Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected w/ rootkit?


  • This topic is locked This topic is locked
13 replies to this topic

#1 JudgeGoodwin

JudgeGoodwin

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 12 February 2012 - 09:29 PM

Here is a link to the original thread. Broni (patiently) walked me through to this point.

My link


Toshiba laptop running 64 bit Windows 7 HP. AV is NIS 2012. Symptoms and attributes of the infection are: Changes in registry, services, user acct control, security settings, scan exclusions, and default programs. Unusual activity in several programs, especially Windows Live sending out my personal files and pictures. I don't use Live and it even reinstalled itself after I deleted the program (Not 'sent to recycle bin' deleted,.....control panel 'remove programs' deleted). A lot of activity with remote desktop/registry as well. Access denied to a lot of insignificant folders, i.e. recycle bin, public documents, media...

Actions taken to date:

MalwareBytes
MBSA
SuperAntiSpyware
Security Check
HiJack This
ListParts64 by Farbar
MiniToolbox
aswMBR
Fport
CD emulation disabled with DeFogger
...some crying
...moderate cursing.

Here is the DDS log: (Not sure if it matters, but the 3M section at the end of the log is dated 11-17-11. I wiped/reinstalled on 1/27/12.)
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by JD at 19:21:06 on 2012-02-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2663.1586 [GMT -6:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\windows\system32\dllhost.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\locator.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\MalwareBAM\mbamservice.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\MalwareBAM\mbamgui.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\WUDFHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
mWinlogon: Userinit=userinit.exe
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\MalwareBAM\mbamgui.exe" /starttray
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{1A6EBE70-C785-45CD-95A6-2DA013947CA4} : DhcpNameServer = 192.168.1.254
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\MalwareBAM\mbamgui.exe" /starttray
Hosts: 74.208.10.249 gs.apple.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\JD\AppData\Roaming\Mozilla\Firefox\Profiles\xdbj7fhc.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\windows\system32\DRIVERS\amd_sata.sys --> C:\windows\system32\DRIVERS\amd_sata.sys [?]
R0 amd_xata;amd_xata;C:\windows\system32\DRIVERS\amd_xata.sys --> C:\windows\system32\DRIVERS\amd_xata.sys [?]
R0 SymDS;Symantec Data Store;C:\windows\system32\drivers\NISx64\1305000.091\SYMDS64.SYS --> C:\windows\system32\drivers\NISx64\1305000.091\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\system32\drivers\NISx64\1305000.091\SYMEFA64.SYS --> C:\windows\system32\drivers\NISx64\1305000.091\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120207.003\BHDrvx64.sys [2012-2-8 1157240]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\windows\system32\drivers\NISx64\1305000.091\ccSetx64.sys --> C:\windows\system32\drivers\NISx64\1305000.091\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120210.002\IDSviA64.sys [2012-2-10 488568]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 SymIRON;Symantec Iron Driver;C:\windows\system32\drivers\NISx64\1305000.091\Ironx64.SYS --> C:\windows\system32\drivers\NISx64\1305000.091\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\system32\Drivers\NISx64\1305000.091\SYMNETS.SYS --> C:\windows\system32\Drivers\NISx64\1305000.091\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 Dokan;Dokan;\??\C:\windows\system32\drivers\dokan.sys --> C:\windows\system32\drivers\dokan.sys [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\MalwareBAM\mbamservice.exe [2012-2-12 652360]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccsvchst.exe [2012-2-2 138248]
R3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atikmdag.sys --> C:\windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-4 138360]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\system32\DRIVERS\ETD.sys --> C:\windows\system32\DRIVERS\ETD.sys [?]
R3 FwLnk;FwLnk Driver;C:\windows\system32\DRIVERS\FwLnk.sys --> C:\windows\system32\DRIVERS\FwLnk.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys --> C:\windows\system32\DRIVERS\rtl8192Ce.sys [?]
R3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
S3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]
S4 DokanMounter;DokanMounter;C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [2010-7-5 11776]
S4 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2012-1-26 51576]
S4 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
.
=============== Created Last 30 ================
.
2012-02-12 21:55:13 23152 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-02-12 21:55:13 -------- d-----w- C:\Program Files (x86)\MalwareBAM
2012-02-12 09:23:32 -------- d-----w- C:\Users\JD\AppData\Roaming\SUPERAntiSpyware.com
2012-02-12 09:22:22 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-02-12 09:22:22 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-02-12 05:07:08 388096 ----a-r- C:\Users\JD\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-12 05:07:07 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-02-10 02:26:40 -------- d-----w- C:\Program Files (x86)\HP
2012-02-10 02:25:33 -------- d-----w- C:\Program Files\HP
2012-02-10 02:24:39 -------- d-----w- C:\Users\JD\AppData\Local\HP
2012-02-07 05:47:54 -------- d-----w- C:\Program Files (x86)\stinger
2012-02-06 13:10:40 -------- d-----w- C:\Users\JD\AppData\Local\Microsoft_Corporation
2012-02-06 08:10:38 -------- d-----w- C:\Users\JD\SecurityScans
2012-02-06 08:09:20 -------- d-----w- C:\Program Files\MBSA 2
2012-02-05 07:13:11 43640 ----a-r- C:\windows\System32\drivers\SymIMV.sys
2012-02-05 00:48:48 -------- d-----w- C:\windows\pss
2012-02-04 08:08:31 -------- d-----w- C:\Program Files (x86)\Common Files\L&H
2012-02-03 22:21:06 -------- d-----w- C:\Program Files (x86)\Microsoft ActiveSync
2012-02-03 06:57:51 -------- d-----w- C:\Users\JD\AppData\Roaming\Malwarebytes
2012-02-03 06:57:42 -------- d-----w- C:\ProgramData\Malwarebytes
2012-02-03 05:52:41 738936 ----a-w- C:\windows\System32\drivers\NISx64\1305000.091\srtsp64.sys
2012-02-03 05:52:41 451192 ----a-r- C:\windows\System32\drivers\NISx64\1305000.091\symds64.sys
2012-02-03 05:52:41 405624 ----a-w- C:\windows\System32\drivers\NISx64\1305000.091\symnets.sys
2012-02-03 05:52:41 37496 ----a-w- C:\windows\System32\drivers\NISx64\1305000.091\srtspx64.sys
2012-02-03 05:52:41 190072 ----a-w- C:\windows\System32\drivers\NISx64\1305000.091\ironx64.sys
2012-02-03 05:52:41 1092728 ----a-w- C:\windows\System32\drivers\NISx64\1305000.091\symefa64.sys
2012-02-03 05:52:40 167048 ----a-w- C:\windows\System32\drivers\NISx64\1305000.091\ccsetx64.sys
2012-02-03 05:52:10 -------- d-----w- C:\windows\System32\drivers\NISx64\1305000.091
2012-02-03 05:10:28 175736 ----a-w- C:\windows\System32\drivers\SYMEVENT64x86.SYS
2012-02-03 05:10:28 -------- d-----w- C:\Program Files\Symantec
2012-02-03 05:10:28 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2012-02-03 05:09:38 -------- d-----w- C:\windows\System32\drivers\NISx64
2012-02-03 05:09:35 -------- d-----w- C:\Program Files (x86)\Norton Internet Security
2012-02-03 05:09:03 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2012-02-01 18:43:49 -------- d-----w- C:\193fddf87a7d97eb4248
2012-02-01 18:31:15 -------- d-----w- C:\Users\JD\.shsh2
2012-02-01 12:01:44 -------- d-----w- C:\Users\JD\.shsh
2012-02-01 07:43:52 -------- d-----w- C:\Users\JD\AppData\Roaming\redsn0w
2012-02-01 07:23:44 18944 ----a-r- C:\Users\JD\AppData\Roaming\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A16301.exe
2012-02-01 07:22:31 -------- d-----w- C:\Program Files (x86)\Free Offers from Freeze.com
2012-02-01 06:50:43 -------- d-----w- C:\ProgramData\Conexant
2012-02-01 06:50:40 -------- d-----w- C:\Users\JD\AppData\Local\Conexant
2012-02-01 06:29:24 -------- d-----w- C:\Users\JD\AppData\Local\NPE
2012-01-31 07:20:19 -------- d-----w- C:\Users\JD\AppData\Local\CrashDumps
2012-01-31 03:44:45 -------- d-----w- C:\Users\JD\AppData\Local\Macroplant_LLC
2012-01-31 03:40:46 -------- d-----w- C:\Program Files (x86)\Dokan
2012-01-31 03:40:03 -------- d-----w- C:\Program Files (x86)\Phone Disk
2012-01-31 03:35:04 -------- d-----w- C:\Users\JD\AppData\Local\Macroplant
2012-01-31 03:33:56 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-01-31 03:33:56 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-01-31 03:33:56 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-01-31 03:33:56 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-01-31 03:33:56 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-01-31 03:33:56 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-01-31 03:33:56 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-01-31 02:52:47 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-31 01:56:50 -------- d-----w- C:\Program Files (x86)\iExplorer
2012-01-30 06:34:45 -------- d-----w- C:\8a5a96a04c289b63700637
2012-01-29 06:42:14 -------- d-----w- C:\Users\JD\AppData\Local\Adobe
2012-01-29 06:23:55 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2012-01-29 06:09:22 -------- d-----w- C:\Users\JD\AppData\Roaming\Tific
2012-01-29 06:09:09 -------- d-----w- C:\Users\JD\AppData\Local\Symantec
2012-01-28 22:46:34 -------- d-----w- C:\Users\JD\AppData\Local\TOSHIBA_Corporation
2012-01-28 20:38:07 158056 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin
2012-01-27 19:53:16 -------- d-----w- C:\Users\JD\AppData\Local\ElevatedDiagnostics
2012-01-27 19:08:36 -------- d-----w- C:\windows\SysWow64\Wat
2012-01-27 19:08:36 -------- d-----w- C:\windows\System32\Wat
2012-01-27 12:33:02 -------- d-----w- C:\Users\JD\AppData\Roaming\Mael
2012-01-27 12:19:46 -------- d-----w- C:\Program Files (x86)\HxD
2012-01-27 10:47:47 367616 ----a-w- C:\windows\System32\atmfd.dll
2012-01-27 10:46:56 6144 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2012-01-27 10:45:42 1731920 ----a-w- C:\windows\System32\ntdll.dll
2012-01-27 10:45:42 1292080 ----a-w- C:\windows\SysWow64\ntdll.dll
2012-01-27 10:45:40 3912576 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-01-27 10:45:39 5561216 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-01-27 10:45:38 3967872 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-01-27 10:41:55 77312 ----a-w- C:\windows\System32\packager.dll
2012-01-27 10:41:55 67072 ----a-w- C:\windows\SysWow64\packager.dll
2012-01-27 09:23:46 -------- d-----w- C:\Users\JD\AppData\Roaming\MobileSyncBrowser
2012-01-27 09:03:20 -------- d-----w- C:\Program Files (x86)\MobileSyncBrowser
2012-01-27 07:10:33 -------- d-----w- C:\Users\JD\AppData\Local\Apple Computer
2012-01-27 07:10:14 34152 ----a-w- C:\windows\System32\drivers\GEARAspiWDM.sys
2012-01-27 07:10:14 126312 ----a-w- C:\windows\System32\GEARAspi64.dll
2012-01-27 07:10:14 107368 ----a-w- C:\windows\SysWow64\GEARAspi.dll
2012-01-27 07:09:27 -------- d-----w- C:\Program Files\iPod
2012-01-27 07:09:26 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-01-27 07:09:26 -------- d-----w- C:\Program Files\iTunes
2012-01-27 07:09:26 -------- d-----w- C:\Program Files (x86)\iTunes
2012-01-27 07:07:30 -------- d-----w- C:\Users\JD\AppData\Local\Apple
2012-01-27 07:06:27 -------- d-----w- C:\Program Files\Bonjour
2012-01-27 07:06:27 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-01-27 05:08:06 27784 ----a-w- C:\windows\System32\drivers\tdcmdpst.sys
2012-01-27 05:06:23 -------- d-----w- C:\Program Files (x86)\Toshiba Online Backup
2012-01-27 05:05:23 138656 ----a-w- C:\windows\System32\TODDSrv.exe
2012-01-27 05:05:07 -------- d-----w- C:\Program Files (x86)\TOSHIBA Corporation
2012-01-27 05:02:44 -------- d-----w- C:\Users\JD\AppData\Local\Diagnostics
2012-01-27 04:59:20 -------- d-----w- C:\ProgramData\WildTangent
2012-01-27 04:59:20 -------- d-----w- C:\Program Files (x86)\TOSHIBA Games
2012-01-27 04:55:35 -------- d--h--w- C:\windows\msdownld.tmp
2012-01-27 04:54:13 -------- d-----w- C:\ProgramData\Norton
2012-01-27 04:53:14 -------- d-----w- C:\ProgramData\NortonInstaller
2012-01-27 04:47:46 24576 ----a-w- C:\windows\SysWow64\TSCI.dll
2012-01-27 04:47:46 24576 ----a-w- C:\windows\SysWow64\THCI.dll
2012-01-27 04:44:22 38096 ----a-w- C:\windows\System32\drivers\PGEffect.sys
2012-01-27 04:41:02 9728 ----a-w- C:\windows\SysWow64\TCMSVR.dll
2012-01-27 04:41:02 152848 ----a-w- C:\windows\SysWow64\Comdlg32.ocx
2012-01-27 04:41:02 1351392 ----a-w- C:\windows\SysWow64\COMCTL32.OCX
2012-01-27 04:41:02 1081616 ----a-w- C:\windows\SysWow64\mscomctl.ocx
2012-01-27 04:41:01 9216 ----a-w- C:\windows\System32\drivers\FwLnk.sys
2012-01-27 04:41:00 729088 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2012-01-27 04:41:00 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2012-01-27 04:41:00 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2012-01-27 04:41:00 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2012-01-27 04:41:00 192512 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2012-01-27 04:39:59 469264 ----a-w- C:\windows\System32\d3dx10.dll
2012-01-27 04:35:16 -------- d-----w- C:\Users\JD\AppData\Local\Google
2012-01-27 04:35:13 626792 ----a-w- C:\windows\System32\drivers\rtl819xp.sys
2012-01-27 04:35:13 450048 ----a-w- C:\windows\System32\drivers\rtl8187B.sys
2012-01-27 04:35:13 442368 ----a-w- C:\windows\System32\drivers\rtl8187Se.sys
2012-01-27 04:35:13 1221224 ----a-w- C:\windows\System32\drivers\rtl8192se.sys
2012-01-27 04:35:13 1109096 ----a-w- C:\windows\System32\drivers\rtl8192ce.sys
2012-01-27 04:35:11 451072 ----a-w- C:\windows\SysWow64\ISSRemoveSP.exe
2012-01-27 04:35:11 -------- d-----w- C:\Program Files (x86)\Realtek WLAN Driver
2012-01-27 04:34:17 -------- d-----w- C:\Program Files\Elantech
2012-01-27 04:33:18 -------- d-----w- C:\windows\SysWow64\sda
2012-01-27 04:33:06 243712 ----a-w- C:\windows\System32\drivers\RtsUStor.sys
2012-01-27 04:33:05 9112168 ----a-w- C:\windows\SysWow64\RtsUStoricon.dll
2012-01-27 04:33:05 422504 ----a-w- C:\windows\System32\RtsUStor.dll
2012-01-27 04:33:05 -------- d-----w- C:\Program Files (x86)\Realtek
2012-01-27 04:33:02 -------- d-----w- C:\Users\JD\AppData\Local\Toshiba
2012-01-27 04:33:00 -------- d-----w- C:\Users\JD\AppData\Local\ATI
2012-01-27 04:32:02 -------- d-----w- C:\Users\JD\AppData\Local\VirtualStore
2012-01-27 04:31:27 13 --sh--r- C:\windows\System32\drivers\fbd.sys
2012-01-27 04:30:42 -------- d-----w- C:\Users\JD\AppData\Roaming\WinBatch
2012-01-27 04:30:21 -------- d-----w- C:\Program Files\CONEXANT
2012-01-27 04:28:35 0 ----a-w- C:\windows\ativpsrm.bin
2012-01-27 04:27:25 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2012-01-27 04:27:25 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2012-01-27 04:22:48 -------- d-----w- C:\Program Files\ATI
2012-01-27 04:22:40 75904 ----a-w- C:\windows\System32\drivers\amd_sata.sys
2012-01-27 04:22:40 38016 ----a-w- C:\windows\System32\drivers\amd_xata.sys
.
==================== Find3M ====================
.
2011-11-24 04:52:09 3145216 ----a-w- C:\windows\System32\win32k.sys
2011-11-17 06:49:14 95600 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2011-11-17 06:49:14 152432 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2011-11-17 06:44:43 459232 ----a-w- C:\windows\System32\drivers\cng.sys
2011-11-17 06:35:28 395776 ----a-w- C:\windows\System32\webio.dll
2011-11-17 06:35:26 29184 ----a-w- C:\windows\System32\sspisrv.dll
2011-11-17 06:35:26 136192 ----a-w- C:\windows\System32\sspicli.dll
2011-11-17 06:35:25 340992 ----a-w- C:\windows\System32\schannel.dll
2011-11-17 06:35:25 28160 ----a-w- C:\windows\System32\secur32.dll
2011-11-17 06:35:19 1447936 ----a-w- C:\windows\System32\lsasrv.dll
2011-11-17 06:33:55 31232 ----a-w- C:\windows\System32\lsass.exe
2011-11-17 05:35:02 314880 ----a-w- C:\windows\SysWow64\webio.dll
2011-11-17 05:34:52 224768 ----a-w- C:\windows\SysWow64\schannel.dll
2011-11-17 05:34:52 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2011-11-17 05:28:48 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
.
============= FINISH: 19:22:40.71 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 JudgeGoodwin

JudgeGoodwin
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 12 February 2012 - 10:25 PM

It was suggested that I post aswMBR and ListParts logs in addition to the DDR/Attach scan results.

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-12 16:28:29
-----------------------------
16:28:29.056 OS Version: Windows x64 6.1.7601 Service Pack 1
16:28:29.056 Number of processors: 2 586 0x100
16:28:29.056 ComputerName: LAPTOP UserName: JD
16:28:31.427 Initialize success
16:32:25.379 AVAST engine defs: 12021201
16:33:03.474 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:33:03.490 Disk 0 Vendor: TOSHIBA_MK3265GSXN GH101M Size: 305245MB BusType: 3
16:33:03.505 Disk 0 MBR read successfully
16:33:03.521 Disk 0 MBR scan
16:33:03.583 Disk 0 Windows VISTA default MBR code
16:33:03.599 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
16:33:03.630 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 292137 MB offset 3074048
16:33:03.677 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 11607 MB offset 601370624
16:33:03.708 Service scanning
16:33:06.438 Modules scanning
16:33:06.454 Disk 0 trace - called modules:
16:33:06.516 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
16:33:06.532 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002eb4430]
16:33:06.563 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80029f5060]
16:33:07.905 AVAST engine scan C:\windows
16:33:10.307 AVAST engine scan C:\windows\system32
16:38:23.041 AVAST engine scan C:\windows\system32\drivers
16:38:45.333 AVAST engine scan C:\Users\JD
16:39:19.903 Disk 0 MBR has been saved successfully to "C:\Users\JD\Downloads\MBR.dat"
16:39:19.934 The log file has been saved successfully to "C:\Users\JD\Downloads\aswMBR.txt"


aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-12 16:28:29
-----------------------------
16:28:29.056 OS Version: Windows x64 6.1.7601 Service Pack 1
16:28:29.056 Number of processors: 2 586 0x100
16:28:29.056 ComputerName: LAPTOP UserName: JD
16:28:31.427 Initialize success
16:32:25.379 AVAST engine defs: 12021201
16:33:03.474 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:33:03.490 Disk 0 Vendor: TOSHIBA_MK3265GSXN GH101M Size: 305245MB BusType: 3
16:33:03.505 Disk 0 MBR read successfully
16:33:03.521 Disk 0 MBR scan
16:33:03.583 Disk 0 Windows VISTA default MBR code
16:33:03.599 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
16:33:03.630 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 292137 MB offset 3074048
16:33:03.677 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 11607 MB offset 601370624
16:33:03.708 Service scanning
16:33:06.438 Modules scanning
16:33:06.454 Disk 0 trace - called modules:
16:33:06.516 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
16:33:06.532 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002eb4430]
16:33:06.563 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80029f5060]
16:33:07.905 AVAST engine scan C:\windows
16:33:10.307 AVAST engine scan C:\windows\system32
16:38:23.041 AVAST engine scan C:\windows\system32\drivers
16:38:45.333 AVAST engine scan C:\Users\JD
16:39:19.903 Disk 0 MBR has been saved successfully to "C:\Users\JD\Downloads\MBR.dat"
16:39:19.934 The log file has been saved successfully to "C:\Users\JD\Downloads\aswMBR.txt"
16:49:40.883 AVAST engine scan C:\ProgramData
16:50:45.639 Scan finished successfully
16:51:04.187 Disk 0 MBR has been saved successfully to "C:\Users\JD\Downloads\MBR.dat"
16:51:04.218 The log file has been saved successfully to "C:\Users\JD\Downloads\aswMBR.txt"



_____________________________________________________________________________________________________________



ListParts by Farbar
Ran by JD on 12-02-2012 at 18:41:36
Windows 7 (X64)
Running From: C:\Users\JD\Desktop
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 42%
Total physical RAM: 2662.87 MB
Available physical RAM: 1540.07 MB
Total Pagefile: 5323.93 MB
Available Pagefile: 3806.39 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (TI106147W0C) (Fixed) (Total:285.29 GB) (Free:241.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 1500 MB 1024 KB
Partition 2 Primary 285 GB 1501 MB
Partition 3 Primary 11 GB 286 GB

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 System NTFS Partition 1500 MB Healthy Hidden

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C TI106147W0C NTFS Partition 285 GB Healthy Boot

Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No

There is no volume associated with this partition.



****** End Of Log ******

#3 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:09:37 AM

Posted 17 February 2012 - 01:37 PM

Hello JudgeGoodwin and welcome to BC.

Sorry about the delay, do you still need help?

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#4 JudgeGoodwin

JudgeGoodwin
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 18 February 2012 - 05:26 PM

Yes. I was just waiting patiently. What's next?

#5 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:09:37 AM

Posted 19 February 2012 - 07:53 AM

Hi JudgeGoodwin and thank you for your patience.


:step1: Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  • Extract the zip file to its own folder.
  • Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  • Click Start scan to start scanning.
  • If infection is detected, the default setting for "action" is Cure (Please click on it and change it to skip).
  • Click on Report to generate a log.
  • Please post that log when you reply.



:step2: Download OTL by OldTimer from one of the links below:

Link 1
Link 2

  • Save it to your desktop.
  • Close all open windows on the Task Bar.
  • Double click the OTL icon to run the program (run as Administrator for Windows Vista/7).
  • Put a check mark on Scan All Users.
  • Click the Run Scan button and let it run uninterrupted.
  • It will create two reports namely OTL.txt (will be opened) and Extras.txt (will be minimized).
  • Post the contents of both reports when you reply.
  • Exit OTL.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#6 JudgeGoodwin

JudgeGoodwin
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 19 February 2012 - 07:20 PM

Thanks Semp. Look forward to hearing back. Judge



16:55:47.0586 1564 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
16:55:49.0627 1564 ============================================================
16:55:49.0627 1564 Current date / time: 2012/02/19 16:55:49.0627
16:55:49.0627 1564 SystemInfo:
16:55:49.0627 1564
16:55:49.0627 1564 OS Version: 6.1.7601 ServicePack: 1.0
16:55:49.0627 1564 Product type: Workstation
16:55:49.0628 1564 ComputerName: LAPTOP
16:55:49.0628 1564 UserName: JD
16:55:49.0628 1564 Windows directory: C:\windows
16:55:49.0628 1564 System windows directory: C:\windows
16:55:49.0628 1564 Running under WOW64
16:55:49.0628 1564 Processor architecture: Intel x64
16:55:49.0628 1564 Number of processors: 2
16:55:49.0629 1564 Page size: 0x1000
16:55:49.0629 1564 Boot type: Normal boot
16:55:49.0629 1564 ============================================================
16:55:52.0951 1564 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:55:52.0967 1564 \Device\Harddisk0\DR0:
16:55:52.0979 1564 MBR used
16:55:52.0979 1564 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x23A94800
16:55:53.0067 1564 Initialize success
16:55:53.0067 1564 ============================================================
16:56:37.0005 1960 ============================================================
16:56:37.0005 1960 Scan started
16:56:37.0005 1960 Mode: Manual;
16:56:37.0005 1960 ============================================================
16:56:38.0308 1960 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
16:56:38.0317 1960 1394ohci - ok
16:56:38.0364 1960 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
16:56:38.0375 1960 ACPI - ok
16:56:38.0510 1960 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
16:56:38.0514 1960 AcpiPmi - ok
16:56:38.0704 1960 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
16:56:38.0717 1960 adp94xx - ok
16:56:38.0788 1960 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
16:56:38.0799 1960 adpahci - ok
16:56:38.0902 1960 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
16:56:38.0910 1960 adpu320 - ok
16:56:39.0042 1960 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
16:56:39.0055 1960 AFD - ok
16:56:39.0170 1960 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
16:56:39.0185 1960 agp440 - ok
16:56:39.0292 1960 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
16:56:39.0305 1960 aliide - ok
16:56:39.0332 1960 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
16:56:39.0338 1960 amdide - ok
16:56:39.0391 1960 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
16:56:39.0395 1960 AmdK8 - ok
16:56:39.0741 1960 amdkmdag (7a1ac757f3a2a3126a806b7319cab21b) C:\windows\system32\DRIVERS\atikmdag.sys
16:56:39.0978 1960 amdkmdag - ok
16:56:40.0088 1960 amdkmdap (eef6f806eedfd1c746071f1fd684870e) C:\windows\system32\DRIVERS\atikmpag.sys
16:56:40.0097 1960 amdkmdap - ok
16:56:40.0213 1960 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
16:56:40.0216 1960 AmdPPM - ok
16:56:40.0272 1960 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
16:56:40.0279 1960 amdsata - ok
16:56:40.0304 1960 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
16:56:40.0313 1960 amdsbs - ok
16:56:40.0394 1960 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
16:56:40.0399 1960 amdxata - ok
16:56:40.0461 1960 amd_sata (caee7c1afc9f1c9ee8dd11acd18d22e7) C:\windows\system32\DRIVERS\amd_sata.sys
16:56:40.0466 1960 amd_sata - ok
16:56:40.0552 1960 amd_xata (23726116b4fbcc84fc45b95157c08f5f) C:\windows\system32\DRIVERS\amd_xata.sys
16:56:40.0557 1960 amd_xata - ok
16:56:40.0627 1960 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
16:56:40.0639 1960 AppID - ok
16:56:40.0751 1960 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
16:56:40.0757 1960 arc - ok
16:56:40.0789 1960 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
16:56:40.0793 1960 arcsas - ok
16:56:40.0908 1960 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
16:56:40.0912 1960 AsyncMac - ok
16:56:40.0957 1960 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
16:56:40.0959 1960 atapi - ok
16:56:41.0129 1960 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
16:56:41.0145 1960 b06bdrv - ok
16:56:41.0269 1960 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
16:56:41.0278 1960 b57nd60a - ok
16:56:41.0350 1960 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
16:56:41.0353 1960 Beep - ok
16:56:41.0550 1960 BHDrvx64 (1d757a7e020c577c4259a755f21b7152) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120215.001\BHDrvx64.sys
16:56:41.0576 1960 BHDrvx64 - ok
16:56:41.0719 1960 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
16:56:41.0723 1960 blbdrive - ok
16:56:41.0824 1960 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
16:56:41.0829 1960 bowser - ok
16:56:41.0867 1960 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
16:56:41.0882 1960 BrFiltLo - ok
16:56:41.0956 1960 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
16:56:41.0962 1960 BrFiltUp - ok
16:56:42.0013 1960 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
16:56:42.0039 1960 Brserid - ok
16:56:42.0074 1960 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
16:56:42.0087 1960 BrSerWdm - ok
16:56:42.0173 1960 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
16:56:42.0179 1960 BrUsbMdm - ok
16:56:42.0204 1960 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
16:56:42.0215 1960 BrUsbSer - ok
16:56:42.0247 1960 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
16:56:42.0253 1960 BTHMODEM - ok
16:56:42.0427 1960 ccSet_NIS (0e1737a63aec0f6de231bb59836c0a11) C:\windows\system32\drivers\NISx64\1305000.091\ccSetx64.sys
16:56:42.0436 1960 ccSet_NIS - ok
16:56:42.0537 1960 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
16:56:42.0548 1960 cdfs - ok
16:56:42.0589 1960 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
16:56:42.0596 1960 cdrom - ok
16:56:42.0754 1960 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
16:56:42.0758 1960 circlass - ok
16:56:42.0856 1960 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
16:56:42.0883 1960 CLFS - ok
16:56:43.0035 1960 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
16:56:43.0039 1960 CmBatt - ok
16:56:43.0123 1960 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
16:56:43.0127 1960 cmdide - ok
16:56:43.0199 1960 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
16:56:43.0226 1960 CNG - ok
16:56:43.0387 1960 CnxtHdAudService (99b1b888b793de320c5479b3c953781f) C:\windows\system32\drivers\CHDRT64.sys
16:56:43.0420 1960 CnxtHdAudService - ok
16:56:43.0504 1960 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
16:56:43.0508 1960 Compbatt - ok
16:56:43.0547 1960 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
16:56:43.0551 1960 CompositeBus - ok
16:56:43.0647 1960 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
16:56:43.0651 1960 crcdisk - ok
16:56:43.0840 1960 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
16:56:43.0845 1960 DfsC - ok
16:56:43.0929 1960 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
16:56:43.0933 1960 discache - ok
16:56:44.0010 1960 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
16:56:44.0018 1960 Disk - ok
16:56:44.0158 1960 Dokan (1c92ce85ed00554bdd118923e751a162) C:\windows\system32\drivers\dokan.sys
16:56:44.0165 1960 Dokan - ok
16:56:44.0267 1960 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
16:56:44.0270 1960 drmkaud - ok
16:56:44.0403 1960 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
16:56:44.0425 1960 DXGKrnl - ok
16:56:44.0569 1960 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
16:56:44.0673 1960 ebdrv - ok
16:56:44.0801 1960 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
16:56:44.0814 1960 eeCtrl - ok
16:56:44.0973 1960 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
16:56:44.0999 1960 elxstor - ok
16:56:45.0111 1960 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
16:56:45.0127 1960 EraserUtilRebootDrv - ok
16:56:45.0222 1960 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
16:56:45.0226 1960 ErrDev - ok
16:56:45.0303 1960 ETD (5d82d501d2fee413b1f45f0302b5802c) C:\windows\system32\DRIVERS\ETD.sys
16:56:45.0310 1960 ETD - ok
16:56:45.0449 1960 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
16:56:45.0456 1960 exfat - ok
16:56:45.0527 1960 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
16:56:45.0536 1960 fastfat - ok
16:56:45.0589 1960 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
16:56:45.0594 1960 fdc - ok
16:56:45.0679 1960 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
16:56:45.0683 1960 FileInfo - ok
16:56:45.0720 1960 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
16:56:45.0726 1960 Filetrace - ok
16:56:45.0797 1960 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
16:56:45.0808 1960 flpydisk - ok
16:56:45.0856 1960 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
16:56:45.0865 1960 FltMgr - ok
16:56:45.0965 1960 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
16:56:45.0970 1960 FsDepends - ok
16:56:45.0997 1960 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
16:56:46.0001 1960 Fs_Rec - ok
16:56:46.0103 1960 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
16:56:46.0110 1960 fvevol - ok
16:56:46.0194 1960 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\windows\system32\DRIVERS\FwLnk.sys
16:56:46.0199 1960 FwLnk - ok
16:56:46.0253 1960 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
16:56:46.0273 1960 gagp30kx - ok
16:56:46.0357 1960 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
16:56:46.0361 1960 GEARAspiWDM - ok
16:56:46.0406 1960 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
16:56:46.0410 1960 hcw85cir - ok
16:56:46.0550 1960 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
16:56:46.0581 1960 HdAudAddService - ok
16:56:46.0697 1960 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
16:56:46.0701 1960 HDAudBus - ok
16:56:46.0728 1960 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
16:56:46.0732 1960 HidBatt - ok
16:56:46.0766 1960 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
16:56:46.0771 1960 HidBth - ok
16:56:46.0846 1960 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
16:56:46.0850 1960 HidIr - ok
16:56:46.0909 1960 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
16:56:46.0929 1960 HidUsb - ok
16:56:47.0049 1960 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
16:56:47.0054 1960 HpSAMD - ok
16:56:47.0100 1960 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
16:56:47.0117 1960 HTTP - ok
16:56:47.0203 1960 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
16:56:47.0206 1960 hwpolicy - ok
16:56:47.0255 1960 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
16:56:47.0260 1960 i8042prt - ok
16:56:47.0367 1960 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
16:56:47.0379 1960 iaStorV - ok
16:56:47.0564 1960 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120217.003\IDSvia64.sys
16:56:47.0577 1960 IDSVia64 - ok
16:56:47.0682 1960 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
16:56:47.0688 1960 iirsp - ok
16:56:47.0773 1960 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
16:56:47.0796 1960 intelide - ok
16:56:47.0851 1960 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\drivers\intelppm.sys
16:56:47.0855 1960 intelppm - ok
16:56:47.0879 1960 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
16:56:47.0884 1960 IpFilterDriver - ok
16:56:47.0968 1960 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
16:56:47.0974 1960 IPMIDRV - ok
16:56:48.0011 1960 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
16:56:48.0017 1960 IPNAT - ok
16:56:48.0139 1960 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
16:56:48.0143 1960 IRENUM - ok
16:56:48.0167 1960 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
16:56:48.0175 1960 isapnp - ok
16:56:48.0272 1960 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\DRIVERS\msiscsi.sys
16:56:48.0282 1960 iScsiPrt - ok
16:56:48.0401 1960 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
16:56:48.0405 1960 kbdclass - ok
16:56:48.0519 1960 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\DRIVERS\kbdhid.sys
16:56:48.0523 1960 kbdhid - ok
16:56:48.0642 1960 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
16:56:48.0650 1960 KSecDD - ok
16:56:48.0753 1960 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
16:56:48.0759 1960 KSecPkg - ok
16:56:48.0869 1960 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
16:56:48.0873 1960 ksthunk - ok
16:56:49.0049 1960 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
16:56:49.0063 1960 lltdio - ok
16:56:49.0224 1960 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
16:56:49.0238 1960 LSI_FC - ok
16:56:49.0281 1960 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
16:56:49.0297 1960 LSI_SAS - ok
16:56:49.0456 1960 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
16:56:49.0460 1960 LSI_SAS2 - ok
16:56:49.0570 1960 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
16:56:49.0577 1960 LSI_SCSI - ok
16:56:49.0689 1960 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
16:56:49.0692 1960 luafv - ok
16:56:49.0876 1960 mbamchameleon (51914228d4b9610fba24f249c0fdd871) C:\windows\system32\drivers\mbamchameleon.sys
16:56:49.0880 1960 mbamchameleon - ok
16:56:50.0008 1960 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\windows\system32\drivers\mbam.sys
16:56:50.0013 1960 MBAMProtector - ok
16:56:50.0108 1960 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
16:56:50.0112 1960 megasas - ok
16:56:50.0161 1960 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
16:56:50.0172 1960 MegaSR - ok
16:56:50.0195 1960 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
16:56:50.0199 1960 Modem - ok
16:56:50.0295 1960 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
16:56:50.0297 1960 monitor - ok
16:56:50.0350 1960 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
16:56:50.0354 1960 mouclass - ok
16:56:50.0450 1960 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
16:56:50.0454 1960 mouhid - ok
16:56:50.0503 1960 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
16:56:50.0508 1960 mountmgr - ok
16:56:50.0547 1960 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
16:56:50.0560 1960 mpio - ok
16:56:50.0625 1960 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
16:56:50.0631 1960 mpsdrv - ok
16:56:50.0677 1960 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
16:56:50.0683 1960 MRxDAV - ok
16:56:50.0764 1960 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
16:56:50.0771 1960 mrxsmb - ok
16:56:50.0867 1960 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
16:56:50.0875 1960 mrxsmb10 - ok
16:56:51.0085 1960 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
16:56:51.0144 1960 mrxsmb20 - ok
16:56:51.0200 1960 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\DRIVERS\msahci.sys
16:56:51.0219 1960 msahci - ok
16:56:51.0426 1960 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
16:56:51.0455 1960 msdsm - ok
16:56:51.0533 1960 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
16:56:51.0536 1960 Msfs - ok
16:56:51.0669 1960 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
16:56:51.0675 1960 mshidkmdf - ok
16:56:51.0854 1960 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
16:56:51.0858 1960 msisadrv - ok
16:56:51.0982 1960 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
16:56:51.0988 1960 MSKSSRV - ok
16:56:52.0013 1960 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
16:56:52.0016 1960 MSPCLOCK - ok
16:56:52.0050 1960 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
16:56:52.0056 1960 MSPQM - ok
16:56:52.0096 1960 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
16:56:52.0106 1960 MsRPC - ok
16:56:52.0202 1960 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
16:56:52.0204 1960 mssmbios - ok
16:56:52.0268 1960 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
16:56:52.0272 1960 MSTEE - ok
16:56:52.0287 1960 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
16:56:52.0292 1960 MTConfig - ok
16:56:52.0336 1960 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
16:56:52.0340 1960 Mup - ok
16:56:52.0458 1960 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
16:56:52.0468 1960 NativeWifiP - ok
16:56:52.0733 1960 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120218.008\ENG64.SYS
16:56:52.0808 1960 NAVENG - ok
16:56:53.0070 1960 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120218.008\EX64.SYS
16:56:53.0222 1960 NAVEX15 - ok
16:56:53.0371 1960 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
16:56:53.0390 1960 NDIS - ok
16:56:53.0536 1960 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
16:56:53.0539 1960 NdisCap - ok
16:56:53.0605 1960 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
16:56:53.0609 1960 NdisTapi - ok
16:56:53.0645 1960 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
16:56:53.0650 1960 Ndisuio - ok
16:56:53.0759 1960 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
16:56:53.0766 1960 NdisWan - ok
16:56:53.0846 1960 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
16:56:53.0851 1960 NDProxy - ok
16:56:53.0885 1960 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
16:56:53.0904 1960 NetBIOS - ok
16:56:54.0005 1960 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
16:56:54.0013 1960 NetBT - ok
16:56:54.0204 1960 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
16:56:54.0208 1960 nfrd960 - ok
16:56:54.0321 1960 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
16:56:54.0337 1960 Npfs - ok
16:56:54.0381 1960 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
16:56:54.0385 1960 nsiproxy - ok
16:56:54.0525 1960 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
16:56:54.0559 1960 Ntfs - ok
16:56:54.0643 1960 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
16:56:54.0646 1960 Null - ok
16:56:54.0700 1960 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
16:56:54.0707 1960 nvraid - ok
16:56:54.0787 1960 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
16:56:54.0833 1960 nvstor - ok
16:56:54.0866 1960 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
16:56:54.0873 1960 nv_agp - ok
16:56:54.0927 1960 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
16:56:54.0936 1960 ohci1394 - ok
16:56:55.0066 1960 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
16:56:55.0072 1960 Parport - ok
16:56:55.0103 1960 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
16:56:55.0108 1960 partmgr - ok
16:56:55.0144 1960 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
16:56:55.0149 1960 pci - ok
16:56:55.0222 1960 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
16:56:55.0226 1960 pciide - ok
16:56:55.0268 1960 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
16:56:55.0277 1960 pcmcia - ok
16:56:55.0367 1960 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
16:56:55.0371 1960 pcw - ok
16:56:55.0414 1960 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
16:56:55.0430 1960 PEAUTH - ok
16:56:55.0570 1960 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys
16:56:55.0590 1960 PGEffect - ok
16:56:55.0758 1960 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
16:56:55.0765 1960 PptpMiniport - ok
16:56:55.0816 1960 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
16:56:55.0823 1960 Processor - ok
16:56:55.0936 1960 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
16:56:55.0942 1960 Psched - ok
16:56:56.0066 1960 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
16:56:56.0117 1960 ql2300 - ok
16:56:56.0254 1960 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
16:56:56.0291 1960 ql40xx - ok
16:56:56.0330 1960 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
16:56:56.0334 1960 QWAVEdrv - ok
16:56:56.0349 1960 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
16:56:56.0355 1960 RasAcd - ok
16:56:56.0459 1960 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
16:56:56.0464 1960 RasAgileVpn - ok
16:56:56.0513 1960 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
16:56:56.0518 1960 Rasl2tp - ok
16:56:56.0615 1960 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
16:56:56.0620 1960 RasPppoe - ok
16:56:56.0722 1960 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
16:56:56.0727 1960 RasSstp - ok
16:56:56.0765 1960 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
16:56:56.0774 1960 rdbss - ok
16:56:56.0860 1960 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
16:56:56.0865 1960 rdpbus - ok
16:56:56.0893 1960 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
16:56:56.0897 1960 RDPCDD - ok
16:56:56.0987 1960 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
16:56:56.0991 1960 RDPENCDD - ok
16:56:57.0014 1960 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
16:56:57.0018 1960 RDPREFMP - ok
16:56:57.0054 1960 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\windows\system32\drivers\RDPWD.sys
16:56:57.0062 1960 RDPWD - ok
16:56:57.0177 1960 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
16:56:57.0185 1960 rdyboost - ok
16:56:57.0324 1960 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
16:56:57.0329 1960 rspndr - ok
16:56:57.0390 1960 RSUSBSTOR (0e3dcf76f11dc431b088a2dfd7265cda) C:\windows\system32\Drivers\RtsUStor.sys
16:56:57.0397 1960 RSUSBSTOR - ok
16:56:57.0539 1960 RTL8192Ce (64fdf4fe366ca42da2b7d9d424b6e39b) C:\windows\system32\DRIVERS\rtl8192Ce.sys
16:56:57.0563 1960 RTL8192Ce - ok
16:56:57.0687 1960 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
16:56:57.0690 1960 SASDIFSV - ok
16:56:57.0737 1960 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
16:56:57.0753 1960 SASKUTIL - ok
16:56:57.0929 1960 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
16:56:57.0942 1960 sbp2port - ok
16:56:57.0981 1960 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
16:56:57.0987 1960 scfilter - ok
16:56:58.0077 1960 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
16:56:58.0081 1960 secdrv - ok
16:56:58.0145 1960 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
16:56:58.0149 1960 Serenum - ok
16:56:58.0214 1960 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
16:56:58.0221 1960 Serial - ok
16:56:58.0277 1960 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
16:56:58.0282 1960 sermouse - ok
16:56:58.0347 1960 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
16:56:58.0353 1960 sffdisk - ok
16:56:58.0443 1960 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
16:56:58.0464 1960 sffp_mmc - ok
16:56:58.0542 1960 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
16:56:58.0549 1960 sffp_sd - ok
16:56:58.0567 1960 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
16:56:58.0580 1960 sfloppy - ok
16:56:58.0683 1960 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
16:56:58.0689 1960 SiSRaid2 - ok
16:56:58.0726 1960 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
16:56:58.0733 1960 SiSRaid4 - ok
16:56:58.0797 1960 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
16:56:58.0804 1960 Smb - ok
16:56:58.0882 1960 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
16:56:58.0885 1960 spldr - ok
16:56:59.0042 1960 SRTSP (4d56f175f76c685a06471800a03219b2) C:\windows\System32\Drivers\NISx64\1305000.091\SRTSP64.SYS
16:56:59.0065 1960 SRTSP - ok
16:56:59.0163 1960 SRTSPX (7b02f64dc80c0ec7300af302ed5d1cb3) C:\windows\system32\drivers\NISx64\1305000.091\SRTSPX64.SYS
16:56:59.0168 1960 SRTSPX - ok
16:56:59.0279 1960 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
16:56:59.0303 1960 srv - ok
16:56:59.0426 1960 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
16:56:59.0438 1960 srv2 - ok
16:56:59.0524 1960 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
16:56:59.0541 1960 srvnet - ok
16:56:59.0693 1960 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
16:56:59.0697 1960 stexstor - ok
16:56:59.0766 1960 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
16:56:59.0770 1960 swenum - ok
16:56:59.0958 1960 SymDS (8b2430762099598da40686f754632efd) C:\windows\system32\drivers\NISx64\1305000.091\SYMDS64.SYS
16:56:59.0971 1960 SymDS - ok
16:57:00.0077 1960 SymEFA (f90c7a190399165d3ab2245048d34786) C:\windows\system32\drivers\NISx64\1305000.091\SYMEFA64.SYS
16:57:00.0101 1960 SymEFA - ok
16:57:00.0191 1960 SymEvent (898bb48c797483420df523b2bbc1ecdb) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
16:57:00.0198 1960 SymEvent - ok
16:57:00.0267 1960 SymIM (b681d1b0f9596684225dcc9b94c6bacf) C:\windows\system32\DRIVERS\SymIMv.sys
16:57:00.0272 1960 SymIM - ok
16:57:00.0358 1960 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\windows\system32\drivers\NISx64\1305000.091\Ironx64.SYS
16:57:00.0486 1960 SymIRON - ok
16:57:00.0610 1960 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\windows\System32\Drivers\NISx64\1305000.091\SYMNETS.SYS
16:57:00.0622 1960 SymNetS - ok
16:57:00.0801 1960 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys
16:57:00.0905 1960 Tcpip - ok
16:57:01.0057 1960 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys
16:57:01.0083 1960 TCPIP6 - ok
16:57:01.0182 1960 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
16:57:01.0187 1960 tcpipreg - ok
16:57:01.0292 1960 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
16:57:01.0297 1960 tdcmdpst - ok
16:57:01.0340 1960 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
16:57:01.0344 1960 TDPIPE - ok
16:57:01.0417 1960 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
16:57:01.0422 1960 TDTCP - ok
16:57:01.0455 1960 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
16:57:01.0460 1960 tdx - ok
16:57:01.0505 1960 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
16:57:01.0510 1960 TermDD - ok
16:57:01.0715 1960 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
16:57:01.0738 1960 tssecsrv - ok
16:57:01.0781 1960 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
16:57:01.0786 1960 TsUsbFlt - ok
16:57:01.0858 1960 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
16:57:01.0863 1960 TsUsbGD - ok
16:57:01.0911 1960 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
16:57:01.0917 1960 tunnel - ok
16:57:02.0030 1960 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
16:57:02.0035 1960 TVALZ - ok
16:57:02.0075 1960 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
16:57:02.0080 1960 uagp35 - ok
16:57:02.0119 1960 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
16:57:02.0140 1960 udfs - ok
16:57:02.0262 1960 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
16:57:02.0266 1960 uliagpkx - ok
16:57:02.0300 1960 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
16:57:02.0304 1960 umbus - ok
16:57:02.0321 1960 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
16:57:02.0325 1960 UmPass - ok
16:57:02.0408 1960 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\windows\system32\Drivers\usbaapl64.sys
16:57:02.0411 1960 USBAAPL64 - ok
16:57:02.0517 1960 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
16:57:02.0533 1960 usbccgp - ok
16:57:02.0579 1960 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
16:57:02.0584 1960 usbcir - ok
16:57:02.0665 1960 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
16:57:02.0671 1960 usbehci - ok
16:57:02.0784 1960 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
16:57:02.0794 1960 usbhub - ok
16:57:02.0882 1960 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\DRIVERS\usbohci.sys
16:57:02.0886 1960 usbohci - ok
16:57:02.0945 1960 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
16:57:02.0950 1960 usbprint - ok
16:57:03.0056 1960 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
16:57:03.0061 1960 usbscan - ok
16:57:03.0099 1960 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\drivers\USBSTOR.SYS
16:57:03.0171 1960 USBSTOR - ok
16:57:03.0223 1960 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
16:57:03.0231 1960 usbuhci - ok
16:57:03.0383 1960 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
16:57:03.0391 1960 usbvideo - ok
16:57:03.0498 1960 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
16:57:03.0502 1960 vdrvroot - ok
16:57:03.0622 1960 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
16:57:03.0627 1960 vga - ok
16:57:03.0659 1960 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
16:57:03.0677 1960 VgaSave - ok
16:57:03.0773 1960 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
16:57:03.0781 1960 vhdmp - ok
16:57:03.0815 1960 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
16:57:03.0819 1960 viaide - ok
16:57:03.0907 1960 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
16:57:03.0912 1960 volmgr - ok
16:57:03.0945 1960 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
16:57:03.0969 1960 volmgrx - ok
16:57:04.0067 1960 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
16:57:04.0076 1960 volsnap - ok
16:57:04.0174 1960 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
16:57:04.0181 1960 vsmraid - ok
16:57:04.0224 1960 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
16:57:04.0228 1960 vwifibus - ok
16:57:04.0331 1960 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
16:57:04.0336 1960 vwififlt - ok
16:57:04.0434 1960 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
16:57:04.0438 1960 vwifimp - ok
16:57:04.0551 1960 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
16:57:04.0556 1960 WacomPen - ok
16:57:04.0657 1960 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
16:57:04.0662 1960 WANARP - ok
16:57:04.0678 1960 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
16:57:04.0680 1960 Wanarpv6 - ok
16:57:04.0845 1960 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
16:57:04.0850 1960 Wd - ok
16:57:04.0917 1960 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
16:57:04.0933 1960 Wdf01000 - ok
16:57:05.0169 1960 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
16:57:05.0173 1960 WfpLwf - ok
16:57:05.0207 1960 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
16:57:05.0212 1960 WIMMount - ok
16:57:05.0364 1960 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
16:57:05.0367 1960 WinUsb - ok
16:57:05.0454 1960 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
16:57:05.0459 1960 WmiAcpi - ok
16:57:05.0604 1960 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
16:57:05.0609 1960 ws2ifsl - ok
16:57:05.0661 1960 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
16:57:05.0666 1960 WudfPf - ok
16:57:05.0759 1960 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
16:57:05.0765 1960 WUDFRd - ok
16:57:05.0843 1960 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
16:57:05.0928 1960 \Device\Harddisk0\DR0 - ok
16:57:05.0946 1960 Boot (0x1200) (44d2518fb974a5119acf695ed6558360) \Device\Harddisk0\DR0\Partition0
16:57:05.0948 1960 \Device\Harddisk0\DR0\Partition0 - ok
16:57:05.0950 1960 ============================================================
16:57:05.0950 1960 Scan finished
16:57:05.0950 1960 ============================================================
16:57:05.0982 3980 Detected object count: 0
16:57:05.0982 3980 Actual detected object count: 0
16:59:55.0283 2556 ============================================================
16:59:55.0283 2556 Scan started
16:59:55.0283 2556 Mode: Manual; SigCheck; TDLFS;
16:59:55.0283 2556 ============================================================
16:59:56.0137 2556 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
16:59:56.0528 2556 1394ohci - ok
16:59:56.0626 2556 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
16:59:56.0687 2556 ACPI - ok
16:59:56.0740 2556 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
16:59:56.0854 2556 AcpiPmi - ok
16:59:56.0980 2556 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
16:59:57.0031 2556 adp94xx - ok
16:59:57.0073 2556 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
16:59:57.0118 2556 adpahci - ok
16:59:57.0199 2556 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
16:59:57.0238 2556 adpu320 - ok
16:59:57.0294 2556 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
16:59:57.0396 2556 AFD - ok
16:59:57.0478 2556 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
16:59:57.0511 2556 agp440 - ok
16:59:57.0535 2556 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
16:59:57.0568 2556 aliide - ok
16:59:57.0590 2556 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
16:59:57.0620 2556 amdide - ok
16:59:57.0654 2556 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
16:59:57.0726 2556 AmdK8 - ok
16:59:58.0060 2556 amdkmdag (7a1ac757f3a2a3126a806b7319cab21b) C:\windows\system32\DRIVERS\atikmdag.sys
16:59:58.0411 2556 amdkmdag - ok
16:59:58.0508 2556 amdkmdap (eef6f806eedfd1c746071f1fd684870e) C:\windows\system32\DRIVERS\atikmpag.sys
16:59:58.0581 2556 amdkmdap - ok
16:59:58.0699 2556 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
16:59:58.0766 2556 AmdPPM - ok
16:59:58.0848 2556 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
16:59:58.0882 2556 amdsata - ok
16:59:58.0980 2556 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
16:59:59.0018 2556 amdsbs - ok
16:59:59.0058 2556 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
16:59:59.0090 2556 amdxata - ok
16:59:59.0169 2556 amd_sata (caee7c1afc9f1c9ee8dd11acd18d22e7) C:\windows\system32\DRIVERS\amd_sata.sys
16:59:59.0323 2556 amd_sata - ok
16:59:59.0405 2556 amd_xata (23726116b4fbcc84fc45b95157c08f5f) C:\windows\system32\DRIVERS\amd_xata.sys
16:59:59.0432 2556 amd_xata - ok
16:59:59.0480 2556 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
16:59:59.0739 2556 AppID - ok
16:59:59.0837 2556 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
16:59:59.0872 2556 arc - ok
16:59:59.0887 2556 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
16:59:59.0923 2556 arcsas - ok
17:00:00.0018 2556 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
17:00:00.0157 2556 AsyncMac - ok
17:00:00.0243 2556 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
17:00:00.0275 2556 atapi - ok
17:00:00.0348 2556 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
17:00:00.0463 2556 b06bdrv - ok
17:00:00.0566 2556 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
17:00:00.0641 2556 b57nd60a - ok
17:00:00.0692 2556 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
17:00:00.0872 2556 Beep - ok
17:00:01.0047 2556 BHDrvx64 (1d757a7e020c577c4259a755f21b7152) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120215.001\BHDrvx64.sys
17:00:01.0121 2556 BHDrvx64 - ok
17:00:01.0215 2556 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
17:00:01.0275 2556 blbdrive - ok
17:00:01.0377 2556 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
17:00:01.0476 2556 bowser - ok
17:00:01.0564 2556 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
17:00:01.0641 2556 BrFiltLo - ok
17:00:01.0687 2556 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
17:00:01.0734 2556 BrFiltUp - ok
17:00:01.0776 2556 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
17:00:01.0863 2556 Brserid - ok
17:00:01.0937 2556 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
17:00:02.0010 2556 BrSerWdm - ok
17:00:02.0041 2556 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
17:00:02.0110 2556 BrUsbMdm - ok
17:00:02.0220 2556 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
17:00:02.0290 2556 BrUsbSer - ok
17:00:02.0331 2556 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
17:00:02.0404 2556 BTHMODEM - ok
17:00:02.0513 2556 ccSet_NIS (0e1737a63aec0f6de231bb59836c0a11) C:\windows\system32\drivers\NISx64\1305000.091\ccSetx64.sys
17:00:02.0547 2556 ccSet_NIS - ok
17:00:02.0635 2556 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
17:00:02.0764 2556 cdfs - ok
17:00:02.0853 2556 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
17:00:02.0930 2556 cdrom - ok
17:00:03.0095 2556 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
17:00:03.0170 2556 circlass - ok
17:00:03.0309 2556 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
17:00:03.0355 2556 CLFS - ok
17:00:03.0499 2556 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
17:00:03.0564 2556 CmBatt - ok
17:00:03.0653 2556 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
17:00:03.0684 2556 cmdide - ok
17:00:03.0741 2556 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
17:00:03.0815 2556 CNG - ok
17:00:03.0978 2556 CnxtHdAudService (99b1b888b793de320c5479b3c953781f) C:\windows\system32\drivers\CHDRT64.sys
17:00:04.0069 2556 CnxtHdAudService - ok
17:00:04.0146 2556 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
17:00:04.0179 2556 Compbatt - ok
17:00:04.0222 2556 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
17:00:04.0288 2556 CompositeBus - ok
17:00:04.0389 2556 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
17:00:04.0420 2556 crcdisk - ok
17:00:04.0482 2556 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
17:00:04.0624 2556 DfsC - ok
17:00:04.0715 2556 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
17:00:04.0849 2556 discache - ok
17:00:04.0940 2556 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
17:00:04.0974 2556 Disk - ok
17:00:05.0022 2556 Dokan (1c92ce85ed00554bdd118923e751a162) C:\windows\system32\drivers\dokan.sys
17:00:05.0059 2556 Dokan - ok
17:00:05.0164 2556 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
17:00:05.0236 2556 drmkaud - ok
17:00:05.0355 2556 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
17:00:05.0426 2556 DXGKrnl - ok
17:00:05.0543 2556 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
17:00:05.0678 2556 ebdrv - ok
17:00:05.0842 2556 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
17:00:05.0888 2556 eeCtrl - ok
17:00:06.0358 2556 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
17:00:06.0411 2556 elxstor - ok
17:00:06.0474 2556 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
17:00:06.0506 2556 EraserUtilRebootDrv - ok
17:00:06.0584 2556 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
17:00:06.0658 2556 ErrDev - ok
17:00:06.0755 2556 ETD (5d82d501d2fee413b1f45f0302b5802c) C:\windows\system32\DRIVERS\ETD.sys
17:00:06.0790 2556 ETD - ok
17:00:06.0890 2556 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
17:00:07.0023 2556 exfat - ok
17:00:07.0112 2556 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
17:00:07.0246 2556 fastfat - ok
17:00:07.0356 2556 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
17:00:07.0411 2556 fdc - ok
17:00:07.0519 2556 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
17:00:07.0554 2556 FileInfo - ok
17:00:07.0628 2556 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
17:00:07.0764 2556 Filetrace - ok
17:00:07.0849 2556 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
17:00:07.0895 2556 flpydisk - ok
17:00:07.0931 2556 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
17:00:07.0974 2556 FltMgr - ok
17:00:08.0062 2556 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
17:00:08.0096 2556 FsDepends - ok
17:00:08.0127 2556 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
17:00:08.0159 2556 Fs_Rec - ok
17:00:08.0232 2556 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
17:00:08.0281 2556 fvevol - ok
17:00:08.0357 2556 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\windows\system32\DRIVERS\FwLnk.sys
17:00:08.0434 2556 FwLnk - ok
17:00:08.0538 2556 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
17:00:08.0571 2556 gagp30kx - ok
17:00:08.0620 2556 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
17:00:08.0648 2556 GEARAspiWDM - ok
17:00:08.0768 2556 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
17:00:08.0875 2556 hcw85cir - ok
17:00:08.0924 2556 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
17:00:09.0005 2556 HdAudAddService - ok
17:00:09.0104 2556 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
17:00:09.0165 2556 HDAudBus - ok
17:00:09.0213 2556 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
17:00:09.0272 2556 HidBatt - ok
17:00:09.0362 2556 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
17:00:09.0439 2556 HidBth - ok
17:00:09.0542 2556 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
17:00:09.0616 2556 HidIr - ok
17:00:09.0661 2556 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
17:00:09.0715 2556 HidUsb - ok
17:00:09.0834 2556 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
17:00:09.0869 2556 HpSAMD - ok
17:00:09.0918 2556 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
17:00:10.0064 2556 HTTP - ok
17:00:10.0155 2556 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
17:00:10.0189 2556 hwpolicy - ok
17:00:10.0229 2556 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
17:00:10.0273 2556 i8042prt - ok
17:00:10.0374 2556 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
17:00:10.0422 2556 iaStorV - ok
17:00:10.0582 2556 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120217.003\IDSvia64.sys
17:00:10.0629 2556 IDSVia64 - ok
17:00:10.0723 2556 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
17:00:10.0755 2556 iirsp - ok
17:00:10.0805 2556 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
17:00:10.0836 2556 intelide - ok
17:00:10.0914 2556 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\drivers\intelppm.sys
17:00:10.0977 2556 intelppm - ok
17:00:11.0081 2556 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
17:00:11.0192 2556 IpFilterDriver - ok
17:00:11.0287 2556 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
17:00:11.0351 2556 IPMIDRV - ok
17:00:11.0429 2556 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
17:00:11.0558 2556 IPNAT - ok
17:00:11.0602 2556 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
17:00:11.0656 2556 IRENUM - ok
17:00:11.0741 2556 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
17:00:11.0773 2556 isapnp - ok
17:00:11.0857 2556 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\DRIVERS\msiscsi.sys
17:00:11.0900 2556 iScsiPrt - ok
17:00:12.0086 2556 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
17:00:12.0120 2556 kbdclass - ok
17:00:12.0182 2556 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\DRIVERS\kbdhid.sys
17:00:12.0243 2556 kbdhid - ok
17:00:12.0327 2556 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
17:00:12.0363 2556 KSecDD - ok
17:00:12.0438 2556 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
17:00:12.0475 2556 KSecPkg - ok
17:00:12.0520 2556 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
17:00:12.0642 2556 ksthunk - ok
17:00:12.0712 2556 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
17:00:12.0845 2556 lltdio - ok
17:00:12.0965 2556 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
17:00:13.0000 2556 LSI_FC - ok
17:00:13.0077 2556 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
17:00:13.0114 2556 LSI_SAS - ok
17:00:13.0141 2556 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
17:00:13.0175 2556 LSI_SAS2 - ok
17:00:13.0255 2556 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
17:00:13.0290 2556 LSI_SCSI - ok
17:00:13.0318 2556 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
17:00:13.0448 2556 luafv - ok
17:00:13.0495 2556 mbamchameleon (51914228d4b9610fba24f249c0fdd871) C:\windows\system32\drivers\mbamchameleon.sys
17:00:13.0523 2556 mbamchameleon - ok
17:00:13.0559 2556 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\windows\system32\drivers\mbam.sys
17:00:13.0588 2556 MBAMProtector - ok
17:00:13.0682 2556 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
17:00:13.0714 2556 megasas - ok
17:00:13.0776 2556 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
17:00:13.0819 2556 MegaSR - ok
17:00:13.0866 2556 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
17:00:13.0997 2556 Modem - ok
17:00:14.0079 2556 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
17:00:14.0152 2556 monitor - ok
17:00:14.0247 2556 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
17:00:14.0279 2556 mouclass - ok
17:00:14.0314 2556 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
17:00:14.0374 2556 mouhid - ok
17:00:14.0400 2556 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
17:00:14.0436 2556 mountmgr - ok
17:00:14.0478 2556 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
17:00:14.0516 2556 mpio - ok
17:00:14.0633 2556 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
17:00:14.0771 2556 mpsdrv - ok
17:00:14.0825 2556 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
17:00:14.0909 2556 MRxDAV - ok
17:00:14.0995 2556 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
17:00:15.0099 2556 mrxsmb - ok
17:00:15.0186 2556 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
17:00:15.0233 2556 mrxsmb10 - ok
17:00:15.0327 2556 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
17:00:15.0369 2556 mrxsmb20 - ok
17:00:15.0452 2556 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\DRIVERS\msahci.sys
17:00:15.0486 2556 msahci - ok
17:00:15.0534 2556 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
17:00:15.0571 2556 msdsm - ok
17:00:15.0663 2556 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
17:00:15.0772 2556 Msfs - ok
17:00:15.0800 2556 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
17:00:15.0924 2556 mshidkmdf - ok
17:00:16.0017 2556 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
17:00:16.0048 2556 msisadrv - ok
17:00:16.0100 2556 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
17:00:16.0236 2556 MSKSSRV - ok
17:00:16.0355 2556 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
17:00:16.0480 2556 MSPCLOCK - ok
17:00:16.0578 2556 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
17:00:16.0704 2556 MSPQM - ok
17:00:16.0804 2556 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
17:00:16.0850 2556 MsRPC - ok
17:00:16.0943 2556 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
17:00:16.0976 2556 mssmbios - ok
17:00:17.0010 2556 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
17:00:17.0132 2556 MSTEE - ok
17:00:17.0199 2556 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
17:00:17.0254 2556 MTConfig - ok
17:00:17.0344 2556 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
17:00:17.0378 2556 Mup - ok
17:00:17.0422 2556 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
17:00:17.0499 2556 NativeWifiP - ok
17:00:17.0675 2556 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120218.008\ENG64.SYS
17:00:17.0705 2556 NAVENG - ok
17:00:17.0897 2556 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120218.008\EX64.SYS
17:00:18.0008 2556 NAVEX15 - ok
17:00:18.0122 2556 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
17:00:18.0194 2556 NDIS - ok
17:00:18.0277 2556 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
17:00:18.0402 2556 NdisCap - ok
17:00:18.0503 2556 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
17:00:18.0636 2556 NdisTapi - ok
17:00:18.0731 2556 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
17:00:18.0853 2556 Ndisuio - ok
17:00:18.0946 2556 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
17:00:19.0078 2556 NdisWan - ok
17:00:19.0166 2556 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
17:00:19.0273 2556 NDProxy - ok
17:00:19.0293 2556 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
17:00:19.0417 2556 NetBIOS - ok
17:00:19.0514 2556 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
17:00:19.0626 2556 NetBT - ok
17:00:19.0712 2556 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
17:00:19.0745 2556 nfrd960 - ok
17:00:19.0839 2556 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
17:00:19.0965 2556 Npfs - ok
17:00:20.0179 2556 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
17:00:20.0308 2556 nsiproxy - ok
17:00:20.0478 2556 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
17:00:20.0578 2556 Ntfs - ok
17:00:20.0685 2556 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
17:00:20.0815 2556 Null - ok
17:00:20.0853 2556 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
17:00:20.0890 2556 nvraid - ok
17:00:20.0984 2556 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
17:00:21.0022 2556 nvstor - ok
17:00:21.0119 2556 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
17:00:21.0154 2556 nv_agp - ok
17:00:21.0233 2556 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
17:00:21.0278 2556 ohci1394 - ok
17:00:21.0309 2556 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
17:00:21.0353 2556 Parport - ok
17:00:21.0389 2556 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
17:00:21.0424 2556 partmgr - ok
17:00:21.0541 2556 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
17:00:21.0580 2556 pci - ok
17:00:21.0608 2556 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
17:00:21.0640 2556 pciide - ok
17:00:21.0732 2556 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
17:00:21.0772 2556 pcmcia - ok
17:00:21.0853 2556 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
17:00:21.0887 2556 pcw - ok
17:00:21.0968 2556 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
17:00:22.0118 2556 PEAUTH - ok
17:00:22.0245 2556 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys
17:00:22.0274 2556 PGEffect - ok
17:00:22.0411 2556 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
17:00:22.0543 2556 PptpMiniport - ok
17:00:22.0634 2556 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
17:00:22.0701 2556 Processor - ok
17:00:22.0811 2556 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
17:00:22.0935 2556 Psched - ok
17:00:23.0107 2556 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
17:00:23.0202 2556 ql2300 - ok
17:00:23.0307 2556 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
17:00:23.0343 2556 ql40xx - ok
17:00:23.0427 2556 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
17:00:23.0509 2556 QWAVEdrv - ok
17:00:23.0606 2556 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
17:00:23.0732 2556 RasAcd - ok
17:00:23.0845 2556 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
17:00:23.0954 2556 RasAgileVpn - ok
17:00:24.0065 2556 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
17:00:24.0188 2556 Rasl2tp - ok
17:00:24.0235 2556 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
17:00:24.0362 2556 RasPppoe - ok
17:00:24.0453 2556 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
17:00:24.0586 2556 RasSstp - ok
17:00:24.0685 2556 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
17:00:24.0818 2556 rdbss - ok
17:00:24.0913 2556 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
17:00:24.0978 2556 rdpbus - ok
17:00:25.0079 2556 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
17:00:25.0207 2556 RDPCDD - ok
17:00:25.0307 2556 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
17:00:25.0436 2556 RDPENCDD - ok
17:00:25.0540 2556 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
17:00:25.0650 2556 RDPREFMP - ok
17:00:25.0706 2556 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\windows\system32\drivers\RDPWD.sys
17:00:25.0818 2556 RDPWD - ok
17:00:25.0930 2556 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
17:00:25.0970 2556 rdyboost - ok
17:00:26.0043 2556 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
17:00:26.0172 2556 rspndr - ok
17:00:26.0343 2556 RSUSBSTOR (0e3dcf76f11dc431b088a2dfd7265cda) C:\windows\system32\Drivers\RtsUStor.sys
17:00:26.0443 2556 RSUSBSTOR - ok
17:00:26.0591 2556 RTL8192Ce (64fdf4fe366ca42da2b7d9d424b6e39b) C:\windows\system32\DRIVERS\rtl8192Ce.sys
17:00:26.0664 2556 RTL8192Ce - ok
17:00:26.0739 2556 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
17:00:26.0767 2556 SASDIFSV - ok
17:00:26.0789 2556 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
17:00:26.0816 2556 SASKUTIL - ok
17:00:26.0904 2556 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
17:00:26.0940 2556 sbp2port - ok
17:00:27.0033 2556 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
17:00:27.0158 2556 scfilter - ok
17:00:27.0274 2556 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
17:00:27.0407 2556 secdrv - ok
17:00:27.0520 2556 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
17:00:27.0585 2556 Serenum - ok
17:00:27.0678 2556 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
17:00:27.0740 2556 Serial - ok
17:00:27.0833 2556 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
17:00:27.0891 2556 sermouse - ok
17:00:28.0011 2556 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
17:00:28.0078 2556 sffdisk - ok
17:00:28.0267 2556 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
17:00:28.0340 2556 sffp_mmc - ok
17:00:28.0394 2556 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
17:00:28.0464 2556 sffp_sd - ok
17:00:28.0481 2556 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
17:00:28.0538 2556 sfloppy - ok
17:00:28.0613 2556 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
17:00:28.0647 2556 SiSRaid2 - ok
17:00:28.0723 2556 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
17:00:28.0757 2556 SiSRaid4 - ok
17:00:28.0786 2556 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
17:00:28.0914 2556 Smb - ok
17:00:29.0034 2556 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
17:00:29.0064 2556 spldr - ok
17:00:29.0183 2556 SRTSP (4d56f175f76c685a06471800a03219b2) C:\windows\System32\Drivers\NISx64\1305000.091\SRTSP64.SYS
17:00:29.0241 2556 SRTSP - ok
17:00:29.0382 2556 SRTSPX (7b02f64dc80c0ec7300af302ed5d1cb3) C:\windows\system32\drivers\NISx64\1305000.091\SRTSPX64.SYS
17:00:29.0410 2556 SRTSPX - ok
17:00:29.0553 2556 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
17:00:29.0650 2556 srv - ok
17:00:29.0700 2556 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
17:00:29.0760 2556 srv2 - ok
17:00:29.0888 2556 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
17:00:29.0944 2556 srvnet - ok
17:00:30.0057 2556 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
17:00:30.0087 2556 stexstor - ok
17:00:30.0130 2556 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
17:00:30.0163 2556 swenum - ok
17:00:30.0333 2556 SymDS (8b2430762099598da40686f754632efd) C:\windows\system32\drivers\NISx64\1305000.091\SYMDS64.SYS
17:00:30.0381 2556 SymDS - ok
17:00:30.0707 2556 SymEFA (f90c7a190399165d3ab2245048d34786) C:\windows\system32\drivers\NISx64\1305000.091\SYMEFA64.SYS
17:00:30.0781 2556 SymEFA - ok
17:00:31.0099 2556 SymEvent (898bb48c797483420df523b2bbc1ecdb) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
17:00:31.0146 2556 SymEvent - ok
17:00:31.0198 2556 SymIM (b681d1b0f9596684225dcc9b94c6bacf) C:\windows\system32\DRIVERS\SymIMv.sys
17:00:31.0225 2556 SymIM - ok
17:00:32.0185 2556 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\windows\system32\drivers\NISx64\1305000.091\Ironx64.SYS
17:00:32.0219 2556 SymIRON - ok
17:00:32.0797 2556 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\windows\System32\Drivers\NISx64\1305000.091\SYMNETS.SYS
17:00:32.0839 2556 SymNetS - ok
17:00:33.0122 2556 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys
17:00:33.0236 2556 Tcpip - ok
17:00:33.0499 2556 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys
17:00:33.0608 2556 TCPIP6 - ok
17:00:33.0703 2556 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
17:00:33.0831 2556 tcpipreg - ok
17:00:33.0946 2556 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
17:00:33.0975 2556 tdcmdpst - ok
17:00:34.0027 2556 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
17:00:34.0149 2556 TDPIPE - ok
17:00:34.0237 2556 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
17:00:34.0380 2556 TDTCP - ok
17:00:34.0453 2556 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
17:00:34.0563 2556 tdx - ok
17:00:34.0681 2556 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
17:00:34.0714 2556 TermDD - ok
17:00:34.0824 2556 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
17:00:34.0965 2556 tssecsrv - ok
17:00:35.0000 2556 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
17:00:35.0073 2556 TsUsbFlt - ok
17:00:35.0157 2556 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
17:00:35.0224 2556 TsUsbGD - ok
17:00:35.0263 2556 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
17:00:35.0394 2556 tunnel - ok
17:00:35.0482 2556 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
17:00:35.0509 2556 TVALZ - ok
17:00:35.0594 2556 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
17:00:35.0628 2556 uagp35 - ok
17:00:35.0660 2556 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
17:00:35.0794 2556 udfs - ok
17:00:35.0903 2556 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
17:00:35.0938 2556 uliagpkx - ok
17:00:35.0975 2556 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
17:00:36.0032 2556 umbus - ok
17:00:36.0115 2556 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
17:00:36.0182 2556 UmPass - ok
17:00:36.0372 2556 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\windows\system32\Drivers\usbaapl64.sys
17:00:36.0499 2556 USBAAPL64 - ok
17:00:36.0614 2556 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
17:00:36.0669 2556 usbccgp - ok
17:00:36.0765 2556 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
17:00:36.0838 2556 usbcir - ok
17:00:36.0929 2556 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
17:00:36.0991 2556 usbehci - ok
17:00:37.0103 2556 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
17:00:37.0153 2556 usbhub - ok
17:00:37.0246 2556 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\DRIVERS\usbohci.sys
17:00:37.0303 2556 usbohci - ok
17:00:37.0397 2556 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
17:00:37.0468 2556 usbprint - ok
17:00:37.0519 2556 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
17:00:37.0589 2556 usbscan - ok
17:00:37.0685 2556 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\drivers\USBSTOR.SYS
17:00:37.0762 2556 USBSTOR - ok
17:00:37.0854 2556 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
17:00:37.0914 2556 usbuhci - ok
17:00:38.0013 2556 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
17:00:38.0067 2556 usbvideo - ok
17:00:38.0164 2556 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
17:00:38.0198 2556 vdrvroot - ok
17:00:38.0263 2556 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
17:00:38.0312 2556 vga - ok
17:00:38.0400 2556 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
17:00:38.0523 2556 VgaSave - ok
17:00:38.0615 2556 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
17:00:38.0654 2556 vhdmp - ok
17:00:38.0745 2556 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
17:00:38.0777 2556 viaide - ok
17:00:38.0803 2556 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
17:00:38.0837 2556 volmgr - ok
17:00:38.0931 2556 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
17:00:38.0978 2556 volmgrx - ok
17:00:39.0075 2556 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
17:00:39.0121 2556 volsnap - ok
17:00:39.0159 2556 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
17:00:39.0200 2556 vsmraid - ok
17:00:39.0254 2556 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
17:00:39.0321 2556 vwifibus - ok
17:00:39.0406 2556 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
17:00:39.0484 2556 vwififlt - ok
17:00:39.0576 2556 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
17:00:39.0633 2556 vwifimp - ok
17:00:39.0681 2556 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
17:00:39.0744 2556 WacomPen - ok
17:00:39.0831 2556 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
17:00:39.0955 2556 WANARP - ok
17:00:39.0967 2556 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
17:00:40.0075 2556 Wanarpv6 - ok
17:00:40.0353 2556 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
17:00:40.0384 2556 Wd - ok
17:00:40.0469 2556 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
17:00:40.0527 2556 Wdf01000 - ok
17:00:40.0632 2556 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
17:00:40.0740 2556 WfpLwf - ok
17:00:40.0793 2556 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
17:00:40.0825 2556 WIMMount - ok
17:00:40.0950 2556 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
17:00:41.0013 2556 WinUsb - ok
17:00:41.0129 2556 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
17:00:41.0171 2556 WmiAcpi - ok
17:00:41.0257 2556 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
17:00:41.0372 2556 ws2ifsl - ok
17:00:41.0501 2556 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
17:00:41.0630 2556 WudfPf - ok
17:00:41.0733 2556 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
17:00:41.0860 2556 WUDFRd - ok
17:00:41.0929 2556 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
17:00:42.0110 2556 \Device\Harddisk0\DR0 - ok
17:00:42.0143 2556 Boot (0x1200) (44d2518fb974a5119acf695ed6558360) \Device\Harddisk0\DR0\Partition0
17:00:42.0146 2556 \Device\Harddisk0\DR0\Partition0 - ok
17:00:42.0147 2556 ============================================================
17:00:42.0147 2556 Scan finished
17:00:42.0147 2556 ============================================================
17:00:42.0181 3136 Detected object count: 0
17:00:42.0181 3136 Actual detected object count: 0
17:04:23.0688 4084 Deinitialize success

#7 JudgeGoodwin

JudgeGoodwin
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 19 February 2012 - 07:23 PM

Here are the OTL logs. Should I zip these up and add as attachments, or copy/paste like I've been doing? Thanks

OTL logfile created on: 2/19/2012 5:07:31 PM - Run 1
OTL by OldTimer - Version 3.2.33.0 Folder = C:\Users\JD\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.60 Gb Total Physical Memory | 1.62 Gb Available Physical Memory | 62.13% Memory free
5.20 Gb Paging File | 3.81 Gb Available in Paging File | 73.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.29 Gb Total Space | 230.79 Gb Free Space | 80.90% Space Free | Partition Type: NTFS

Computer Name: LAPTOP | User Name: JD | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/19 17:01:48 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\JD\Desktop\OTL.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\MalwareBAM\mbamservice.exe
PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\MalwareBAM\mbamgui.exe
PRC - [2011/11/29 20:17:50 | 000,138,248 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccsvchst.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/08/11 17:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2011/02/10 14:52:04 | 000,203,776 | ---- | M] (AMD) [On_Demand | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/10/20 16:41:50 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/28 14:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/02/05 18:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\MalwareBAM\mbamservice.exe -- (MBAMService)
SRV - [2012/01/03 07:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/11/29 20:17:50 | 000,138,248 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe -- (NIS)
SRV - [2010/07/05 06:37:08 | 000,011,776 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe -- (DokanMounter)
SRV - [2010/07/01 12:59:02 | 000,051,576 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/02/16 01:27:29 | 000,029,808 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV:64bit: - [2012/02/02 23:52:56 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/11/23 20:23:47 | 001,092,728 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/11/23 20:23:20 | 000,043,640 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2011/11/23 19:50:27 | 000,738,936 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/11/23 19:50:27 | 000,037,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/11/16 21:37:59 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/11/16 21:17:49 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\ironx64.sys -- (SymIRON)
DRV:64bit: - [2011/11/04 17:59:30 | 000,167,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2011/08/02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/07/25 20:18:35 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\symds64.sys -- (SymDS)
DRV:64bit: - [2011/07/22 10:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 15:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/14 14:43:00 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/02/10 15:22:00 | 008,283,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/02/10 14:15:08 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/02/08 21:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011/01/05 03:08:58 | 001,109,096 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/11/20 21:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 21:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/11 14:58:54 | 000,137,512 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010/11/05 09:52:54 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/11/05 09:52:52 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010/10/08 13:49:08 | 000,243,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/07/05 19:29:12 | 000,106,888 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\dokan.sys -- (Dokan)
DRV:64bit: - [2009/07/30 22:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/07 11:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2012/02/14 15:48:30 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120218.008\EX64.SYS -- (NAVEX15)
DRV - [2012/02/14 15:48:30 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120218.008\ENG64.SYS -- (NAVENG)
DRV - [2012/02/05 01:11:16 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/02/04 02:16:47 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/02/02 16:11:24 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120217.003\IDSviA64.sys -- (IDSVia64)
DRV - [2012/01/21 02:27:16 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120215.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2522353724-1108262737-1939404361-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2522353724-1108262737-1939404361-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-2522353724-1108262737-1939404361-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\IPSFFPlgn\ [2012/02/14 09:43:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\coFFPlgn\ [2012/02/19 13:42:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/19 13:45:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/01/27 00:28:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JD\AppData\Roaming\Mozilla\Extensions
[2012/02/10 02:30:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JD\AppData\Roaming\Mozilla\Firefox\Profiles\xdbj7fhc.default\extensions
[2012/02/10 03:12:06 | 000,002,470 | ---- | M] () -- C:\Users\JD\AppData\Roaming\Mozilla\Firefox\Profiles\xdbj7fhc.default\searchplugins\safesearch.xml
[2012/02/14 11:12:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\JD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XDBJ7FHC.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
() (No name found) -- C:\USERS\JD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XDBJ7FHC.DEFAULT\EXTENSIONS\SQLITEMANAGER@MRINALKANT.BLOGSPOT.COM.XPI
[2012/02/19 13:45:58 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/08 11:12:58 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/08 11:12:58 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/02/02 01:35:28 | 000,000,877 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 74.208.10.249 gs.apple.com
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2522353724-1108262737-1939404361-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll File not found
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe File not found
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\MalwareBAM\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-2522353724-1108262737-1939404361-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A6EBE70-C785-45CD-95A6-2DA013947CA4}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/19 17:01:48 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\JD\Desktop\OTL.exe
[2012/02/19 16:50:43 | 000,000,000 | ---D | C] -- C:\Users\JD\Desktop\RedTSkills
[2012/02/19 16:34:47 | 000,000,000 | R--D | C] -- C:\Users\JD\Documents\Notes
[2012/02/18 20:03:38 | 000,000,000 | -HSD | C] -- C:\Users\JD\Desktop\JD
[2012/02/18 16:18:39 | 000,000,000 | -HSD | C] -- C:\Users\JD\JD
[2012/02/18 08:07:20 | 000,000,000 | -HSD | C] -- C:\windows\SysWow64\JD
[2012/02/18 04:25:47 | 000,000,000 | -HSD | C] -- C:\windows\SysNative\JD
[2012/02/16 05:45:06 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Local\Apps
[2012/02/16 00:18:08 | 000,000,000 | ---D | C] -- C:\Users\JD\Desktop\Big D
[2012/02/15 22:32:01 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msvcrt.dll
[2012/02/15 22:31:50 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2012/02/15 22:31:50 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012/02/15 22:31:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012/02/15 22:31:49 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012/02/15 22:31:49 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012/02/15 22:31:49 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012/02/15 22:31:49 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012/02/15 20:03:57 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Roaming\VOWSoft
[2012/02/15 20:03:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VOWSoft iPod Software
[2012/02/15 20:03:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VOWSoft iPod Software
[2012/02/13 18:04:06 | 000,000,000 | ---D | C] -- C:\Users\JD\Documents\New folder
[2012/02/12 15:55:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MalwareBAM
[2012/02/12 15:55:13 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/02/12 15:55:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MalwareBAM
[2012/02/12 03:23:32 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Roaming\SUPERAntiSpyware.com
[2012/02/12 03:22:27 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/02/12 03:22:22 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/02/12 03:22:22 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/02/11 23:07:08 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/02/11 23:07:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/02/10 02:07:15 | 000,000,000 | --SD | C] -- C:\Users\JD\Documents\My Data Sources
[2012/02/09 20:27:10 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2012/02/09 20:27:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2012/02/09 20:26:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2012/02/09 20:25:33 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2012/02/09 20:24:39 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Local\HP
[2012/02/09 01:35:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2012/02/09 01:34:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012/02/09 01:34:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012/02/06 23:47:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\stinger
[2012/02/06 08:28:53 | 000,000,000 | ---D | C] -- C:\Users\JD\Documents\GMER
[2012/02/06 07:23:02 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\JD\Desktop\dds.scr
[2012/02/06 07:10:40 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Local\Microsoft_Corporation
[2012/02/06 02:10:38 | 000,000,000 | ---D | C] -- C:\Users\JD\SecurityScans
[2012/02/06 02:09:20 | 000,000,000 | ---D | C] -- C:\Program Files\MBSA 2
[2012/02/05 01:13:11 | 000,043,640 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\SymIMV.sys
[2012/02/04 18:48:48 | 000,000,000 | ---D | C] -- C:\windows\pss
[2012/02/04 02:08:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\L&H
[2012/02/04 00:53:14 | 000,000,000 | ---D | C] -- C:\Users\JD\Documents\LocaleMetaData
[2012/02/03 16:21:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
[2012/02/03 16:21:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft ActiveSync
[2012/02/03 16:20:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Designer
[2012/02/03 00:57:51 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Roaming\Malwarebytes
[2012/02/03 00:57:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/02 23:52:41 | 001,092,728 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1305000.091\symefa64.sys
[2012/02/02 23:52:41 | 000,738,936 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1305000.091\srtsp64.sys
[2012/02/02 23:52:41 | 000,451,192 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1305000.091\symds64.sys
[2012/02/02 23:52:41 | 000,405,624 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1305000.091\symnets.sys
[2012/02/02 23:52:41 | 000,190,072 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1305000.091\ironx64.sys
[2012/02/02 23:52:41 | 000,037,496 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1305000.091\srtspx64.sys
[2012/02/02 23:52:40 | 000,167,048 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1305000.091\ccsetx64.sys
[2012/02/02 23:52:10 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\NISx64\1305000.091
[2012/02/02 23:10:28 | 000,175,736 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/02/02 23:10:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012/02/02 23:10:28 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012/02/02 23:09:38 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\NISx64
[2012/02/02 23:09:35 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2012/02/02 23:09:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security
[2012/02/02 23:09:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2012/02/02 18:44:34 | 000,000,000 | ---D | C] -- C:\Users\JD\Desktop\sevntx64
[2012/02/02 00:18:53 | 000,000,000 | ---D | C] -- C:\Users\JD\Desktop\Pwnage
[2012/02/01 15:47:41 | 000,000,000 | R--D | C] -- C:\Users\JD\Desktop\symimi64
[2012/02/01 14:41:36 | 000,000,000 | ---D | C] -- C:\Users\JD\Documents\Symantec
[2012/02/01 14:27:49 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2012/02/01 12:43:49 | 000,000,000 | ---D | C] -- C:\193fddf87a7d97eb4248
[2012/02/01 12:31:15 | 000,000,000 | ---D | C] -- C:\Users\JD\.shsh2
[2012/02/01 06:01:44 | 000,000,000 | ---D | C] -- C:\Users\JD\.shsh
[2012/02/01 04:28:31 | 000,000,000 | ---D | C] -- C:\Users\JD\Desktop\iPhone
[2012/02/01 01:43:52 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Roaming\redsn0w
[2012/02/01 01:22:35 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012/02/01 01:22:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2012/02/01 01:22:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Offers from Freeze.com
[2012/02/01 00:50:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Conexant
[2012/02/01 00:50:40 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Local\Conexant
[2012/02/01 00:29:24 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Local\NPE
[2012/01/31 18:18:10 | 000,000,000 | ---D | C] -- C:\Users\JD\Documents\GovCharters
[2012/01/31 01:20:19 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Local\CrashDumps
[2012/01/31 00:53:43 | 000,000,000 | ---D | C] -- C:\Users\JD\Documents\iPhone-Export-ADG
[2012/01/30 21:44:45 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Local\Macroplant_LLC
[2012/01/30 21:40:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dokan
[2012/01/30 21:40:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Phone Disk
[2012/01/30 21:40:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Phone Disk
[2012/01/30 21:35:04 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Local\Macroplant
[2012/01/30 21:33:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/01/30 21:33:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012/01/30 20:52:47 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/01/30 20:52:21 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Macromed
[2012/01/30 19:56:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iExplorer
[2012/01/30 19:56:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iExplorer
[2012/01/30 18:51:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PuTTY
[2012/01/30 00:34:45 | 000,000,000 | ---D | C] -- C:\8a5a96a04c289b63700637
[2012/01/29 20:56:56 | 052,128,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MRT.exe
[2012/01/29 13:02:55 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll
[2012/01/29 13:02:55 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\webio.dll
[2012/01/29 13:02:55 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\webio.dll
[2012/01/29 13:02:54 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspicli.dll
[2012/01/29 13:02:54 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspisrv.dll
[2012/01/29 13:02:54 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\secur32.dll
[2012/01/29 00:42:14 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Local\Adobe
[2012/01/29 00:23:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2012/01/29 00:20:12 | 000,000,000 | ---D | C] -- C:\Users\JD\Documents\datafiles
[2012/01/29 00:18:58 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usbport.sys
[2012/01/29 00:18:58 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usbd.sys
[2012/01/29 00:18:48 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\esent.dll
[2012/01/29 00:18:47 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\esent.dll
[2012/01/29 00:18:47 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\storport.sys
[2012/01/29 00:18:47 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\windows\SysNative\drivers\amdsata.sys
[2012/01/29 00:18:47 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fsutil.exe
[2012/01/29 00:18:47 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\fsutil.exe
[2012/01/29 00:18:47 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\windows\SysNative\drivers\amdxata.sys
[2012/01/29 00:09:22 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Roaming\Tific
[2012/01/29 00:09:09 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Local\Symantec
[2012/01/28 16:46:34 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Local\TOSHIBA_Corporation
[2012/01/28 14:06:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012/01/27 13:53:16 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Local\ElevatedDiagnostics
[2012/01/27 13:08:36 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Wat
[2012/01/27 13:08:36 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Wat
[2012/01/27 06:33:02 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Roaming\Mael
[2012/01/27 06:19:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HxD Hex Editor
[2012/01/27 06:19:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HxD
[2012/01/27 04:48:48 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xmllite.dll
[2012/01/27 04:48:46 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\odbccr32.dll
[2012/01/27 04:48:45 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\odbcjt32.dll
[2012/01/27 04:48:45 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\odbctrac.dll
[2012/01/27 04:48:45 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\odbctrac.dll
[2012/01/27 04:48:45 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\odbccp32.dll
[2012/01/27 04:48:45 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\odbccp32.dll
[2012/01/27 04:48:45 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\odbccu32.dll
[2012/01/27 04:48:45 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\odbccu32.dll
[2012/01/27 04:48:45 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\odbccr32.dll
[2012/01/27 04:48:38 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\poqexec.exe
[2012/01/27 04:48:38 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\poqexec.exe
[2012/01/27 04:48:36 | 002,871,808 | ---- | C] (Microsoft Corporation) -- C:\windows\explorer.exe
[2012/01/27 04:48:35 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\explorer.exe
[2012/01/27 04:48:33 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\quartz.dll
[2012/01/27 04:48:33 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\quartz.dll
[2012/01/27 04:48:33 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\qdvd.dll
[2012/01/27 04:48:33 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\qdvd.dll
[2012/01/27 04:48:31 | 002,315,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tquery.dll
[2012/01/27 04:48:30 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssrch.dll
[2012/01/27 04:48:30 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mssrch.dll
[2012/01/27 04:48:29 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tquery.dll
[2012/01/27 04:48:29 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssvp.dll
[2012/01/27 04:48:29 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssph.dll
[2012/01/27 04:48:29 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mssph.dll
[2012/01/27 04:48:29 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SearchProtocolHost.exe
[2012/01/27 04:48:29 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SearchFilterHost.exe
[2012/01/27 04:48:28 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mssvp.dll
[2012/01/27 04:48:28 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssphtb.dll
[2012/01/27 04:48:28 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msscntrs.dll
[2012/01/27 04:48:28 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msscntrs.dll
[2012/01/27 04:48:22 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\csrsrv.dll
[2012/01/27 04:48:20 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XpsGdiConverter.dll
[2012/01/27 04:48:20 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XpsGdiConverter.dll
[2012/01/27 04:48:14 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XpsPrint.dll
[2012/01/27 04:48:14 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XpsPrint.dll
[2012/01/27 04:48:13 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfc42.dll
[2012/01/27 04:48:13 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfc42u.dll
[2012/01/27 04:48:12 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfc42u.dll
[2012/01/27 04:48:12 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfc42.dll
[2012/01/27 04:48:09 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2012/01/27 04:47:47 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll
[2012/01/27 04:47:47 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll
[2012/01/27 04:47:46 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll
[2012/01/27 04:47:46 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll
[2012/01/27 04:47:45 | 000,027,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\Diskdump.sys
[2012/01/27 04:47:44 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dnsapi.dll
[2012/01/27 04:47:44 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dnscacheugc.exe
[2012/01/27 04:47:44 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dnscacheugc.exe
[2012/01/27 04:47:35 | 000,918,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012/01/27 04:47:35 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012/01/27 04:47:33 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\psisdecd.dll
[2012/01/27 04:47:33 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\psisdecd.dll
[2012/01/27 04:47:33 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\psisrndr.ax
[2012/01/27 04:47:32 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\psisrndr.ax
[2012/01/27 04:47:14 | 000,605,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winload.exe
[2012/01/27 04:47:14 | 000,566,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winresume.efi
[2012/01/27 04:47:13 | 000,642,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winload.efi
[2012/01/27 04:47:13 | 000,518,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winresume.exe
[2012/01/27 04:47:13 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kdusb.dll
[2012/01/27 04:47:13 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kd1394.dll
[2012/01/27 04:47:13 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kdcom.dll
[2012/01/27 04:46:32 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll
[2012/01/27 04:46:31 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
[2012/01/27 04:46:31 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll
[2012/01/27 04:46:31 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe
[2012/01/27 04:46:31 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
[2012/01/27 04:46:31 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll
[2012/01/27 04:46:31 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2012/01/27 04:46:31 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll
[2012/01/27 04:46:31 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2012/01/27 04:46:31 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll
[2012/01/27 04:46:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/01/27 04:46:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/01/27 04:46:30 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2012/01/27 04:46:30 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/01/27 04:46:30 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/01/27 04:46:30 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/01/27 04:46:30 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2012/01/27 04:46:30 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/01/27 04:46:30 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/01/27 04:46:30 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/01/27 04:46:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/01/27 04:46:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/01/27 04:46:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/01/27 04:46:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/01/27 04:46:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/01/27 04:46:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/01/27 04:46:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/01/27 04:46:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/01/27 04:46:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/01/27 04:46:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/01/27 04:46:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/01/27 04:46:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/01/27 04:46:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/01/27 04:46:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/01/27 04:46:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/01/27 04:46:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/01/27 04:46:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/01/27 04:46:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/01/27 04:46:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/01/27 04:46:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/01/27 04:46:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/01/27 04:46:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/01/27 04:46:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/01/27 04:46:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/01/27 04:46:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/01/27 04:46:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/01/27 04:46:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/01/27 04:46:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/01/27 04:46:29 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/01/27 04:46:29 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/01/27 04:46:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/01/27 04:46:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/01/27 04:46:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/01/27 04:46:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/01/27 04:46:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/01/27 04:46:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/01/27 04:46:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/01/27 04:46:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/01/27 04:46:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/01/27 04:46:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/01/27 04:46:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/01/27 04:46:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/01/27 04:46:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/01/27 04:46:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/01/27 04:46:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/01/27 04:46:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/01/27 04:46:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/01/27 04:46:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/01/27 04:46:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2012/01/27 04:46:25 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\drvinst.exe
[2012/01/27 04:46:25 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\devrtl.dll
[2012/01/27 04:46:23 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\prevhost.exe
[2012/01/27 04:46:23 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\prevhost.exe
[2012/01/27 04:46:21 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\FXSCOVER.exe
[2012/01/27 04:46:14 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\oleaut32.dll
[2012/01/27 04:46:14 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\oleacc.dll
[2012/01/27 04:46:12 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\EncDec.dll
[2012/01/27 04:46:12 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\EncDec.dll
[2012/01/27 04:45:42 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntdll.dll
[2012/01/27 04:45:40 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2012/01/27 04:45:39 | 005,561,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2012/01/27 04:45:38 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2012/01/27 04:41:55 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\packager.dll
[2012/01/27 04:41:55 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\packager.dll
[2012/01/27 03:39:02 | 000,000,000 | ---D | C] -- C:\Users\JD\Documents\iPhone-export
[2012/01/27 03:23:46 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Roaming\MobileSyncBrowser
[2012/01/27 03:03:23 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MobileSyncBrowser
[2012/01/27 03:03:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MobileSyncBrowser
[2012/01/27 02:40:59 | 000,000,000 | ---D | C] -- C:\Users\JD\Documents\Backup
[2012/01/27 02:10:19 | 000,000,000 | ---D | C] -- C:\Users\JD\Documents\Records-Transfer
[2012/01/27 02:10:07 | 000,000,000 | ---D | C] -- C:\Users\JD\Documents\Misc-Transfer
[2012/01/27 02:09:57 | 000,000,000 | ---D | C] -- C:\Users\JD\Documents\AVM-Transfer
[2012/01/27 01:10:33 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Roaming\Apple Computer
[2012/01/27 01:10:33 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Local\Apple Computer
[2012/01/27 01:10:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/01/27 01:10:14 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\windows\SysNative\GEARAspi64.dll
[2012/01/27 01:10:14 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\windows\SysWow64\GEARAspi.dll
[2012/01/27 01:10:14 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\windows\SysNative\drivers\GEARAspiWDM.sys
[2012/01/27 01:10:14 | 000,000,000 | ---D | C] -- C:\windows\SysNative\DRVSTORE
[2012/01/27 01:09:27 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/01/27 01:09:26 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/01/27 01:09:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/01/27 01:09:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/01/27 01:09:26 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2012/01/27 01:07:30 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Local\Apple
[2012/01/27 01:07:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012/01/27 01:06:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/01/27 01:06:27 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/01/27 01:06:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012/01/27 01:05:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012/01/27 01:05:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2012/01/27 00:45:50 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Roaming\Adobe
[2012/01/27 00:28:41 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Roaming\Mozilla
[2012/01/27 00:28:41 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Local\Mozilla
[2012/01/27 00:28:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/01/26 23:14:26 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012/01/26 23:08:06 | 000,027,784 | ---- | C] (TOSHIBA Corporation.) -- C:\windows\SysNative\drivers\tdcmdpst.sys
[2012/01/26 23:06:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toshiba Online Backup
[2012/01/26 23:06:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toshiba Online Backup
[2012/01/26 23:06:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/01/26 23:05:23 | 000,138,656 | ---- | C] (TOSHIBA Corporation) -- C:\windows\SysNative\TODDSrv.exe
[2012/01/26 23:05:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TOSHIBA Corporation
[2012/01/26 23:03:41 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/01/26 23:03:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/01/26 23:03:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetZero
[2012/01/26 23:03:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2012/01/26 23:02:44 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Local\Diagnostics
[2012/01/26 22:59:20 | 000,000,000 | ---D | C] -- C:\ProgramData\WildTangent
[2012/01/26 22:59:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TOSHIBA Games
[2012/01/26 22:54:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012/01/26 22:53:14 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2012/01/26 22:47:46 | 000,024,576 | ---- | C] (Toshiba) -- C:\windows\SysWow64\TSCI.dll
[2012/01/26 22:47:46 | 000,024,576 | ---- | C] (Toshiba) -- C:\windows\SysWow64\THCI.dll
[2012/01/26 22:44:22 | 000,038,096 | ---- | C] (TOSHIBA Corporation) -- C:\windows\SysNative\drivers\PGEffect.sys
[2012/01/26 22:41:02 | 001,351,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\COMCTL32.OCX
[2012/01/26 22:41:02 | 001,081,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mscomctl.ocx
[2012/01/26 22:41:02 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Comdlg32.ocx
[2012/01/26 22:41:02 | 000,009,728 | ---- | C] (TOSHIBA Corp.) -- C:\windows\SysWow64\TCMSVR.dll
[2012/01/26 22:41:01 | 000,009,216 | ---- | C] (TOSHIBA Corporation) -- C:\windows\SysNative\drivers\FwLnk.sys
[2012/01/26 22:40:07 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_36.dll
[2012/01/26 22:40:07 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_36.dll
[2012/01/26 22:40:07 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_36.dll
[2012/01/26 22:40:07 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_36.dll
[2012/01/26 22:40:07 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_10.dll
[2012/01/26 22:40:07 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_10.dll
[2012/01/26 22:40:06 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_36.dll
[2012/01/26 22:40:06 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_36.dll
[2012/01/26 22:40:05 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_35.dll
[2012/01/26 22:40:05 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_35.dll
[2012/01/26 22:40:05 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_35.dll
[2012/01/26 22:40:05 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_35.dll
[2012/01/26 22:40:05 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_9.dll
[2012/01/26 22:40:05 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_9.dll
[2012/01/26 22:40:04 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_35.dll
[2012/01/26 22:40:04 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_35.dll
[2012/01/26 22:40:03 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_34.dll
[2012/01/26 22:40:03 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_34.dll
[2012/01/26 22:40:03 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_34.dll
[2012/01/26 22:40:03 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_34.dll
[2012/01/26 22:40:03 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_8.dll
[2012/01/26 22:40:03 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_8.dll
[2012/01/26 22:40:03 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\X3DAudio1_2.dll
[2012/01/26 22:40:03 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\X3DAudio1_2.dll
[2012/01/26 22:40:02 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_34.dll
[2012/01/26 22:40:02 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_34.dll
[2012/01/26 22:40:02 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xinput1_3.dll
[2012/01/26 22:40:02 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xinput1_3.dll
[2012/01/26 22:40:01 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_33.dll
[2012/01/26 22:40:01 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_33.dll
[2012/01/26 22:40:01 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_33.dll
[2012/01/26 22:40:01 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_33.dll
[2012/01/26 22:40:01 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_7.dll
[2012/01/26 22:40:01 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_7.dll
[2012/01/26 22:40:00 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_33.dll
[2012/01/26 22:40:00 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_33.dll
[2012/01/26 22:39:59 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10.dll
[2012/01/26 22:39:59 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10.dll
[2012/01/26 22:39:59 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_6.dll
[2012/01/26 22:39:59 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_5.dll
[2012/01/26 22:39:59 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_6.dll
[2012/01/26 22:39:59 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_5.dll
[2012/01/26 22:39:58 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_32.dll
[2012/01/26 22:39:58 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_32.dll
[2012/01/26 22:39:57 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_4.dll
[2012/01/26 22:39:57 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_4.dll
[2012/01/26 22:39:57 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\x3daudio1_1.dll
[2012/01/26 22:39:57 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\x3daudio1_1.dll
[2012/01/26 22:39:56 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_31.dll
[2012/01/26 22:39:56 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_31.dll
[2012/01/26 22:39:56 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_3.dll
[2012/01/26 22:39:56 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_3.dll
[2012/01/26 22:39:56 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xinput1_2.dll
[2012/01/26 22:39:56 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xinput1_2.dll
[2012/01/26 22:39:55 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_2.dll
[2012/01/26 22:39:55 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_2.dll
[2012/01/26 22:39:55 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xinput1_1.dll
[2012/01/26 22:39:55 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xinput1_1.dll
[2012/01/26 22:39:54 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_1.dll
[2012/01/26 22:39:54 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_1.dll
[2012/01/26 22:39:51 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_30.dll
[2012/01/26 22:39:51 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_30.dll
[2012/01/26 22:39:50 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_29.dll
[2012/01/26 22:39:50 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_29.dll
[2012/01/26 22:39:50 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_0.dll
[2012/01/26 22:39:50 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_0.dll
[2012/01/26 22:39:50 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\x3daudio1_0.dll
[2012/01/26 22:39:50 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\x3daudio1_0.dll
[2012/01/26 22:39:49 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_28.dll
[2012/01/26 22:39:49 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_28.dll
[2012/01/26 22:39:48 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_27.dll
[2012/01/26 22:39:48 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_27.dll
[2012/01/26 22:39:47 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_26.dll
[2012/01/26 22:39:47 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_26.dll
[2012/01/26 22:39:46 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_25.dll
[2012/01/26 22:39:46 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_24.dll
[2012/01/26 22:39:46 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_25.dll
[2012/01/26 22:39:46 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_24.dll
[2012/01/26 22:35:16 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Local\Google
[2012/01/26 22:35:13 | 001,221,224 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\windows\SysNative\drivers\rtl8192se.sys
[2012/01/26 22:35:13 | 001,109,096 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\windows\SysNative\drivers\rtl8192ce.sys
[2012/01/26 22:35:13 | 000,626,792 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\windows\SysNative\drivers\rtl819xp.sys
[2012/01/26 22:35:13 | 000,450,048 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\windows\SysNative\drivers\rtl8187B.sys
[2012/01/26 22:35:13 | 000,442,368 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\windows\SysNative\drivers\rtl8187Se.sys
[2012/01/26 22:35:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek WLAN Driver
[2012/01/26 22:34:48 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Roaming\Toshiba
[2012/01/26 22:34:17 | 000,000,000 | ---D | C] -- C:\Program Files\Elantech
[2012/01/26 22:33:18 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\sda
[2012/01/26 22:33:06 | 000,243,712 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\SysNative\drivers\RtsUStor.sys
[2012/01/26 22:33:05 | 009,112,168 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\SysWow64\RtsUStoricon.dll
[2012/01/26 22:33:05 | 000,422,504 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\SysNative\RtsUStor.dll
[2012/01/26 22:33:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2012/01/26 22:33:02 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Local\Toshiba
[2012/01/26 22:33:00 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Roaming\ATI
[2012/01/26 22:33:00 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Local\ATI
[2012/01/26 22:32:21 | 000,000,000 | R--D | C] -- C:\Users\JD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/01/26 22:32:21 | 000,000,000 | R--D | C] -- C:\Users\JD\Searches
[2012/01/26 22:32:21 | 000,000,000 | R--D | C] -- C:\Users\JD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/01/26 22:32:21 | 000,000,000 | -H-D | C] -- C:\Users\JD\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/01/26 22:32:09 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Roaming\Identities
[2012/01/26 22:32:05 | 000,000,000 | R--D | C] -- C:\Users\JD\Contacts
[2012/01/26 22:32:02 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Local\VirtualStore
[2012/01/26 22:30:42 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Roaming\WinBatch
[2012/01/26 22:30:21 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2012/01/26 22:29:27 | 000,000,000 | -HSD | C] -- C:\Users\JD\AppData\Local\Temporary Internet Files
[2012/01/26 22:29:27 | 000,000,000 | -HSD | C] -- C:\Users\JD\Templates
[2012/01/26 22:29:27 | 000,000,000 | -HSD | C] -- C:\Users\JD\Start Menu
[2012/01/26 22:29:27 | 000,000,000 | -HSD | C] -- C:\Users\JD\SendTo
[2012/01/26 22:29:27 | 000,000,000 | -HSD | C] -- C:\Users\JD\Recent
[2012/01/26 22:29:27 | 000,000,000 | -HSD | C] -- C:\Users\JD\PrintHood
[2012/01/26 22:29:27 | 000,000,000 | -HSD | C] -- C:\Users\JD\NetHood
[2012/01/26 22:29:27 | 000,000,000 | -HSD | C] -- C:\Users\JD\Documents\My Videos
[2012/01/26 22:29:27 | 000,000,000 | -HSD | C] -- C:\Users\JD\Documents\My Pictures
[2012/01/26 22:29:27 | 000,000,000 | -HSD | C] -- C:\Users\JD\Documents\My Music
[2012/01/26 22:29:27 | 000,000,000 | -HSD | C] -- C:\Users\JD\My Documents
[2012/01/26 22:29:27 | 000,000,000 | -HSD | C] -- C:\Users\JD\Local Settings
[2012/01/26 22:29:27 | 000,000,000 | -HSD | C] -- C:\Users\JD\AppData\Local\History
[2012/01/26 22:29:27 | 000,000,000 | -HSD | C] -- C:\Users\JD\Cookies
[2012/01/26 22:29:27 | 000,000,000 | -HSD | C] -- C:\Users\JD\Application Data
[2012/01/26 22:29:27 | 000,000,000 | -HSD | C] -- C:\Users\JD\AppData\Local\Application Data
[2012/01/26 22:29:19 | 000,000,000 | --SD | C] -- C:\Users\JD\AppData\Roaming\Microsoft
[2012/01/26 22:29:19 | 000,000,000 | R--D | C] -- C:\Users\JD\Videos
[2012/01/26 22:29:19 | 000,000,000 | R--D | C] -- C:\Users\JD\AppData\Local\Temp
[2012/01/26 22:29:19 | 000,000,000 | R--D | C] -- C:\Users\JD\Saved Games
[2012/01/26 22:29:19 | 000,000,000 | R--D | C] -- C:\Users\JD\Pictures
[2012/01/26 22:29:19 | 000,000,000 | R--D | C] -- C:\Users\JD\Music
[2012/01/26 22:29:19 | 000,000,000 | R--D | C] -- C:\Users\JD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/01/26 22:29:19 | 000,000,000 | R--D | C] -- C:\Users\JD\Links
[2012/01/26 22:29:19 | 000,000,000 | R--D | C] -- C:\Users\JD\Favorites
[2012/01/26 22:29:19 | 000,000,000 | R--D | C] -- C:\Users\JD\Downloads
[2012/01/26 22:29:19 | 000,000,000 | R--D | C] -- C:\Users\JD\Documents
[2012/01/26 22:29:19 | 000,000,000 | R--D | C] -- C:\Users\JD\Desktop
[2012/01/26 22:29:19 | 000,000,000 | R--D | C] -- C:\Users\JD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/01/26 22:29:19 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Local\Microsoft
[2012/01/26 22:29:19 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Roaming\Media Center Programs
[2012/01/26 22:29:19 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Roaming\Macromedia
[2012/01/26 22:29:19 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData
[2012/01/26 22:28:57 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/01/26 22:27:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2012/01/26 22:27:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2012/01/26 22:27:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012/01/26 22:25:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2012/01/26 22:25:34 | 022,100,480 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\windows\SysNative\atio6axx.dll
[2012/01/26 22:25:34 | 017,044,480 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\windows\SysWow64\atioglxx.dll
[2012/01/26 22:25:34 | 008,283,136 | ---- | C] (ATI Technologies Inc.) -- C:\windows\SysNative\drivers\atikmdag.sys
[2012/01/26 22:25:34 | 006,815,232 | ---- | C] (Advanced Micro Devices Inc.) -- C:\windows\SysNative\aticaldd64.dll
[2012/01/26 22:25:34 | 005,441,024 | ---- | C] (Advanced Micro Devices Inc.) -- C:\windows\SysWow64\aticaldd.dll
[2012/01/26 22:25:34 | 005,305,856 | ---- | C] (ATI Technologies Inc. ) -- C:\windows\SysNative\atiumd64.dll
[2012/01/26 22:25:34 | 004,844,544 | ---- | C] (ATI Technologies Inc. ) -- C:\windows\SysNative\atidxx64.dll
[2012/01/26 22:25:34 | 004,162,048 | ---- | C] (ATI Technologies Inc. ) -- C:\windows\SysWow64\atiumdag.dll
[2012/01/26 22:25:34 | 004,101,632 | ---- | C] (ATI Technologies Inc. ) -- C:\windows\SysWow64\atidxx32.dll
[2012/01/26 22:25:34 | 003,461,120 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\windows\SysWow64\atiumdva.dll
[2012/01/26 22:25:34 | 003,218,944 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\windows\SysNative\atiumd6a.dll
[2012/01/26 22:25:34 | 001,208,320 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\windows\SysNative\atiumd6v.dll
[2012/01/26 22:25:34 | 000,708,608 | ---- | C] (ATI Technologies Inc. ) -- C:\windows\SysNative\aticfx64.dll
[2012/01/26 22:25:34 | 000,596,480 | ---- | C] (ATI Technologies Inc. ) -- C:\windows\SysWow64\aticfx32.dll
[2012/01/26 22:25:34 | 000,480,256 | ---- | C] (AMD) -- C:\windows\SysNative\atieclxx.exe
[2012/01/26 22:25:34 | 000,462,848 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\windows\SysNative\ATIDEMGX.dll
[2012/01/26 22:25:34 | 000,423,424 | ---- | C] (ATI Technologies, Inc.) -- C:\windows\SysNative\atipdl64.dll
[2012/01/26 22:25:34 | 000,356,352 | ---- | C] (ATI Technologies, Inc.) -- C:\windows\SysWow64\atipdlxx.dll
[2012/01/26 22:25:34 | 000,353,792 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\windows\SysNative\atiadlxx.dll
[2012/01/26 22:25:34 | 000,332,800 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\windows\SysNative\ATIODE.exe
[2012/01/26 22:25:34 | 000,294,400 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\windows\SysNative\drivers\atikmpag.sys
[2012/01/26 22:25:34 | 000,278,528 | ---- | C] (ATI Technologies, Inc.) -- C:\windows\SysWow64\Oemdspif.dll
[2012/01/26 22:25:34 | 000,249,856 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\windows\SysWow64\atiadlxy.dll
[2012/01/26 22:25:34 | 000,203,776 | ---- | C] (AMD) -- C:\windows\SysNative\atiesrxx.exe
[2012/01/26 22:25:34 | 000,143,360 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\windows\SysNative\atiapfxx.exe
[2012/01/26 22:25:34 | 000,120,320 | ---- | C] (AMD) -- C:\windows\SysNative\atitmm64.dll
[2012/01/26 22:25:34 | 000,118,784 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\windows\SysNative\atibtmon.exe
[2012/01/26 22:25:34 | 000,059,392 | ---- | C] (ATI Technologies, Inc.) -- C:\windows\SysNative\atiedu64.dll
[2012/01/26 22:25:34 | 000,058,880 | ---- | C] (AMD) -- C:\windows\SysNative\coinst.dll
[2012/01/26 22:25:34 | 000,053,760 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\windows\SysNative\atimpc64.dll
[2012/01/26 22:25:34 | 000,053,760 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\windows\SysNative\amdpcom64.dll
[2012/01/26 22:25:34 | 000,053,248 | ---- | C] (ATI Technologies Inc.) -- C:\windows\SysNative\drivers\ati2erec.dll
[2012/01/26 22:25:34 | 000,052,736 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\windows\SysWow64\atimpc32.dll
[2012/01/26 22:25:34 | 000,052,736 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\windows\SysWow64\amdpcom32.dll
[2012/01/26 22:25:34 | 000,051,200 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\windows\SysNative\ATIODCLI.exe
[2012/01/26 22:25:34 | 000,051,200 | ---- | C] (Advanced Micro Devices Inc.) -- C:\windows\SysNative\aticalrt64.dll
[2012/01/26 22:25:34 | 000,046,080 | ---- | C] (Advanced Micro Devices Inc.) -- C:\windows\SysWow64\aticalrt.dll
[2012/01/26 22:25:34 | 000,044,544 | ---- | C] (Advanced Micro Devices Inc.) -- C:\windows\SysNative\aticalcl64.dll
[2012/01/26 22:25:34 | 000,044,032 | ---- | C] (Advanced Micro Devices Inc.) -- C:\windows\SysWow64\aticalcl.dll
[2012/01/26 22:25:34 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\windows\SysWow64\ati2edxx.dll
[2012/01/26 22:25:34 | 000,039,936 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\windows\SysNative\atiuxp64.dll
[2012/01/26 22:25:34 | 000,038,400 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\windows\SysNative\atiu9p64.dll
[2012/01/26 22:25:34 | 000,032,256 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\windows\SysNative\atig6txx.dll
[2012/01/26 22:25:34 | 000,030,720 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\windows\SysWow64\atiuxpag.dll
[2012/01/26 22:25:34 | 000,028,672 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\windows\SysWow64\atiu9pag.dll
[2012/01/26 22:25:34 | 000,027,648 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\windows\SysWow64\atigktxx.dll
[2012/01/26 22:25:34 | 000,016,384 | ---- | C] (AMD) -- C:\windows\SysNative\atimuixx.dll
[2012/01/26 22:25:34 | 000,014,848 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\windows\SysNative\atig6pxx.dll
[2012/01/26 22:25:34 | 000,012,800 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\windows\SysWow64\atiglpxx.dll
[2012/01/26 22:25:34 | 000,012,800 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\windows\SysNative\atiglpxx.dll
[2012/01/26 22:22:48 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012/01/26 22:22:40 | 000,075,904 | ---- | C] (Advanced Micro Devices) -- C:\windows\SysNative\drivers\amd_sata.sys
[2012/01/26 22:22:40 | 000,038,016 | ---- | C] (Advanced Micro Devices) -- C:\windows\SysNative\drivers\amd_xata.sys
[2012/01/26 22:22:00 | 000,000,000 | ---D | C] -- C:\windows\SoftwareDistribution
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/19 17:01:48 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\JD\Desktop\OTL.exe
[2012/02/19 16:11:56 | 000,780,320 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/02/19 16:11:56 | 000,661,170 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/02/19 16:11:56 | 000,121,638 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/02/19 16:10:27 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/02/19 13:47:55 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/19 13:47:55 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/19 13:42:19 | 2094,161,920 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/19 03:22:25 | 000,532,778 | ---- | M] () -- C:\Users\JD\Documents\difxapi.dll
[2012/02/16 19:10:57 | 000,412,336 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/02/16 03:53:07 | 000,064,448 | ---- | M] () -- C:\Users\JD\Documents\iTunesLibraryExport02-16-12.xml
[2012/02/16 02:41:58 | 000,001,305 | ---- | M] () -- C:\Users\Public\Desktop\iBackupBot for iTunes.lnk
[2012/02/16 01:27:29 | 000,029,808 | ---- | M] () -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2012/02/15 22:31:39 | 001,470,612 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1305000.091\Cat.DB
[2012/02/14 21:31:27 | 000,176,662 | ---- | M] () -- C:\Users\JD\Documents\MURRAY-MODEL-42591X8B-LAWN-TRACTOR-(1999)-PARTS-LIST.pdf
[2012/02/14 11:12:48 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/02/13 18:43:31 | 000,000,000 | -H-- | M] () -- C:\Users\JD\Documents\Default.rdp
[2012/02/12 19:14:49 | 000,000,000 | ---- | M] () -- C:\Users\JD\defogger_reenable
[2012/02/12 19:12:51 | 000,050,477 | ---- | M] () -- C:\Users\JD\Desktop\Defogger.exe
[2012/02/12 18:39:20 | 000,800,637 | ---- | M] () -- C:\Users\JD\Desktop\ListParts64.exe
[2012/02/12 16:27:58 | 000,001,387 | ---- | M] () -- C:\Users\JD\Desktop\aswMBR.exe - Shortcut.lnk
[2012/02/12 15:55:16 | 000,000,972 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/12 14:53:22 | 000,869,194 | ---- | M] () -- C:\Users\JD\Desktop\SecurityCheck.exe
[2012/02/12 03:22:27 | 000,001,819 | ---- | M] () -- C:\Users\JD\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/02/11 23:50:42 | 000,001,322 | ---- | M] () -- C:\Users\JD\Desktop\Gadgets - Shortcut.lnk
[2012/02/11 23:50:24 | 005,421,479 | ---- | M] () -- C:\Users\JD\Desktop\Windows Sidebar.zip
[2012/02/11 23:07:08 | 000,002,961 | ---- | M] () -- C:\Users\JD\Desktop\HiJackThis.lnk
[2012/02/11 02:20:33 | 000,012,860 | ---- | M] () -- C:\Users\JD\Documents\USBank12-12-11to2-13-12.csv
[2012/02/10 02:17:30 | 000,002,655 | ---- | M] () -- C:\Users\JD\Desktop\Microsoft Word.lnk
[2012/02/10 02:17:21 | 000,002,623 | ---- | M] () -- C:\Users\JD\Desktop\Microsoft Access.lnk
[2012/02/10 02:17:11 | 000,002,657 | ---- | M] () -- C:\Users\JD\Desktop\Microsoft Excel.lnk
[2012/02/09 01:45:07 | 000,003,683 | ---- | M] () -- C:\Users\JD\Documents\lmhosts.sam
[2012/02/09 01:34:42 | 000,001,990 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/02/09 00:34:56 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\fport
[2012/02/06 07:23:04 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\JD\Desktop\dds.scr
[2012/02/06 06:10:21 | 000,722,552 | ---- | M] () -- C:\Users\JD\Documents\Info20120206060709.xml
[2012/02/06 04:39:54 | 000,000,624 | ---- | M] () -- C:\Users\JD\Documents\DWMExport.reg
[2012/02/06 02:09:24 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Baseline Security Analyzer 2.2.lnk
[2012/02/04 20:44:39 | 003,278,235 | ---- | M] () -- C:\Users\JD\Documents\cylinder_sizing_poster_1-20-11.pdf
[2012/02/04 02:10:59 | 000,000,376 | ---- | M] () -- C:\windows\ODBC.INI
[2012/02/04 00:53:56 | 000,069,632 | ---- | M] () -- C:\Users\JD\Documents\remassdetail2.evtx
[2012/02/04 00:53:14 | 000,069,632 | ---- | M] () -- C:\Users\JD\Documents\CompServRemAsstDetails.evtx
[2012/02/03 19:44:03 | 000,001,416 | ---- | M] () -- C:\Users\JD\Documents\java certs
[2012/02/03 15:25:20 | 000,000,653 | ---- | M] () -- C:\Users\JD\Desktop\iPhone2,1_4.3.5_8L1_Restore.ipsw - Shortcut (2).lnk
[2012/02/03 11:09:30 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/02/03 01:02:09 | 000,002,483 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012/02/03 01:00:56 | 000,004,782 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1305000.091\VT20111023.024
[2012/02/03 00:37:18 | 000,772,682 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/02/02 23:52:56 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/02/02 23:52:56 | 000,007,488 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/02/02 23:52:56 | 000,000,855 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/02/02 23:07:40 | 000,001,261 | ---- | M] () -- C:\Users\JD\Desktop\Norton Installation Files.lnk
[2012/02/02 01:35:28 | 000,000,877 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts.umbrella
[2012/02/02 01:35:28 | 000,000,877 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012/02/01 22:03:16 | 000,007,620 | ---- | M] () -- C:\Users\JD\AppData\Local\Resmon.ResmonCfg
[2012/02/01 03:52:59 | 000,002,164 | ---- | M] () -- C:\Users\JD\Documents\addons.mozilla.org.crt
[2012/01/31 23:31:06 | 000,001,087 | ---- | M] () -- C:\Users\JD\Desktop\isolate.ini - Shortcut.lnk
[2012/01/31 23:19:17 | 000,621,178 | ---- | M] () -- C:\Users\JD\Desktop\sevntx64.zip
[2012/01/31 23:18:54 | 000,128,693 | ---- | M] () -- C:\Users\JD\Desktop\symimi64.zip
[2012/01/31 01:56:17 | 000,000,407 | ---- | M] () -- C:\Users\JD\Documents\blobdataSMS
[2012/01/31 01:21:13 | 000,372,736 | ---- | M] () -- C:\Users\JD\Documents\sms.db
[2012/01/31 00:34:21 | 000,000,600 | ---- | M] () -- C:\Users\JD\AppData\Local\PUTTY.RND
[2012/01/30 21:40:05 | 000,001,001 | ---- | M] () -- C:\Users\Public\Desktop\Phone Disk.lnk
[2012/01/30 21:33:35 | 000,001,816 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/01/30 19:56:53 | 000,000,994 | ---- | M] () -- C:\Users\Public\Desktop\iExplorer.lnk
[2012/01/30 18:51:12 | 000,000,938 | ---- | M] () -- C:\Users\JD\Desktop\PuTTY.lnk
[2012/01/29 22:06:30 | 000,016,949 | ---- | M] () -- C:\Users\JD\Documents\USBankdownload.csv
[2012/01/27 06:29:47 | 000,859,028 | ---- | M] () -- C:\Users\JD\Documents\idx.c
[2012/01/27 06:19:48 | 000,000,880 | ---- | M] () -- C:\Users\JD\Application Data\Microsoft\Internet Explorer\Quick Launch\HxD.lnk
[2012/01/27 06:19:48 | 000,000,856 | ---- | M] () -- C:\Users\Public\Desktop\HxD.lnk
[2012/01/27 03:03:25 | 000,001,284 | ---- | M] () -- C:\Users\JD\Desktop\MobileSyncBrowser.lnk
[2012/01/27 01:58:03 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/01/27 01:10:18 | 000,001,754 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/27 00:05:42 | 000,000,020 | ---- | M] () -- C:\windows\
[2012/01/26 23:25:25 | 000,108,227 | ---- | M] () -- C:\windows\SysWow64\license.rtf
[2012/01/26 23:25:25 | 000,108,227 | ---- | M] () -- C:\windows\SysNative\license.rtf
[2012/01/26 22:35:09 | 000,001,452 | ---- | M] () -- C:\Users\JD\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/26 22:31:27 | 000,000,013 | RHS- | M] () -- C:\windows\SysNative\drivers\fbd.sys
[2012/01/26 22:28:35 | 000,000,000 | ---- | M] () -- C:\windows\ativpsrm.bin
[2012/01/26 22:26:45 | 000,000,172 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1305000.091\isolate.ini
[2012/01/23 19:20:03 | 000,982,197 | ---- | M] () -- C:\Users\JD\Documents\Media_DCIM_100APPLE_IMG_0507.JPG
[2012/01/23 19:19:54 | 000,914,167 | ---- | M] () -- C:\Users\JD\Documents\Media_DCIM_100APPLE_IMG_0506.JPG
[2012/01/23 19:19:47 | 000,933,059 | ---- | M] () -- C:\Users\JD\Documents\Media_DCIM_100APPLE_IMG_0505.JPG
[2012/01/23 19:19:46 | 000,209,912 | ---- | M] () -- C:\Users\JD\Documents\Library_SMS_Parts_d1_07_9079-0.jpg
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/19 03:22:25 | 000,532,778 | ---- | C] () -- C:\Users\JD\Documents\difxapi.dll
[2012/02/18 05:42:57 | 000,982,197 | ---- | C] () -- C:\Users\JD\Documents\Media_DCIM_100APPLE_IMG_0507.JPG
[2012/02/18 05:42:57 | 000,933,059 | ---- | C] () -- C:\Users\JD\Documents\Media_DCIM_100APPLE_IMG_0505.JPG
[2012/02/18 05:42:57 | 000,914,167 | ---- | C] () -- C:\Users\JD\Documents\Media_DCIM_100APPLE_IMG_0506.JPG
[2012/02/18 05:42:57 | 000,209,912 | ---- | C] () -- C:\Users\JD\Documents\Library_SMS_Parts_d1_07_9079-0.jpg
[2012/02/16 03:53:06 | 000,064,448 | ---- | C] () -- C:\Users\JD\Documents\iTunesLibraryExport02-16-12.xml
[2012/02/16 01:27:29 | 000,029,808 | ---- | C] () -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2012/02/15 20:03:50 | 000,001,305 | ---- | C] () -- C:\Users\Public\Desktop\iBackupBot for iTunes.lnk
[2012/02/14 21:31:26 | 000,176,662 | ---- | C] () -- C:\Users\JD\Documents\MURRAY-MODEL-42591X8B-LAWN-TRACTOR-(1999)-PARTS-LIST.pdf
[2012/02/14 11:12:47 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/02/14 11:12:46 | 000,001,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/02/13 18:43:31 | 000,000,000 | -H-- | C] () -- C:\Users\JD\Documents\Default.rdp
[2012/02/12 19:14:49 | 000,000,000 | ---- | C] () -- C:\Users\JD\defogger_reenable
[2012/02/12 19:12:50 | 000,050,477 | ---- | C] () -- C:\Users\JD\Desktop\Defogger.exe
[2012/02/12 18:39:19 | 000,800,637 | ---- | C] () -- C:\Users\JD\Desktop\ListParts64.exe
[2012/02/12 16:27:57 | 000,001,387 | ---- | C] () -- C:\Users\JD\Desktop\aswMBR.exe - Shortcut.lnk
[2012/02/12 15:55:16 | 000,000,972 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/12 14:53:13 | 000,869,194 | ---- | C] () -- C:\Users\JD\Desktop\SecurityCheck.exe
[2012/02/12 06:53:58 | 000,012,860 | ---- | C] () -- C:\Users\JD\Documents\USBank12-12-11to2-13-12.csv
[2012/02/12 03:22:27 | 000,001,819 | ---- | C] () -- C:\Users\JD\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/02/11 23:50:16 | 005,421,479 | ---- | C] () -- C:\Users\JD\Desktop\Windows Sidebar.zip
[2012/02/11 23:07:08 | 000,002,961 | ---- | C] () -- C:\Users\JD\Desktop\HiJackThis.lnk
[2012/02/10 02:17:30 | 000,002,655 | ---- | C] () -- C:\Users\JD\Desktop\Microsoft Word.lnk
[2012/02/10 02:17:21 | 000,002,623 | ---- | C] () -- C:\Users\JD\Desktop\Microsoft Access.lnk
[2012/02/10 02:17:11 | 000,002,657 | ---- | C] () -- C:\Users\JD\Desktop\Microsoft Excel.lnk
[2012/02/09 01:45:06 | 000,003,683 | ---- | C] () -- C:\Users\JD\Documents\lmhosts.sam
[2012/02/09 01:34:42 | 000,001,990 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/02/09 01:34:41 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/02/09 00:33:51 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\fport
[2012/02/06 06:10:01 | 000,722,552 | ---- | C] () -- C:\Users\JD\Documents\Info20120206060709.xml
[2012/02/06 04:39:54 | 000,000,624 | ---- | C] () -- C:\Users\JD\Documents\DWMExport.reg
[2012/02/06 02:17:21 | 000,001,322 | ---- | C] () -- C:\Users\JD\Desktop\Gadgets - Shortcut.lnk
[2012/02/06 02:09:24 | 000,000,878 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Baseline Security Analyzer 2.2.lnk
[2012/02/06 02:09:24 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Baseline Security Analyzer 2.2.lnk
[2012/02/04 20:44:35 | 003,278,235 | ---- | C] () -- C:\Users\JD\Documents\cylinder_sizing_poster_1-20-11.pdf
[2012/02/04 02:10:11 | 000,002,591 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Publisher.lnk
[2012/02/04 00:53:50 | 000,069,632 | ---- | C] () -- C:\Users\JD\Documents\remassdetail2.evtx
[2012/02/04 00:53:13 | 000,069,632 | ---- | C] () -- C:\Users\JD\Documents\CompServRemAsstDetails.evtx
[2012/02/03 19:44:03 | 000,001,416 | ---- | C] () -- C:\Users\JD\Documents\java certs
[2012/02/03 16:24:00 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2012/02/03 16:21:12 | 000,002,655 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Word.lnk
[2012/02/03 16:21:11 | 000,002,673 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Outlook.lnk
[2012/02/03 16:21:11 | 000,002,625 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint.lnk
[2012/02/03 16:21:08 | 000,002,657 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Excel.lnk
[2012/02/03 16:21:08 | 000,002,623 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Access.lnk
[2012/02/03 01:00:56 | 001,470,612 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1305000.091\Cat.DB
[2012/02/03 01:00:56 | 000,004,782 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1305000.091\VT20111023.024
[2012/02/02 23:52:41 | 000,007,496 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1305000.091\symds64.cat
[2012/02/02 23:52:41 | 000,007,462 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1305000.091\srtspx64.cat
[2012/02/02 23:52:41 | 000,007,460 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1305000.091\symefa64.cat
[2012/02/02 23:52:41 | 000,007,458 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1305000.091\symnet64.cat
[2012/02/02 23:52:41 | 000,007,458 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1305000.091\srtsp64.cat
[2012/02/02 23:52:41 | 000,007,450 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1305000.091\iron.cat
[2012/02/02 23:52:41 | 000,003,434 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1305000.091\symefa.inf
[2012/02/02 23:52:41 | 000,002,852 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1305000.091\symds.inf
[2012/02/02 23:52:41 | 000,001,441 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1305000.091\symnet.inf
[2012/02/02 23:52:41 | 000,001,438 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1305000.091\srtsp64.inf
[2012/02/02 23:52:41 | 000,001,420 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1305000.091\srtspx64.inf
[2012/02/02 23:52:41 | 000,000,772 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1305000.091\iron.inf
[2012/02/02 23:52:40 | 000,007,468 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1305000.091\ccsetx64.cat
[2012/02/02 23:52:40 | 000,000,853 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1305000.091\ccsetx64.inf
[2012/02/02 23:52:10 | 000,004,782 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1305000.091\symvtcer.dat
[2012/02/02 23:52:10 | 000,000,172 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1305000.091\isolate.ini
[2012/02/02 23:10:28 | 000,007,488 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/02/02 23:10:28 | 000,000,855 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/02/02 23:10:21 | 000,002,483 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012/02/01 14:27:49 | 000,001,261 | ---- | C] () -- C:\Users\JD\Desktop\Norton Installation Files.lnk
[2012/02/01 04:27:57 | 000,000,653 | ---- | C] () -- C:\Users\JD\Desktop\iPhone2,1_4.3.5_8L1_Restore.ipsw - Shortcut (2).lnk
[2012/02/01 03:52:59 | 000,002,164 | ---- | C] () -- C:\Users\JD\Documents\addons.mozilla.org.crt
[2012/01/31 23:31:05 | 000,001,087 | ---- | C] () -- C:\Users\JD\Desktop\isolate.ini - Shortcut.lnk
[2012/01/31 23:19:11 | 000,621,178 | ---- | C] () -- C:\Users\JD\Desktop\sevntx64.zip
[2012/01/31 23:18:54 | 000,128,693 | ---- | C] () -- C:\Users\JD\Desktop\symimi64.zip
[2012/01/31 01:56:17 | 000,000,407 | ---- | C] () -- C:\Users\JD\Documents\blobdataSMS
[2012/01/31 01:47:58 | 000,372,736 | ---- | C] () -- C:\Users\JD\Documents\sms.db
[2012/01/30 21:40:05 | 000,001,001 | ---- | C] () -- C:\Users\Public\Desktop\Phone Disk.lnk
[2012/01/30 21:33:35 | 000,001,816 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/01/30 19:56:53 | 000,000,994 | ---- | C] () -- C:\Users\Public\Desktop\iExplorer.lnk
[2012/01/30 19:55:31 | 000,772,682 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/01/30 19:44:05 | 000,000,600 | ---- | C] () -- C:\Users\JD\AppData\Local\PUTTY.RND
[2012/01/30 18:51:12 | 000,000,938 | ---- | C] () -- C:\Users\JD\Desktop\PuTTY.lnk
[2012/01/29 22:06:25 | 000,016,949 | ---- | C] () -- C:\Users\JD\Documents\USBankdownload.csv
[2012/01/27 06:29:23 | 000,859,028 | ---- | C] () -- C:\Users\JD\Documents\idx.c
[2012/01/27 06:19:48 | 000,000,880 | ---- | C] () -- C:\Users\JD\Application Data\Microsoft\Internet Explorer\Quick Launch\HxD.lnk
[2012/01/27 06:19:48 | 000,000,856 | ---- | C] () -- C:\Users\Public\Desktop\HxD.lnk
[2012/01/27 03:03:25 | 000,001,284 | ---- | C] () -- C:\Users\JD\Desktop\MobileSyncBrowser.lnk
[2012/01/27 01:58:03 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/01/27 01:10:18 | 000,001,754 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/27 01:07:27 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/01/27 00:06:37 | 000,007,620 | ---- | C] () -- C:\Users\JD\AppData\Local\Resmon.ResmonCfg
[2012/01/27 00:05:41 | 000,000,020 | ---- | C] () -- C:\windows\
[2012/01/26 22:35:11 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2012/01/26 22:35:09 | 000,001,452 | ---- | C] () -- C:\Users\JD\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/26 22:32:24 | 000,001,458 | ---- | C] () -- C:\Users\JD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/01/26 22:31:27 | 000,000,013 | RHS- | C] () -- C:\windows\SysNative\drivers\fbd.sys
[2012/01/26 22:29:20 | 000,000,290 | ---- | C] () -- C:\Users\JD\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/01/26 22:29:20 | 000,000,272 | ---- | C] () -- C:\Users\JD\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/01/26 22:28:35 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2012/01/26 22:25:34 | 000,677,376 | ---- | C] () -- C:\windows\SysWow64\atiumdva.cap
[2012/01/26 22:25:34 | 000,677,376 | ---- | C] () -- C:\windows\SysNative\atiumd6a.cap
[2012/01/26 22:25:34 | 000,226,857 | ---- | C] () -- C:\windows\SysNative\atiicdxx.dat
[2012/01/26 22:25:34 | 000,138,392 | ---- | C] () -- C:\windows\SysNative\atiapfxx.blb
[2012/01/26 22:25:34 | 000,022,280 | ---- | C] () -- C:\windows\atiogl.xml
[2012/01/26 22:25:34 | 000,002,975 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2012/01/26 22:25:34 | 000,002,975 | ---- | C] () -- C:\windows\SysNative\atipblag.dat
[2012/01/26 22:15:08 | 2094,161,920 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/05 06:37:06 | 000,033,792 | ---- | C] () -- C:\windows\SysWow64\dokan.dll

< End of report >


OTL Extras logfile created on: 2/19/2012 5:07:31 PM - Run 1
OTL by OldTimer - Version 3.2.33.0 Folder = C:\Users\JD\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.60 Gb Total Physical Memory | 1.62 Gb Available Physical Memory | 62.13% Memory free
5.20 Gb Paging File | 3.81 Gb Available in Paging File | 73.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.29 Gb Total Space | 230.79 Gb Free Space | 80.90% Space Free | Partition Type: NTFS

Computer Name: LAPTOP | User Name: JD | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2522353724-1108262737-1939404361-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DisabledInterfaces" = {8945A854-7D4C-4CC6-8C13-3F11AF0F945C},{1A6EBE70-C785-45CD-95A6-2DA013947CA4}
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DisabledInterfaces" = {8945A854-7D4C-4CC6-8C13-3F11AF0F945C},{1A6EBE70-C785-45CD-95A6-2DA013947CA4}
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DisabledInterfaces" = {8945A854-7D4C-4CC6-8C13-3F11AF0F945C},{1A6EBE70-C785-45CD-95A6-2DA013947CA4}

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{08C3441C-4FAF-48D3-A551-70DD6031734F}" = Microsoft Baseline Security Analyzer 2.2
"{1D27E8CF-7546-F200-4CA3-CD2F39909F5A}" = ATI Catalyst Install Manager
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{3EF6F8CE-BE77-0786-CA40-3CB5BF5EBCC8}" = ccc-utility64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{522D5958-FFF0-2849-776B-442BE2A0004C}" = WMV9/VC-1 Video Playback
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{883B114D-BD3E-498F-9DAD-5E4A8E1C43BA}" = HP Deskjet 1000 J110 series Basic Device Software
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Elantech" = ETDWare PS/2-X64 8.0.8.0_R01
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04259F13-626E-814E-A80C-4601DFF3CE95}" = CCC Help Finnish
"{04D90620-2973-6F93-6E6C-C833F39C50C1}" = CCC Help Thai
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{073B89C3-BA88-41B5-965F-B35A88EAE838}" = TOSHIBA Supervisor Password
"{0FC61261-B251-C870-C650-8A854F1B4CF0}" = CCC Help Chinese Standard
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24C563C0-5569-A3BF-DF26-AAB3F25B5375}" = CCC Help Danish
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{2823D463-54F8-F7B4-818F-B7436FF70658}" = CCC Help Portuguese
"{32F32D10-5190-7565-DD14-C235FAF81408}" = CCC Help Dutch
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34F971C8-B75F-6B8D-4AFC-5DAB84241AE6}" = CCC Help French
"{3798E892-DB93-6BE5-D4AD-8D1C4569F5EF}" = CCC Help Norwegian
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52A2A26B-59BE-DE58-67EA-AE33077248A0}" = CCC Help Greek
"{589EB570-9B45-8EF9-7A0F-2A5B3A37BC49}" = CCC Help Swedish
"{59F65EE9-3DD6-6944-8222-342A9947D40B}" = Catalyst Control Center InstallProxy
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{60A1C223-4D86-AD1E-FB21-DE75010DABE3}" = CCC Help Hungarian
"{618AF7BF-10CD-0118-EE52-ED9BC440487B}" = CCC Help Russian
"{6C313A41-2704-23C5-DA68-05BB34126233}" = CCC Help Italian
"{6C49A7D6-FD97-A573-29C7-87ED1756AC6D}" = CCC Help Chinese Traditional
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{70B4D913-147C-7084-961A-6728E8F2AC2E}" = CCC Help Korean
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1" = iExplorer 2.2.1.3
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}" = TOSHIBA Hardware Setup
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{91190409-6000-11D3-8CFE-0050048383C9}" = Microsoft Publisher 2002
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{ACB77FD0-7796-82B5-51B1-3ABAD84932E7}" = Catalyst Control Center Graphics Previews Common
"{AE26F217-2100-A52C-2A00-3829358E4930}" = ccc-core-static
"{B35FB627-BB1F-E79D-9512-E7CF549B00AD}" = CCC Help Polish
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C4F1B841-0C75-368C-0A54-1BAF7C8B6A91}" = CCC Help English
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
"{C9F06F5D-D521-43D5-AEB7-79176DC6CCDE}_is1" = Phone Disk 1.2.1.1
"{CE15C07B-32E3-0586-305C-975F0FEE559A}" = CCC Help Turkish
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher
"{DC280F21-4FD6-9D47-6323-7CD5C8712DFB}" = CCC Help Spanish
"{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}" = HP Deskjet 1000 J110 series Help
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}" = Toshiba App Place
"{ED8AB7F6-E885-A8E9-1E97-2218D89FAE8F}" = CCC Help German
"{EEE6C8F8-4FDD-A08F-2292-31B34E327C0C}" = CCC Help Japanese
"{F4C03C2A-E14E-EB7C-AAD7-F4FB6396BEA1}" = Catalyst Control Center Localization All
"{F9E83908-4502-9B01-6B42-21E449DD2627}" = CCC Help Czech
"{FB90923E-F94F-4343-A084-F0AB39305C8B}" = Catalyst Control Center - Branding
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"7-Zip 9.20" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"DokanLibrary" = Dokan Library 0.5.3
"HxD Hex Editor_is1" = HxD Hex Editor version 1.7.7.0
"iBackupBot for iTunes" = iBackupBot for iTunes 3.5.2
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"MobileSyncBrowse_0" = MobileSyncBrowser 5.0.1
"Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US)
"NIS" = Norton Internet Security
"PuTTY_is1" = PuTTY version 0.62

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/12/2012 1:26:46 AM | Computer Name = Laptop | Source = WinMgmt | ID = 10
Description =

Error - 2/12/2012 1:42:32 AM | Computer Name = Laptop | Source = WinMgmt | ID = 10
Description =

Error - 2/12/2012 3:13:46 AM | Computer Name = Laptop | Source = Wininit | ID = 1015
Description = A critical system process, C:\windows\system32\lsass.exe, failed with
status code 1. The machine must now be restarted.

Error - 2/12/2012 3:17:25 AM | Computer Name = Laptop | Source = WinMgmt | ID = 10
Description =

Error - 2/12/2012 5:03:09 AM | Computer Name = Laptop | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\JD\Downloads\SoftonicDownloader_for_hijackthis.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component
2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 2/12/2012 5:09:15 AM | Computer Name = Laptop | Source = WinMgmt | ID = 10
Description =

Error - 2/12/2012 5:12:53 AM | Computer Name = Laptop | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\JD\Downloads\SoftonicDownloader_for_hijackthis.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component
2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 2/12/2012 7:09:31 AM | Computer Name = Laptop | Source = WinMgmt | ID = 10
Description =

Error - 2/12/2012 8:08:36 AM | Computer Name = Laptop | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 2/12/2012 8:40:56 AM | Computer Name = Laptop | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 2/16/2012 3:13:59 AM | Computer Name = Laptop | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1058

Error - 2/16/2012 3:13:59 AM | Computer Name = Laptop | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1058

Error - 2/16/2012 3:13:59 AM | Computer Name = Laptop | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1058

Error - 2/16/2012 3:13:59 AM | Computer Name = Laptop | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1058

Error - 2/16/2012 3:13:59 AM | Computer Name = Laptop | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1058

Error - 2/16/2012 3:13:59 AM | Computer Name = Laptop | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1058

Error - 2/16/2012 3:14:00 AM | Computer Name = Laptop | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1058

Error - 2/16/2012 3:14:14 AM | Computer Name = Laptop | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1058

Error - 2/16/2012 3:14:14 AM | Computer Name = Laptop | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1058

Error - 2/16/2012 3:14:14 AM | Computer Name = Laptop | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1058


< End of report >

#8 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:09:37 AM

Posted 20 February 2012 - 01:34 AM

Should I zip these up and add as attachments, or copy/paste like I've been doing?

Do not attach logs unless instructed so that I can read the log contents more easily.


Download Combofix (by Subs) from any of the links below, make sure that you save it to your desktop.

Link 1
Link 2

  • It's important to temporary disable your anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. See HERE
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

*It's strongly recommended to have this pre-installed on your machine before doing any malware removal.
*The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
*This allows us to more easily help you should your computer have a problem after an attempted removal of malware.

  • If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. If you did not have it installed, you will see the prompt below. Choose YES.

Posted Image


  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Important notes:

  • Leave your computer alone while ComboFix is running.
  • ComboFix will restart your computer if malware is found; allow it to do so.
  • ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
  • Please do not mouseclick combofix's window while its running because it may call it to stall.
  • ComboFix SHOULD NOT be used unless requested by a forum helper. See HERE.


~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#9 JudgeGoodwin

JudgeGoodwin
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 20 February 2012 - 10:07 PM

ComboFix 12-02-19.02 - JD 02/20/2012 20:24:56.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2663.1576 [GMT -6:00]
Running from: C:\Users\JD\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files (x86)\iexplorer
C:\Program Files (x86)\iexplorer\AxInterop.QTOControlLib.dll
C:\Program Files (x86)\iexplorer\ICSharpCode.SharpZipLib.dll
C:\Program Files (x86)\iexplorer\iExplorer.exe
C:\Program Files (x86)\iexplorer\Interop.QTOControlLib.dll
C:\Program Files (x86)\iexplorer\Interop.QTOLibrary.dll
C:\Program Files (x86)\iexplorer\isxdl.dll
C:\Program Files (x86)\iexplorer\MPCrashReporter.dll
C:\Program Files (x86)\iexplorer\MPUpdater.dll
C:\Program Files (x86)\iexplorer\msvcr71.dll
C:\Program Files (x86)\iexplorer\PodPhone2.dll
C:\Program Files (x86)\iexplorer\unins000.dat
C:\Program Files (x86)\iexplorer\unins000.exe
C:\Program Files (x86)\iexplorer\unins000.msg


((((((((((((((((((((((((( Files Created from 2012-01-21 to 2012-02-21 )))))))))))))))))))))))))))))))


2012-02-21 02:39:31 . 2012-02-21 02:39:31 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-02-20 07:38:19 . 2012-02-20 07:38:19 -------- d--h--r- C:\Users\Public\Libraries
2012-02-18 14:07:20 . 2012-02-18 14:07:20 -------- d-sh--w- C:\windows\SysWow64\JD
2012-02-18 10:25:47 . 2012-02-18 10:25:47 -------- d-sh--w- C:\windows\system32\JD
2012-02-16 07:27:29 . 2012-02-16 07:27:29 29808 ----a-w- C:\windows\system32\drivers\mbamchameleon.sys
2012-02-16 04:32:04 . 2011-12-28 03:59:24 498688 ----a-w- C:\windows\system32\drivers\afd.sys
2012-02-16 04:32:02 . 2012-01-14 04:06:27 3145728 ----a-w- C:\windows\system32\win32k.sys
2012-02-16 04:32:01 . 2011-12-16 08:46:06 634880 ----a-w- C:\windows\system32\msvcrt.dll
2012-02-16 04:32:01 . 2011-12-16 07:52:58 690688 ----a-w- C:\windows\SysWow64\msvcrt.dll
2012-02-16 02:03:48 . 2012-02-16 02:03:48 -------- d-----w- C:\Program Files (x86)\VOWSoft iPod Software
2012-02-12 21:55:13 . 2012-02-12 21:55:20 -------- d-----w- C:\Program Files (x86)\MalwareBAM
2012-02-12 21:55:13 . 2011-12-10 21:24:08 23152 ----a-w- C:\windows\system32\drivers\mbam.sys
2012-02-12 09:22:22 . 2012-02-12 09:23:32 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-02-12 09:22:22 . 2012-02-12 09:22:22 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-02-12 05:07:07 . 2012-02-12 05:07:07 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-02-10 02:27:10 . 2012-02-10 02:41:47 -------- d-----w- C:\ProgramData\HP
2012-02-10 02:26:40 . 2012-02-10 02:26:41 -------- d-----w- C:\Program Files (x86)\HP
2012-02-10 02:25:33 . 2012-02-10 02:25:33 -------- d-----w- C:\Program Files\HP
2012-02-09 07:35:23 . 2012-02-09 07:35:23 -------- d-----w- C:\Program Files (x86)\Common Files\Adobe AIR
2012-02-09 07:34:18 . 2012-02-09 07:34:27 -------- d-----w- C:\Program Files (x86)\Common Files\Adobe
2012-02-07 05:47:54 . 2012-02-07 22:38:57 -------- d-----w- C:\Program Files (x86)\stinger
2012-02-06 08:09:20 . 2012-02-06 08:09:21 -------- d-----w- C:\Program Files\MBSA 2
2012-02-05 07:13:11 . 2011-11-24 02:23:20 43640 ----a-r- C:\windows\system32\drivers\SymIMV.sys
2012-02-04 08:08:31 . 2012-02-04 08:08:31 -------- d-----w- C:\Program Files (x86)\Common Files\L&H
2012-02-03 22:21:06 . 2012-02-03 22:21:07 -------- d-----w- C:\Program Files (x86)\Microsoft ActiveSync
2012-02-03 06:57:42 . 2012-02-03 06:57:42 -------- d-----w- C:\ProgramData\Malwarebytes
2012-02-03 05:10:28 . 2012-02-03 05:53:13 -------- d-----w- C:\Program Files\Symantec
2012-02-03 05:10:28 . 2012-02-03 05:52:56 175736 ----a-w- C:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-02-03 05:10:28 . 2012-02-03 05:10:28 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2012-02-03 05:09:38 . 2012-02-03 07:02:24 -------- d-----w- C:\windows\system32\drivers\NISx64
2012-02-03 05:09:35 . 2012-02-03 05:09:38 -------- d-----w- C:\Program Files (x86)\Norton Internet Security
2012-02-03 05:09:03 . 2012-02-03 05:09:03 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2012-02-01 18:43:49 . 2012-02-01 18:43:49 -------- d-----w- C:\193fddf87a7d97eb4248
2012-02-01 07:22:34 . 2012-02-01 07:22:35 -------- d-----w- C:\Program Files (x86)\7-Zip
2012-02-01 07:22:31 . 2012-02-01 07:22:31 -------- d-----w- C:\Program Files (x86)\Free Offers from Freeze.com
2012-02-01 06:50:43 . 2012-02-01 06:50:43 -------- d-----w- C:\ProgramData\Conexant
2012-01-31 03:40:46 . 2012-01-31 03:40:46 -------- d-----w- C:\Program Files (x86)\Dokan
2012-01-31 03:40:03 . 2012-01-31 03:40:05 -------- d-----w- C:\Program Files (x86)\Phone Disk
2012-01-31 03:33:56 . 2012-01-31 03:33:56 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-01-31 03:33:56 . 2012-01-31 03:33:56 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-01-31 03:33:56 . 2012-01-31 03:33:55 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-01-31 03:33:56 . 2012-01-31 03:33:55 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-01-31 03:33:56 . 2012-01-31 03:33:55 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-01-31 03:33:56 . 2012-01-31 03:33:55 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-01-31 03:33:56 . 2012-01-31 03:33:54 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-01-31 03:33:06 . 2012-01-31 03:33:54 -------- d-----w- C:\Program Files (x86)\QuickTime
2012-01-31 02:52:47 . 2012-02-03 17:09:30 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-31 02:52:21 . 2012-01-31 02:52:21 -------- d-----w- C:\windows\system32\Macromed
2012-01-31 00:51:11 . 2012-01-31 00:51:12 -------- d-----w- C:\Program Files (x86)\PuTTY
2012-01-30 06:34:45 . 2012-01-30 06:34:46 -------- d-----w- C:\8a5a96a04c289b63700637
2012-01-29 06:23:55 . 2012-01-29 06:23:55 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2012-01-28 20:38:07 . 2012-02-14 20:05:51 158056 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin
2012-01-28 20:06:36 . 2012-01-28 20:06:36 -------- d-----w- C:\Program Files (x86)\Microsoft.NET
2012-01-27 19:08:36 . 2012-01-27 19:08:36 -------- d-----w- C:\windows\SysWow64\Wat
2012-01-27 19:08:36 . 2012-01-27 19:08:36 -------- d-----w- C:\windows\system32\Wat
2012-01-27 12:19:46 . 2012-01-27 12:19:47 -------- d-----w- C:\Program Files (x86)\HxD
2012-01-27 10:47:47 . 2011-02-19 09:00:32 367616 ----a-w- C:\windows\system32\atmfd.dll
2012-01-27 10:46:56 . 2011-08-13 05:27:19 6144 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2012-01-27 10:45:42 . 2011-11-17 06:41:18 1731920 ----a-w- C:\windows\system32\ntdll.dll
2012-01-27 10:45:42 . 2011-11-17 05:38:39 1292080 ----a-w- C:\windows\SysWow64\ntdll.dll
2012-01-27 10:45:40 . 2011-06-23 04:33:57 3912576 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-01-27 10:45:39 . 2011-06-23 05:43:12 5561216 ----a-w- C:\windows\system32\ntoskrnl.exe
2012-01-27 10:45:38 . 2011-06-23 04:33:57 3967872 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-01-27 10:41:55 . 2011-11-19 14:58:00 77312 ----a-w- C:\windows\system32\packager.dll
2012-01-27 10:41:55 . 2011-11-19 14:01:00 67072 ----a-w- C:\windows\SysWow64\packager.dll
2012-01-27 09:03:20 . 2012-01-27 09:03:25 -------- d-----w- C:\Program Files (x86)\MobileSyncBrowser
2012-01-27 07:10:14 . 2012-01-27 07:10:14 -------- dc----w- C:\windows\system32\DRVSTORE
2012-01-27 07:10:14 . 2009-05-18 19:17:08 34152 ----a-w- C:\windows\system32\drivers\GEARAspiWDM.sys
2012-01-27 07:10:14 . 2008-04-17 18:12:54 126312 ----a-w- C:\windows\system32\GEARAspi64.dll
2012-01-27 07:10:14 . 2008-04-17 18:12:54 107368 ----a-w- C:\windows\SysWow64\GEARAspi.dll
2012-01-27 07:09:27 . 2012-01-27 07:09:27 -------- d-----w- C:\Program Files\iPod
2012-01-27 07:09:26 . 2012-02-01 08:35:05 -------- d-----w- C:\ProgramData\Apple Computer
2012-01-27 07:09:26 . 2012-01-27 07:10:12 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-01-27 07:09:26 . 2012-01-27 07:10:12 -------- d-----w- C:\Program Files\iTunes
2012-01-27 07:09:26 . 2012-01-27 07:10:11 -------- d-----w- C:\Program Files (x86)\iTunes
2012-01-27 07:07:27 . 2012-01-27 07:07:27 -------- d-----w- C:\Program Files (x86)\Apple Software Update
2012-01-27 07:06:55 . 2012-01-27 07:06:55 -------- d-----w- C:\Program Files\Common Files\Apple
2012-01-27 07:06:27 . 2012-01-27 07:06:29 -------- d-----w- C:\Program Files\Bonjour
2012-01-27 07:06:27 . 2012-01-27 07:06:29 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-01-27 07:05:54 . 2012-01-27 07:09:26 -------- d-----w- C:\Program Files (x86)\Common Files\Apple
2012-01-27 07:05:54 . 2012-01-27 07:07:20 -------- d-----w- C:\ProgramData\Apple
2012-01-27 05:08:06 . 2009-07-31 04:22:04 27784 ----a-w- C:\windows\system32\drivers\tdcmdpst.sys
2012-01-27 05:06:23 . 2012-01-27 05:06:23 -------- d-----w- C:\Program Files (x86)\Toshiba Online Backup
2012-01-27 05:05:23 . 2010-10-20 22:41:50 138656 ----a-w- C:\windows\system32\TODDSrv.exe
2012-01-27 05:05:07 . 2012-01-31 03:10:38 -------- d-----w- C:\Program Files (x86)\TOSHIBA Corporation
2012-01-27 05:03:41 . 2012-02-01 20:09:11 -------- d-----w- C:\Program Files\Google
2012-01-27 05:03:37 . 2012-02-05 00:19:09 -------- d-----w- C:\Program Files (x86)\Google
2012-01-27 04:59:20 . 2012-01-27 06:00:54 -------- d-----w- C:\Program Files (x86)\TOSHIBA Games
2012-01-27 04:59:20 . 2012-01-27 05:59:11 -------- d-----w- C:\ProgramData\WildTangent
2012-01-27 04:55:35 . 2012-01-27 04:55:35 -------- d--h--w- C:\windows\msdownld.tmp
2012-01-27 04:54:13 . 2012-02-14 15:43:21 -------- d-----w- C:\ProgramData\Norton
2012-01-27 04:47:46 . 1999-10-13 02:47:00 24576 ----a-w- C:\windows\SysWow64\TSCI.dll
2012-01-27 04:47:46 . 1999-10-13 02:45:00 24576 ----a-w- C:\windows\SysWow64\THCI.dll
2012-01-27 04:44:22 . 2011-02-09 03:07:00 38096 ----a-w- C:\windows\system32\drivers\PGEffect.sys
2012-01-27 04:41:02 . 2006-03-23 22:44:30 9728 ----a-w- C:\windows\SysWow64\TCMSVR.dll
2012-01-27 04:41:02 . 2005-04-16 04:58:18 1351392 ----a-w- C:\windows\SysWow64\COMCTL32.OCX
2012-01-27 04:41:02 . 2004-03-10 00:00:00 152848 ----a-w- C:\windows\SysWow64\Comdlg32.ocx
2012-01-27 04:41:02 . 2004-03-10 00:00:00 1081616 ----a-w- C:\windows\SysWow64\mscomctl.ocx
2012-01-27 04:41:01 . 2009-07-07 17:51:42 9216 ----a-w- C:\windows\system32\drivers\FwLnk.sys
2012-01-27 04:41:00 . 2003-11-11 02:14:46 729088 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2012-01-27 04:41:00 . 2003-11-11 02:13:28 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2012-01-27 04:41:00 . 2003-11-11 02:12:42 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2012-01-27 04:41:00 . 2003-11-11 02:12:12 192512 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2012-01-27 04:41:00 . 2003-11-11 02:11:58 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2012-01-27 04:39:59 . 2007-01-24 23:27:46 393576 ----a-w- C:\windows\system32\xactengine2_6.dll
2012-01-27 04:35:13 . 2011-01-05 09:08:58 1109096 ----a-w- C:\windows\system32\drivers\rtl8192ce.sys
2012-01-27 04:35:13 . 2010-12-23 00:24:00 626792 ----a-w- C:\windows\system32\drivers\rtl819xp.sys
2012-01-27 04:35:13 . 2010-12-18 00:04:28 1221224 ----a-w- C:\windows\system32\drivers\rtl8192se.sys
2012-01-27 04:35:13 . 2010-04-01 22:01:10 442368 ----a-w- C:\windows\system32\drivers\rtl8187Se.sys
2012-01-27 04:35:13 . 2010-03-31 19:10:18 450048 ----a-w- C:\windows\system32\drivers\rtl8187B.sys
2012-01-27 04:35:11 . 2012-01-27 04:35:59 -------- d-----w- C:\Program Files (x86)\Realtek WLAN Driver
2012-01-27 04:35:11 . 2010-12-01 17:31:18 451072 ----a-w- C:\windows\SysWow64\ISSRemoveSP.exe
2012-01-27 04:34:17 . 2012-01-27 04:34:17 -------- d-----w- C:\Program Files\Elantech
2012-01-27 04:33:18 . 2012-01-27 04:33:18 -------- d-----w- C:\windows\SysWow64\sda
2012-01-27 04:33:06 . 2010-10-08 19:49:08 243712 ----a-w- C:\windows\system32\drivers\RtsUStor.sys
2012-01-27 04:33:05 . 2012-01-27 04:33:05 -------- d-----w- C:\Program Files (x86)\Realtek
2012-01-27 04:33:05 . 2010-10-08 19:49:08 9112168 ----a-w- C:\windows\SysWow64\RtsUStoricon.dll
2012-01-27 04:33:05 . 2010-10-08 19:49:08 422504 ----a-w- C:\windows\system32\RtsUStor.dll
2012-01-27 04:31:27 . 2012-01-27 04:31:27 13 --sh--r- C:\windows\system32\drivers\fbd.sys
2012-01-27 04:30:21 . 2012-01-27 04:30:29 -------- d-----w- C:\Program Files\CONEXANT
2012-01-27 04:29:18 . 2012-02-18 22:18:39 -------- d-----w- C:\Users\JD
2012-01-27 04:28:57 . 2012-01-27 04:28:57 -------- d-----w- C:\ProgramData\ATI
2012-01-27 04:28:35 . 2012-01-27 04:28:35 0 ----a-w- C:\windows\ativpsrm.bin
2012-01-27 04:27:25 . 2012-01-27 04:27:25 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2012-01-27 04:27:25 . 2012-01-27 04:27:25 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-01-20 18:14:42 5487488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 23:22:12 421736]
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 05:25:58 59240]
"Malwarebytes' Anti-Malware"="C:\Program Files (x86)\MalwareBAM\mbamgui.exe" [2012-01-13 20:53:18 460872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 19:16:28 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 20:27:14 138576]
R2 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe [x]
R3 mbamchameleon;mbamchameleon;C:\windows\system32\drivers\mbamchameleon.sys [x]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys [x]
R4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 13:10:42 63928]
R4 DokanMounter;DokanMounter;C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [2010-07-05 12:37:08 11776]
R4 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-07-01 18:59:02 51576]
R4 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 00:44:48 137560]
S0 amd_sata;amd_sata;C:\windows\system32\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;C:\windows\system32\DRIVERS\amd_xata.sys [x]
S0 SymDS;Symantec Data Store;C:\windows\system32\drivers\NISx64\1305000.091\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;C:\windows\system32\drivers\NISx64\1305000.091\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120215.001\BHDrvx64.sys [2012-01-21 08:27:16 1157240]
S1 ccSet_NIS;Norton Internet Security Settings Manager;C:\windows\system32\drivers\NISx64\1305000.091\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120217.003\IDSvia64.sys [2012-02-02 22:11:24 488568]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 16:26:56 14928]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 21:55:18 12368]
S1 SymIRON;Symantec Iron Driver;C:\windows\system32\drivers\NISx64\1305000.091\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\Drivers\NISx64\1305000.091\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 23:38:04 140672]
S2 Dokan;Dokan;C:\windows\system32\drivers\dokan.sys [x]
S2 MBAMService;MBAMService;C:\Program Files (x86)\MalwareBAM\mbamservice.exe [2012-01-13 20:53:18 652360]
S2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe [2011-11-30 02:17:50 138248]
S3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-04 08:16:47 138360]
S3 ETD;ELAN PS/2 Port Input Device;C:\windows\system32\DRIVERS\ETD.sys [x]
S3 FwLnk;FwLnk Driver;C:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 MBAMProtector;MBAMProtector;C:\windows\system32\drivers\mbam.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys [x]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - WS2IFSL


--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TosVolRegulator"="C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 22:31:34 24376]
"TosSENotify"="C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 00:45:06 709976]
"SmartAudio"="C:\Program Files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 21:07:22 316032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0

------- Supplementary Scan -------

uLocal Page = C:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mLocal Page = C:\windows\SYSTEM32\blank.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - C:\Users\JD\AppData\Roaming\Mozilla\Firefox\Profiles\xdbj7fhc.default\
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-TPwrMain - C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-TosReelTimeMonitor - C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-TosNC - C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-SmoothView - C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-SmartFaceVWatcher - C:\Program Files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-ETDCtrl - C:\Program Files (x86)\Elantech\ETDCtrl.exe
HKLM-Run-00TCrdMain - C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
AddRemove-{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1 - C:\Program Files (x86)\iExplorer\unins000.exe



[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe\" /s \"NIS\" /m \"C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\diMaster.dll\" /prefetch:1"

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)

------------------------ Other Running Processes ------------------------

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

**************************************************************************

Completion time: 2012-02-20 20:51:03 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-21 02:51:02

Pre-Run: 239,089,135,616 bytes free
Post-Run: 240,601,554,944 bytes free

- - End Of File - - 7BFA2CA2C81F133ADE03D62E627F55B3

#10 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:09:37 AM

Posted 20 February 2012 - 11:03 PM

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan.

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, but make sure you copy the logfile first.
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#11 JudgeGoodwin

JudgeGoodwin
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 24 February 2012 - 11:33 PM

Semp- I have had trouble with my internet connection every since I ran ComboFix. I am working on the ESET scan, but being an online scanner, I'm having a hard time completing it. I'm trying...

#12 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:09:37 AM

Posted 25 February 2012 - 03:19 AM

OK please hold with ESET for now. We need to run another scan/tool so we can understand the situation much better.


For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#13 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:09:37 AM

Posted 29 February 2012 - 01:53 AM

Are you still with me?

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#14 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:09:37 AM

Posted 01 March 2012 - 09:44 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users