

  • Close all programs so that you are at your desktop.
  • Open the Control Panel switch to classic view, then click Folder Options.
  • After the new window appears select the View tab.
  • Put a checkmark in the checkbox labeled Display the contents of system folders.
  • Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
  • Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
  • Remove the checkmark from the checkbox labeled Hide protected operating system files.
  • Press the Apply button and then the OK button and exit My Computer.
  • Now your computer is configured to show all hidden files.

The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif
Microsoft MVP - 2010, 2011, 2012, 2013

#15 fiery

fiery
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 10 May 2012 - 08:14 PM

Well, I'd like to do that, but I can't. I unhid the files, clicked open, it disappeared and Norton popped up with a message that it had detected a Trojan horse and removed it. Here's the Norton message:

Full Path: c:\users\erica\appdata\roaming\skype\skype\ezbdzgg.dll
Threat: Trojan Horse
____________________________
____________________________
On computers as of Not Available
Last Used 5/10/2012 at 9:10:11 PM
Startup Item No
Launched No
____________________________
____________________________
Unknown
Number of users in the Norton Community that have used this file: Unknown
____________________________
Unknown
This file release is currently not known.
____________________________
High
This file risk is high.
____________________________
Threat Details
Threat type: Virus. Programs that infect other programs, files, or areas of a computer by inserting themselves or attaching themselves to that medium.
____________________________

____________________________
File Actions
File: c:\users\erica\appdata\roaming\skype\skype\ezbdzgg.dll
Removed
____________________________
File Thumbprint - SHA:
ac949b0a645d0dd7fce282b6467fce10418cdedcaeb8337f23b437150069b826
____________________________
File Thumbprint - MD5:
c8e9674ef26b677ea8d4a9bea7bd8480
____________________________




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users