Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Rootkit trojan


  • This topic is locked This topic is locked
17 replies to this topic

#1 kpryde

kpryde

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 25 March 2012 - 03:28 PM

Hello there, i was directed to come here after initially posting in the "i'm infected, and i don't know what to do" forum. after running some tests and providing some logs Someone wonderful was able to tell me that I have a "zero Access rootkit infection"

my original post can be found here: http://www.bleepingcomputer.com/forums/topic447363.html/page__gopid__2642204#entry2642204

I have a sony viao with a windows 7 64bit OS

I have followed the steps and have a DDS log all set and ready to go.

Thank you to everyone on this site in advance for all your help so far. It is certainly a relief to know that there are people out there willing to help the stressed and clueless.


dds log:


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_27
Run by Jess at 16:15:06 on 2012-03-25
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5998.3700 [GMT -4:00]
.
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-

8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-

B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support

\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Sony\VAIO Care\VCSpt.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe
C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Users\Jess\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF

\SpfService64.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher

\VCFw.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\Apvfb.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology

\IAStorDataMgrSvc.exe
C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Users\Jess\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Sony\VAIO Care\VCPerfService.exe
C:\Program Files\Sony\VAIO Personalization Manager\VpmIfPav.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Users\Jess\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://sony.msn.com
uDefault_Page_URL = hxxp://sony.msn.com
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program

Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files

(x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:

\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\IPS\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:

\Program Files (x86)\Common Files\Microsoft Shared\Windows Live

\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-

1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} -

C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} -

C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:

\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:

\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files

(x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files

(x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files

(x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe"

/background
uRun: [Google Update] "C:\Users\Jess\AppData\Local\Google\Update\GoogleUpdate.exe"

/c
uRun: [Octoshape Streaming Services] "C:\Users\Jess\AppData\Roaming\Octoshape

\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
uRun: [Elbserver] C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe /Stay
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology

\IAStorIcon.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat

9.0\Acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat

\Acrotray.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader

9.0\Reader\Reader_sl.exe"
mRun: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility

\SmartWiHelper.exe" /WindowsStartup
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun: [SHTtray.exe] C:\Program Files (x86)\Common Files\Sony Shared\SOHLib

\SHTtray.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update

\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application

Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-

Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Jess\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs

\Startup\Dropbox.lnk - C:\Users\Jess\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK

- C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files

\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat

\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe

\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat

\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-

65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-

E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer

\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-

F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-

5D6374584B52} - C:\Program Files (x86)\Microsoft Office

\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-

AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer

\skypeieplugin.dll
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-

280E1D58EEEE} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{172F2F57-9B13-4095-8ADB-7D63B1ADE604} : DhcpNameServer =

10.100.22.1
TCP: Interfaces\{198F0C01-C53B-4763-8787-736C4B97C334} : NameServer =

8.8.8.8,8.8.4.4
TCP: Interfaces\{198F0C01-C53B-4763-8787-736C4B97C334} : DhcpNameServer =

192.168.1.1
TCP: Interfaces\{198F0C01-C53B-4763-8787-736C4B97C334}\16474777966696 : NameServer

= 8.8.8.8,8.8.4.4
TCP: Interfaces\{198F0C01-C53B-4763-8787-736C4B97C334}\16474777966696 :

DhcpNameServer = 192.168.5.1
TCP: Interfaces\{198F0C01-C53B-4763-8787-736C4B97C334}\244584572633D235743543 :

NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{198F0C01-C53B-4763-8787-736C4B97C334}\244584572633D235743543 :

DhcpNameServer = 192.168.1.254
TCP: Interfaces\{198F0C01-C53B-4763-8787-

736C4B97C334}\35455465540274F4F444245525E4723702E4564777F627B6 : NameServer =

8.8.8.8,8.8.4.4
TCP: Interfaces\{198F0C01-C53B-4763-8787-

736C4B97C334}\35455465540274F4F444245525E4723702E4564777F627B6 : DhcpNameServer =

192.168.0.1
TCP: Interfaces\{198F0C01-C53B-4763-8787-

736C4B97C334}\7496C6D6F65727370284F6D6560275962756C656373702C416E6 : NameServer =

8.8.8.8,8.8.4.4
TCP: Interfaces\{198F0C01-C53B-4763-8787-

736C4B97C334}\7496C6D6F65727370284F6D6560275962756C656373702C416E6 :

DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{198F0C01-C53B-4763-8787-736C4B97C334}\940786F6E656 : NameServer =

8.8.8.8,8.8.4.4
TCP: Interfaces\{198F0C01-C53B-4763-8787-736C4B97C334}\940786F6E656 :

DhcpNameServer = 88.82.13.60 88.82.13.60
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files

(x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program

Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:

\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files

(x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3

consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:

\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program

Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -

C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} -

C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live

\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-

1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-

0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX

\AcroIEFavClient.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-

F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer

\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} -

C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -

C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program

Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files

(x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files

(x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage

Technology\IAStorIcon.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM

\1.0\AdobeARM.exe"
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat

9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [(Default)]
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat

9.0\Acrobat\Acrotray.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader

9.0\Reader\Reader_sl.exe"
mRun-x64: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility

\SmartWiHelper.exe" /WindowsStartup
mRun-x64: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun-x64: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun-x64: [SHTtray.exe] C:\Program Files (x86)\Common Files\Sony Shared\SOHLib

\SHTtray.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java

Update\jusched.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application

Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -

atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes'

Anti-Malware\mbamgui.exe" /starttray
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jess\AppData\Roaming\Mozilla\Firefox\Profiles

\hjg0p76j.default\
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Jess\AppData\Local\Google\Update

\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Users\Jess\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Jess\AppData\Roaming\Electronic Arts\Game Face

\npGameFacePlugin.dll
FF - plugin: C:\Users\Jess\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows

\system32\Drivers\PxHlpa64.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1207000.00D

\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1207000.00D\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers

\NISx64\1207000.00D\SYMEFA64.SYS --> C:\Windows\system32\drivers

\NISx64\1207000.00D\SYMEFA64.SYS [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-

85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110603.003\IDSviA64.sys [2011-6

-4 476792]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers

\NISx64\1207000.00D\SYMNETS.SYS --> C:\Windows\system32\Drivers

\NISx64\1207000.00D\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys

--> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files

(x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-6

169312]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows

\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files

(x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-1-10

13336]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware

\mbamservice.exe [2012-3-23 652360]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security

\Engine\18.7.0.13\ccsvchst.exe [2012-1-31 130008]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB

\PMBDeviceInfoProvider.exe [2010-11-27 398176]
R2 rimspci;rimspci;C:\Windows\system32\drivers\rimssne64.sys --> C:\Windows

\system32\drivers\rimssne64.sys [?]
R2 risdsnpe;risdsnpe;C:\Windows\system32\drivers\risdsne64.sys --> C:\Windows

\system32\drivers\risdsne64.sys [?]
R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care

\VCPerfService.exe [2011-4-28 252416]
R2 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files

\Sony Shared\SOHLib\SOHCImp.exe [2010-6-21 108400]
R2 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common

Files\Sony Shared\SOHLib\SOHDms.exe [2010-6-18 423280]
R2 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony

Shared\SOHLib\SOHDs.exe [2010-6-21 67952]
R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe

[2011-5-13 5790064]
R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen

\Pen_TouchService.exe [2011-5-13 487280]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects

2\uCamMonitor.exe [2011-4-28 104960]
R2 UNS;Intel® Management & Security Application User Notification Service;C:

\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

[2011-4-28 2320920]
R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power

Management\SPMService.exe [2011-4-28 575856]
R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony

Shared\VAIO Content Folder Watcher\VCFw.exe [2010-9-27 864000]
R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program

Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-10-25 549168]
R2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program

Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-6-9 384880]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS

\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS

\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows

\system32\drivers\Impcd.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:

\Windows\system32\drivers\mbam.sys [?]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys -->

C:\Windows\system32\DRIVERS\SFEP.sys [?]
R3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony

Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-6-7 304496]
R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2011-9-23

1429608]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS

\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:

\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys

[?]
S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-

85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110518.001\BHDrvx64.sys [2011-

5-17 1127032]
S1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1207000.00D

\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1207000.00D\Ironx64.SYS [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:

\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:

\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update

\GoogleUpdate.exe [2011-6-16 136176]
S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys -->

C:\Windows\system32\drivers\btwampfl.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys -->

C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows

\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live

\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update

\GoogleUpdate.exe [2011-6-16 136176]
S3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys -->

C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files

\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys -->

C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common

Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-10-25 101152]
S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys

--> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat

\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS

\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\system32\DRIVERS\WSDScan.sys -->

C:\Windows\system32\DRIVERS\WSDScan.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows

Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-03-25 19:58:15 -------- d-----w- C:\Users\Jess\AppData

\Local\{4E02863F-6E91-4F09-9E70-7447FD1B584A}
2012-03-25 19:58:03 -------- d-----w- C:\Users\Jess\AppData

\Local\{D86ABA1C-B19B-4612-8EA3-D1973870B0F5}
2012-03-25 03:31:21 -------- d-----w- C:\Users\Jess\AppData

\Local\{E09633E6-96F6-4C5D-BC47-335F68AB56F4}
2012-03-25 03:30:37 -------- d-----w- C:\Users\Jess\AppData

\Local\{A88CF67D-D2BB-4428-AC7A-D854F5BEACB8}
2012-03-23 20:55:10 -------- d-----w- C:\Users\Jess\AppData

\Local\{D4498E94-7DB7-4FAA-8024-8F4A140E5BD3}
2012-03-23 20:54:18 -------- d-----w- C:\Users\Jess\AppData

\Local\{77B9F43D-FE15-484F-B2BE-B5BF9E451133}
2012-03-23 19:38:05 23152 ----a-w- C:\Windows\System32\drivers

\mbam.sys
2012-03-23 19:38:05 -------- d-----w- C:\Program Files

(x86)\Malwarebytes' Anti-Malware
2012-03-23 19:34:50 -------- d-----w- C:\Users\Jess\AppData

\Local\{75AD5456-EA35-436D-A0CD-75661AA18B29}
2012-03-23 19:34:33 -------- d-----w- C:\Users\Jess\AppData

\Local\{0EF5D376-3669-4CE0-9A0B-3725004EA908}
2012-03-23 19:10:40 -------- d-----w- C:\Users\Jess\AppData

\Local\{8E49D6F3-2818-465D-BCB2-324F8FC495C6}
2012-03-23 00:05:27 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-22 20:45:14 -------- d-----w- C:\Users\Jess\AppData

\Local\{CBCC10AA-540D-477A-ACDE-AF96707F03BB}
2012-03-22 20:44:52 -------- d-----w- C:\Users\Jess\AppData

\Local\{9E7E71A0-4525-4411-8DD6-12B8342CF82E}
2012-03-22 20:33:50 -------- d-----w- C:\Users\Jess\AppData

\Local\{977A7AC0-2C9D-4C59-84E3-7145FCD71D67}
2012-03-22 20:33:36 -------- d-----w- C:\Users\Jess\AppData

\Local\{F8D07C84-9EE6-45A3-A3E2-0D66F09BB91B}
2012-03-22 20:29:34 -------- d-----w- C:\Program Files

(x86)\Microsoft Security Client
2012-03-22 20:29:19 -------- d-----w- C:\Program Files\Microsoft

Security Client
2012-03-22 20:18:01 -------- d-----w- C:\Users\Jess\AppData

\Local\{AAC3B2F1-96FE-4933-BBEE-2F78BD350EAF}
2012-03-22 20:17:35 -------- d-----w- C:\Users\Jess\AppData

\Local\{2A2AD64B-51FB-4559-8580-B9C28B86F617}
2012-03-22 18:13:25 -------- d-----w- C:\Users\Jess\AppData

\Local\{6487597D-00A6-417D-8A81-B30936ECCC10}
2012-03-22 18:13:15 -------- d-----w- C:\Users\Jess\AppData

\Local\{A73CE846-BB76-4DE3-9FBB-144D93A3E45B}
2012-03-22 05:38:04 -------- d-----w- C:\Windows

\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{49DF1048-3DC2-4639-A5B1-

041D5197EA75}
2012-03-22 05:38:04 -------- d-----w- C:\Windows

\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{517BDDFB-3939-4AB2-BFE7-

2D0F760965D2}
2012-03-22 05:38:02 -------- d-----w- C:\Windows

\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{13C19F27-E43F-4D83-82E9-

6287EE449298}
2012-03-22 05:03:54 -------- d-----w- C:\Windows

\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{B85959C8-DAD6-4242-B37C-

69FD515BDA1C}
2012-03-22 05:03:53 -------- d-----w- C:\Windows

\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{9CDC341F-3D83-49AA-AC8E-

C4E3874C1E29}
2012-03-22 05:03:52 -------- d-----w- C:\Windows

\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{D3A9C732-0F7B-468A-9C7E-

FDEA76B86B86}
2012-03-22 03:53:00 -------- d-----w- C:\Users\Jess\AppData

\Local\{5239B27F-372E-4269-B80F-6749714B3B79}
2012-03-22 03:52:49 -------- d-----w- C:\Users\Jess\AppData

\Local\{18844805-F8CB-4A61-B0CF-8E72322B94EF}
2012-03-21 23:59:40 -------- d-----w- C:\Users\Jess\AppData

\Local\{31163838-F431-4D3C-BA10-BEA567225508}
2012-03-21 23:58:52 -------- d-----w- C:\Users\Jess\AppData

\Local\{EBE1FB86-B595-4D47-8CCD-89C6F4298445}
2012-03-21 22:10:27 -------- d-----w- C:\Users\Jess\AppData

\Local\{16DD8B70-1390-40BF-BF1D-9AA7B5D58F64}
2012-03-21 22:09:48 -------- d-----w- C:\Users\Jess\AppData

\Local\{84320C84-7810-420C-8728-AF076AA64CDA}
2012-03-21 19:51:23 -------- d-----w- C:\Users\Jess\AppData

\Local\{4C67D449-34D5-4C4B-885E-23FAEBA667EE}
2012-03-21 19:51:13 -------- d-----w- C:\Users\Jess\AppData

\Local\{A7FEA023-D3F3-4E21-8EE8-4717E423C65D}
2012-03-21 18:55:47 -------- d-----w- C:\Users\Jess\AppData

\Roaming\Malwarebytes
2012-03-21 18:55:39 -------- d-----w- C:\ProgramData

\Malwarebytes
2012-03-21 18:43:02 -------- d-----w- C:\Users\Jess\AppData

\Local\{5951AF5E-6EC9-4DD6-81DC-2BFF73F46416}
2012-03-21 18:42:46 -------- d-----w- C:\Users\Jess\AppData

\Local\{5F2A24F9-E9BD-42CE-B384-11E816CBA632}
2012-03-21 18:34:25 -------- d-----w- C:\Users\Jess\AppData

\Local\{55EED264-BCE8-4F08-A5AD-FEE39B2C5BC3}
2012-03-21 18:34:15 -------- d-----w- C:\Users\Jess\AppData

\Local\{C7D3865A-00C1-4C6F-ABF0-068F265BD187}
2012-03-21 16:36:38 -------- d-----w- C:\Users\Jess\AppData

\Local\ElevatedDiagnostics
2012-03-21 14:46:33 -------- d-----w- C:\Users\Jess\AppData

\Local\{3123F7B8-DBA8-4768-8F53-33652A188EAF}
2012-03-21 14:46:26 -------- d-----w- C:\Users\Jess\AppData

\Roaming\Tific
2012-03-21 14:46:23 -------- d-----w- C:\Users\Jess\AppData

\Local\{26B29F72-9CDD-4FAB-A905-F5655FBBFCE1}
2012-03-21 14:46:17 -------- d-----w- C:\Users\Jess\AppData

\Local\Symantec
2012-03-21 03:31:31 0 --sha-w- C:\Windows

\System32\dds_trash_log.cmd
2012-03-21 03:30:25 -------- d-----we C:\Windows\system64
2012-03-20 18:25:00 8643640 ----a-w- C:\ProgramData\Microsoft\Windows

Defender\Definition Updates\{074FED03-6178-4171-8567-5ECABCC4F671}\mpengine.dll
2012-03-20 18:10:46 -------- d-----w- C:\Users\Jess\AppData

\Local\{94F95918-FEA3-4D26-A426-7F0640CFE758}
2012-03-20 18:10:35 -------- d-----w- C:\Users\Jess\AppData

\Local\{0DEB721F-E717-4D95-9BCA-3685F6D31FEE}
2012-03-19 21:27:12 -------- d-----w- C:\Windows

\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{9B25665C-7F4C-4A0A-B0C6-

B6A4810C1E90}
2012-03-19 21:27:10 -------- d-----w- C:\Windows

\SysWow64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{F020A976-7D5E-4A3E-99E9-

10AAB98CA80E}
2012-03-19 21:27:10 -------- d-----w- C:\Windows

\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{16514762-27BF-42CB-8B70-

A867DD7E9FEA}
2012-03-19 21:27:09 -------- d-----w- C:\Windows

\SysWow64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{38E29FCE-F6B5-4734-8D93-

D7435DA98550}
2012-03-19 21:27:09 -------- d-----w- C:\Windows

\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{B0C939AD-D295-4EB2-ACBC-

B81D07B99FF6}
2012-03-19 21:27:09 -------- d-----w- C:\Windows

\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{50412389-01B2-4CE2-A88F-

DC910C5C2B91}
2012-03-19 18:27:05 -------- d-----w- C:\Users\Jess\AppData

\Local\{D28AA34D-65D9-4095-9550-541B49100372}
2012-03-19 18:26:54 -------- d-----w- C:\Users\Jess\AppData

\Local\{0EFE3E83-E2B3-4CDC-AFF8-EB4860E29EE7}
2012-03-19 14:42:28 -------- d-----w- C:\Users\Jess\AppData

\Local\{806FBADA-4B50-4216-8626-76AAF3F33DB8}
2012-03-19 14:42:17 -------- d-----w- C:\Users\Jess\AppData

\Local\{A9E25445-6A9A-49E3-A114-E382F1247509}
2012-03-19 04:58:44 -------- d-----w- C:\Windows

\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{9F94A697-5516-44EC-83F2-

B6AA8B321C78}
2012-03-19 04:58:42 -------- d-----w- C:\Windows

\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{27383FAA-1369-4093-BDF9-

48A82713D089}
2012-03-19 04:58:40 -------- d-----w- C:\Windows

\SysWow64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{96D342A6-5B72-403D-B311-

521590D1C543}
2012-03-19 04:58:40 -------- d-----w- C:\Windows

\SysWow64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{36200DF9-F186-472E-A455-

DA0633BA867B}
2012-03-19 04:58:40 -------- d-----w- C:\Windows

\SysWow64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{2F44D7F9-4D60-4254-8D16-

7867EF8AF5BF}
2012-03-19 04:58:40 -------- d-----w- C:\Windows

\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{893D1FAA-3DF5-4219-A674-

AEBBFBC75EFA}
2012-03-19 04:58:39 -------- d-----w- C:\Windows

\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{C1D4CD83-7E1D-4EB6-8CB1-

4C131B12BBA5}
2012-03-19 04:58:39 -------- d-----w- C:\Windows

\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{4B4CE1FC-E4B2-4F54-A678-

83F695089E4B}
2012-03-19 04:58:38 -------- d-----w- C:\Windows

\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{EDB3F7F6-792F-4FA2-9BA6-

504AC0AFCB04}
2012-03-18 20:01:15 -------- d-----w- C:\Windows

\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{422DB86B-E4F2-42EB-ACB5-

9B640A33EC21}
2012-03-18 20:01:14 -------- d-----w- C:\Windows

\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{3BE5EDD3-07B4-4F4C-83AB-

06E6B5FB4846}
2012-03-18 20:01:14 -------- d-----w- C:\Windows

\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{2CA68CB0-DF27-43AD-B59A-

203BDB4507AE}
2012-03-18 20:01:14 -------- d-----w- C:\Windows

\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{74044053-71D3-40A1-AB24-

E5BC56C6C9ED}
2012-03-18 20:01:14 -------- d-----w- C:\Windows

\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{D7E4393A-7A34-4218-8E5B-

EB381C9AF8BF}
2012-03-18 20:01:07 -------- d-----w- C:\Windows

\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{802A3D0F-99B2-4595-8E2C-

DC5E8A5D3232}
2012-03-18 20:01:07 -------- d-----w- C:\Windows

\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{2222B901-9633-486D-98E2-

5858965528FD}
2012-03-18 20:00:27 -------- d-----w- C:\Windows

\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{AF5CC9CD-DFF7-46D3-9956-

799955146EB9}
2012-03-18 20:00:27 -------- d-----w- C:\Windows

\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{9B970D0E-1D7B-4869-9F9C-

6339DAB0D05A}
2012-03-18 19:57:01 -------- d-----w- C:\Users\Jess\AppData

\Local\{6C280007-550C-456F-9799-921C066A616D}
2012-03-18 19:56:49 -------- d-----w- C:\Users\Jess\AppData

\Local\{FE32F752-95FA-4D76-8785-7549599BC10F}
2012-03-17 16:21:45 -------- d-----w- C:\Windows

\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{C925AF27-8A08-47E4-8C4C-

0B2BBC85A64F}
2012-03-17 16:21:45 -------- d-----w- C:\Windows

\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{ACF8DC37-F97A-4069-89C9-

F0988F667118}
2012-03-17 16:21:45 -------- d-----w- C:\Windows

\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{E1296FCA-DDB4-4EC2-98E8-

1CC6E9DD4408}
2012-03-17 16:21:44 -------- d-----w- C:\Windows

\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{36447849-051C-4AF0-80B5-

4B334F3C9799}
2012-03-17 16:21:44 -------- d-----w- C:\Windows

\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{B50F675F-91FE-4E84-8857-

B34D77F4F05E}
2012-03-17 16:21:43 -------- d-----w- C:\Windows

\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{D2DB0AFA-97ED-4A2E-AE99-

523F31AB5E7D}
2012-03-17 16:21:35 -------- d-----w- C:\Windows

\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{9F7458D9-39E9-4207-959D-

FD870D3F3223}
2012-03-17 16:21:34 -------- d-----w- C:\Windows

\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{5AA0E879-9593-46A0-9649-

94C8026071AE}
2012-03-17 16:21:33 -------- d-----w- C:\Windows

\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{55BD262E-0DC5-4B2C-954E-

4561E42AA3B1}
2012-03-17 16:20:49 -------- d-----w- C:\Windows

\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{7E416F0F-71A3-49F7-BF40-

8BEE750931B2}
2012-03-17 16:20:46 -------- d-----w- C:\Windows

\SysWow64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{3A2DC000-7F46-4316-8C1D-

C84340EB28C0}
2012-03-17 16:20:45 -------- d-----w- C:\Windows

\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{7DF171B7-CE40-441D-ACAF-

3F7FCD4B7224}
2012-03-17 16:20:35 -------- d-----w- C:\Windows

\SysWow64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{0420E020-2D95-4854-AE57-

CA36A53CECEA}
2012-03-17 16:20:22 -------- d-----w- C:\Windows

\SysWow64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{1829AED9-E64F-4CA2-94D3-

541920B14DF5}
2012-03-17 16:20:18 -------- d-----w- C:\Windows

\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{A1A9AC93-F6AE-4E81-BA13-

B9029F98613D}
2012-03-17 16:20:15 -------- d-----w- C:\Windows

\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{B9D4A666-B389-407B-934F-

C1F15DBE770B}
2012-03-17 16:20:05 -------- d-----w- C:\Windows

\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{B2DBC8F6-097B-46A0-AE30-

F9198BA67C4F}
2012-03-17 16:20:04 -------- d-----w- C:\Windows

\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{2FE4FD51-2619-445C-B8E9-

BA93C18AF633}
2012-03-17 16:17:42 -------- d-----w- C:\Users\Jess\AppData

\Local\{1D96B306-B36D-46C8-B76B-4F0FE58BA789}
2012-03-17 16:17:31 -------- d-----w- C:\Users\Jess\AppData

\Local\{C6B702D3-2223-477D-80D8-F43DDBD9A7DB}
2012-03-16 21:32:13 -------- d-----w- C:\Windows

\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{7E381D76-3BC3-436D-83FD-

8D99BD4FA85F}
2012-03-16 21:32:05 -------- d-----w- C:\Windows

\SysWow64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{B6678824-2E12-46AD-B57B-

53BF94196C1B}
2012-03-16 21:32:04 -------- d-----w- C:\Windows

\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{6BF1C848-F702-4611-A232-

DF6528896AC2}
2012-03-16 18:26:33 -------- d-----w- C:\Users\Jess\AppData

\Local\{43692315-E895-4E21-A61F-426BC61C3CCA}
2012-03-16 18:25:54 -------- d-----w- C:\Users\Jess\AppData

\Local\{9D0EF8C4-9B05-4F19-BBEF-208ABE3BE498}
2012-03-15 18:26:19 -------- d-----w- C:\Windows

\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{B61170AE-1B9E-4F55-9CC6-

6803AA9A26F0}
2012-03-15 18:26:19 -------- d-----w- C:\Windows

\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{1B7FC800-E533-447A-BF68-

9954C4A03CD0}
2012-03-15 18:26:16 -------- d-----w- C:\Windows

\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{7847F022-A90F-4C6E-A711-

335238196DFC}
2012-03-15 18:26:07 -------- d-----w- C:\Windows

\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{6A860682-547B-4B27-8772-

279236395743}
2012-03-15 18:26:07 -------- d-----w- C:\Windows

\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{64A1A5C9-66CA-407E-833D-

C905AC385CE9}
2012-03-15 18:26:06 -------- d-----w- C:\Windows

\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{5A5EA0C6-1E8D-41C4-877F-

C22C14CEBDB3}
2012-03-15 18:23:33 -------- d-----w- C:\Users\Jess\AppData

\Local\{11BD78E8-9372-4D0C-921B-A0BE5D85934B}
2012-03-14 19:04:09 -------- d-----w- C:\Users\Jess\AppData

\Local\{8C0E8623-989E-4660-94EE-28CD200A9D8B}
2012-03-14 19:03:44 -------- d-----w- C:\Users\Jess\AppData

\Local\{48C9028D-CA36-46D6-AAED-9D63F0AEAFA1}
2012-03-14 05:53:12 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-14 05:53:12 3957616 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-14 05:53:12 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-13 23:27:13 3143168 ----a-w- C:\Windows\System32\win32k.sys
2012-03-13 23:27:10 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-03-13 23:27:10 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-03-13 23:27:10 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-03-13 23:27:10 1541120 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-13 23:27:10 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-03-13 23:27:09 320512 ----a-w- C:\Windows

\System32\d3d10_1core.dll
2012-03-13 23:27:09 218624 ----a-w- C:\Windows

\SysWow64\d3d10_1core.dll
2012-03-13 23:27:09 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-03-13 23:27:09 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-03-13 23:27:09 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-13 19:32:45 -------- d-----w- C:\Windows\SysWow64\spool
2012-03-13 19:04:53 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-13 19:04:53 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-13 19:04:52 23552 ----a-w- C:\Windows\System32\drivers

\tdtcp.sys
2012-03-13 19:04:52 204800 ----a-w- C:\Windows\System32\drivers

\rdpwd.sys
2012-03-13 19:03:53 9216 ----a-w- C:\Windows

\System32\rdrmemptylst.exe
2012-03-13 19:03:53 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-13 19:03:53 149504 ----a-w- C:\Windows

\System32\rdpcorekmts.dll
2012-03-13 18:57:24 -------- d-----w- C:\Windows

\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{2FC6B1D9-6019-468B-BC07-

36EF72D7CC01}
2012-03-13 18:57:20 -------- d-----w- C:\Windows

\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{C8F35C34-80C8-47F7-B3DE-

04E13E3A0D89}
2012-03-13 18:57:20 -------- d-----w- C:\Windows

\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{67448DE9-FF5F-4935-A753-

0C3561ADA53C}
2012-03-13 18:56:00 -------- d-----w- C:\Windows

\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{45DAF0AA-767A-4041-ACF2-

3E4B4C09BDFE}
2012-03-13 18:55:59 -------- d-----w- C:\Windows

\SysWow64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{98E6AF83-29FC-4F1C-89BF-

F936CA6B422C}
2012-03-13 18:55:56 -------- d-----w- C:\Windows

\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{3E06D39A-91B3-4FD6-945A-

78DBA1CF6D03}
2012-03-13 18:55:54 -------- d-----w- C:\Users\Jess\AppData

\Local\{0CC8093E-8241-44C7-B4ED-C6B1D5239EFF}
2012-03-13 18:53:32 -------- d-----w- C:\Users\Jess\AppData

\Local\{8BF2CBCC-42AD-4150-A0E1-A41C2DDDEB10}
2012-03-12 18:34:09 -------- d-----w- C:\Users\Jess\AppData

\Local\{3F29EEA6-D4B0-4018-A433-278AF22E4476}
2012-03-12 15:36:47 -------- d-----w- C:\Users\Jess\AppData

\Local\{901F7E1B-715A-495B-94E6-D61938BE4D20}
2012-03-11 20:54:02 -------- d-----w- C:\Users\Jess\AppData

\Local\{770666E7-C498-464F-B7F5-8F96F7B5AF7B}
2012-03-11 20:52:45 -------- d-----w- C:\Users\Jess\AppData

\Local\{32D997BA-DE69-48C8-8D03-01F617DC0651}
2012-03-11 05:20:09 -------- d-----w- C:\Users\Jess\AppData

\Local\{8F654F31-7DA9-4BA9-B2A9-94965862F4E6}
2012-03-11 05:19:35 -------- d-----w- C:\Users\Jess\AppData

\Local\{FFA6E7D8-F729-4DB1-B402-CDC3A6F6167F}
2012-03-10 18:21:54 -------- d-----w- C:\Users\Jess\AppData

\Local\{935FC14E-DDB6-4DB4-B2F5-2143E1D82BA6}
2012-03-10 18:21:30 -------- d-----w- C:\Users\Jess\AppData

\Local\{FB102592-CA72-48BE-AC5E-94E8C189005B}
2012-03-10 05:08:59 -------- d-----w- C:\Users\Jess\AppData

\Local\{4158FEAA-0889-4E69-8895-5C8D6779FFA4}
2012-03-10 05:08:46 -------- d-----w- C:\Users\Jess\AppData

\Local\{A310F170-C58A-45C3-991B-831C91861623}
2012-03-09 16:57:06 -------- d-----w- C:\Windows

\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{E6622C31-A00B-4C1B-9765-

5FA225B585F8}
2012-03-09 16:57:06 -------- d-----w- C:\Windows

\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{1ECC504F-1A4D-421D-AF99-

809E580B538D}
2012-03-09 16:57:04 -------- d-----w- C:\Windows

\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{8E4B6420-ED6F-4211-9F82-

C2228D96AFB7}
2012-03-09 16:51:01 -------- d-----w- C:\Users\Jess\AppData

\Local\{A126CE33-0772-4CBB-9C43-DB28C66FD27C}
2012-03-08 19:29:42 -------- d-----w- C:\Users\Jess\AppData

\Local\{68E3A21A-7593-42D9-BF45-994F8AA09D6E}
2012-03-08 19:29:31 -------- d-----w- C:\Users\Jess\AppData

\Local\{A502B832-406B-4232-90F7-7893ADFCEF55}
2012-03-08 16:26:45 -------- d-----w- C:\Users\Jess\AppData

\Local\{9796CB40-6948-41C4-9AD2-CCB8DAADAA9A}
2012-03-08 16:26:35 -------- d-----w- C:\Users\Jess\AppData

\Local\{C4A0CCDE-4335-4993-BA74-87E8B2FA7F0E}
2012-03-07 19:12:05 -------- d-----w- C:\Users\Jess\AppData

\Local\{1C421265-733A-4BD8-BB24-E7BFE9913DEB}
2012-03-07 19:11:54 -------- d-----w- C:\Users\Jess\AppData

\Local\{333BD13E-42E6-4CCA-A2FE-584F51946472}
2012-03-07 16:42:36 -------- d-----w- C:\Users\Jess\AppData

\Local\{992361CC-4610-411E-A97C-73887CDB7B68}
2012-03-07 16:42:26 -------- d-----w- C:\Users\Jess\AppData

\Local\{3C5C7B55-19F9-4CD5-A568-228B0E3305A4}
2012-03-07 16:16:03 -------- d-----w- C:\Users\Jess\AppData

\Local\{96CFF67C-7287-41D1-ADE0-BD8189484DAD}
2012-03-07 14:21:23 -------- d-----w- C:\Windows

\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{194DC1F1-1131-4C55-972E-

D785CBBBB073}
2012-03-07 14:21:22 -------- d-----w- C:\Windows

\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{8987C8D4-EC41-4B14-BF36-

A7B14B35ECEE}
2012-03-07 14:21:21 -------- d-----w- C:\Windows

\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{4A32EC74-061E-4846-A6E0-

22A4214D14EB}
2012-03-07 14:21:03 -------- d-----w- C:\Windows

\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{88696FC5-32A2-480B-9AB2-

18534BEDE4DA}
2012-03-07 14:21:03 -------- d-----w- C:\Windows

\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{644379F1-3E15-47C2-8B0A-

D4B7291630A9}
2012-03-07 14:21:03 -------- d-----w- C:\Windows

\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{97BE8A04-EB80-4A6C-822F-

8BCC1153BBE0}
2012-03-07 14:21:03 -------- d-----w- C:\Windows

\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{2B30CA5B-C9B6-4942-9443-

49B1B66AE441}
2012-03-07 14:21:01 -------- d-----w- C:\Windows

\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{ECDC5A39-9E4A-4304-AF52-

7CE51842CFEE}
2012-03-07 14:21:01 -------- d-----w- C:\Windows

\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{E527A6C7-3743-4E8C-8796-

1FF3772BE4A0}
2012-03-07 14:17:03 -------- d-----w- C:\Users\Jess\AppData

\Local\{3874FDB0-228A-4DC4-8D5C-065993322E9A}
2012-03-07 14:16:53 -------- d-----w- C:\Users\Jess\AppData

\Local\{93E0FA19-8210-4F5D-AE81-8FBBD3979BF4}
2012-03-07 03:54:43 -------- d-----w- C:\Windows

\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{AC07EE1E-AAA3-45E3-A72D-

606F9ABAED80}
2012-03-07 03:54:43 -------- d-----w- C:\Windows

\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{9BFB522F-8F82-48A5-BF37-

522500EDF00D}
2012-03-07 03:54:36 -------- d-----w- C:\Windows

\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{184CDC1D-568A-4462-986D-

752AE66A6CAC}
2012-03-07 03:53:48 -------- d-----w- C:\Windows

\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{948B53FB-DE04-4495-A02E-

ADA633B9B805}
2012-03-07 03:53:15 -------- d-----w- C:\Windows

\SysWow64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{FF4645E4-55E8-42D1-918C-

C29944D75E7C}
2012-03-07 03:52:58 -------- d-----w- C:\Windows

\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{35114B93-3F4A-42F5-B336-

5CD4F84D4AC4}
2012-03-07 03:50:37 -------- d-----w- C:\Users\Jess\AppData

\Local\{8380A96B-6666-4044-BEAD-74B83BE64E11}
2012-03-07 03:50:27 -------- d-----w- C:\Users\Jess\AppData

\Local\{5CB43A45-DC53-4954-94CA-02438C78FE00}
2012-03-06 21:34:44 -------- d-----w- C:\Windows

\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{7D7E38E3-24F6-4212-B4AD-

C475A4F102A0}
2012-03-06 21:34:44 -------- d-----w- C:\Windows

\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{666F25E5-8DB9-4E2F-9977-

50BBA47B52D9}
2012-03-06 21:34:44 -------- d-----w- C:\Windows

\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{C656F101-DA75-4563-B9D5-

C64EECA848B0}
2012-03-06 21:34:44 -------- d-----w- C:\Windows

\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{5773DF48-808A-48F1-8E79-

7FEDD9649F94}
2012-03-06 14:38:57 -------- d-----w- C:\Windows

\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{DA25A596-1160-4758-B018-

911D9BF42646}
2012-03-06 14:38:57 -------- d-----w- C:\Windows

\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{BD8411D8-81EC-4E77-A0DA-

DBBBCBD562D6}
2012-03-06 14:38:55 -------- d-----w- C:\Windows

\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{3CD328BB-6222-401F-90EF-

67AC983A041F}
2012-03-06 14:35:42 -------- d-----w- C:\Users\Jess\AppData

\Local\{A4C5ED1D-8C22-4B0E-97CC-6CF2901B4FBF}
2012-03-06 14:35:32 -------- d-----w- C:\Users\Jess\AppData

\Local\{31588B78-4184-467C-A889-3AD16DC92FD5}
2012-03-05 21:40:48 -------- d-----w- C:\Windows

\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{201A8701-ECCD-43CE-B7FB-

FA94F62B4815}
2012-03-05 21:40:46 -------- d-----w- C:\Windows

\SysWow64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{FC13FD9F-F3D6-43DD-A404-

845F9530FC0A}
2012-03-05 21:40:46 -------- d-----w- C:\Windows

\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{C015F77B-7453-46E6-8646-

E36C4D628DC2}
2012-03-05 16:24:30 -------- d-----w- C:\Users\Jess\AppData

\Local\{9A800431-F29C-4D03-A78E-32A8E23D90C4}
2012-03-05 04:29:45 -------- d-----w- C:\Program Files

(x86)\TunnelBear
2012-03-04 19:47:05 -------- d-----w- C:\Users\Jess\AppData

\Local\{2AA4AC81-61B9-4E53-99DB-3BCEF54E981F}
2012-03-04 19:46:43 -------- d-----w- C:\Users\Jess\AppData

\Local\{5EE88AED-A2E2-4130-A05D-A301801DCC7B}
2012-03-03 16:43:08 -------- d-----w- C:\Users\Jess\AppData

\Local\{DBBE53A0-F908-4876-B350-1CC407E70412}
2012-03-03 16:42:57 -------- d-----w- C:\Users\Jess\AppData

\Local\{98B6DF76-ADA8-4188-9ECD-8A532000DC6F}
2012-03-03 10:48:05 -------- d-----w- C:\Windows

\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{FFE05882-6DA9-42A4-8047-

55CEDFE95AE8}
2012-03-03 10:48:05 -------- d-----w- C:\Windows

\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{CA4C4C09-A2F7-4B35-A497-

2E13E08EFA6E}
2012-03-03 10:48:03 -------- d-----w- C:\Windows

\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{7EF48426-7D22-41CF-8AF1-

D4F5C0BDF433}
2012-03-03 10:48:02 -------- d-----w- C:\Windows

\SysWow64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{B2BD33AC-F7DE-4533-AB8A-

FFC6486830FA}
2012-03-03 10:48:02 -------- d-----w- C:\Windows

\SysWow64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{96B97420-F13C-4AC1-A39B-

EB4552A7709E}
2012-03-03 10:48:01 -------- d-----w- C:\Windows

\SysWow64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{D5CFF127-FD2E-439C-9174-

E48E03E356CE}
2012-03-03 10:48:00 -------- d-----w- C:\Windows

\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{F62AECC1-A61E-405C-B4CB-

3363BE0D0068}
2012-03-03 10:48:00 -------- d-----w- C:\Windows

\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{40E7C023-B26D-4061-823E-

818F09D493B9}
2012-03-03 10:48:00 -------- d-----w- C:\Windows

\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{02738692-B79D-45FF-826A-

A693CD951389}
2012-03-03 10:26:52 -------- d-----w- C:\Users\Jess\AppData

\Local\{C1898870-275E-4F2C-95DA-60E61A6EB8A2}
2012-03-03 10:26:00 -------- d-----w- C:\Users\Jess\AppData

\Local\{F1EAD473-F3AF-43C8-9176-503B989540B4}
2012-03-03 04:18:03 -------- d-----w- C:\Users\Jess\AppData

\Local\{04FBFE80-9444-42D7-B749-ACB2FF729371}
2012-03-03 04:17:53 -------- d-----w- C:\Users\Jess\AppData

\Local\{57B7DEF8-34E4-442B-8ABF-7D5A1B90ED17}
2012-03-02 16:01:40 -------- d-----w- C:\Users\Jess\AppData

\Local\{CE1C7E4F-3907-4336-B4AB-F5A5C079F843}
2012-03-02 15:59:28 -------- d-----w- C:\Users\Jess\AppData

\Local\{B9EA9E5A-5456-46D7-B0FC-BB97EEE417AA}
2012-03-02 09:40:18 -------- d-----w- C:\Users\Jess\AppData

\Local\{F4347332-D0E7-4F12-A747-5363B97B7C1B}
2012-03-02 09:40:08 -------- d-----w- C:\Users\Jess\AppData

\Local\{3EC98513-9360-490C-A319-475F912F7073}
2012-03-01 09:39:09 -------- d-----w- C:\Users\Jess\AppData

\Local\{49453245-FC74-490A-827F-3AC1A6924A70}
2012-03-01 09:38:59 -------- d-----w- C:\Users\Jess\AppData

\Local\{4CF3E3CB-E686-43C3-94BA-4F860065F34D}
2012-02-29 23:56:35 -------- d-----w- C:\Windows

\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{7224783D-00AC-42DF-BCF3-

84EAE1709F5D}
2012-02-29 23:56:32 -------- d-----w- C:\Windows

\SysWow64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{DC2FDB53-BF4E-4B85-855D-

1033BCD35293}
2012-02-29 23:56:32 -------- d-----w- C:\Windows

\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{7D30B863-84EA-46EA-BC43-

1B8BA261E9D5}
2012-02-29 23:11:58 -------- d-----w- C:\Users\Jess\AppData

\Local\{3BD0231D-714D-489D-B6F6-2E6F261D95E8}
2012-02-29 23:11:46 -------- d-----w- C:\Users\Jess\AppData

\Local\{1769EA76-D1A4-441F-B138-147109BDC741}
2012-02-29 17:13:52 -------- d-----w- C:\Windows

\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{D50B359F-EEA3-438E-9813-

FA18FD4D75D9}
2012-02-29 17:13:51 -------- d-----w- C:\Windows

\SysWow64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{38D78037-752D-41A6-A812-

B6436BCF1BCA}
2012-02-29 17:13:50 -------- d-----w- C:\Windows

\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{4378352A-46DB-4F1A-A7FC-

D047E820C451}
2012-02-29 17:12:57 -------- d-----w- C:\Windows

\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{D0FE8B6D-4121-4610-987E-

13C6F63FFCF2}
2012-02-29 17:12:55 -------- d-----w- C:\Windows

\SysWow64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{FAF58420-9B4E-4304-A90D-

2A37589A4737}
2012-02-29 17:12:54 -------- d-----w- C:\Windows

\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{73D942DA-B541-4EE6-9300-

AD3EAAC20D26}
2012-02-29 15:23:50 -------- d-----w- C:\Users\Jess\AppData

\Local\{6AB8EB5B-9EE5-44E7-8848-EFD90CA6A9CB}
2012-02-29 15:23:40 -------- d-----w- C:\Users\Jess\AppData

\Local\{48AD6D8E-7335-4E56-87DA-810B90E048BF}
2012-02-28 22:51:05 -------- d-----w- C:\Users\Jess\AppData

\Local\{3C820D80-25D2-4EE8-8307-949407FECA54}
2012-02-28 22:50:55 -------- d-----w- C:\Users\Jess\AppData

\Local\{CC350AC1-745D-462A-95B8-5EA3A31B615F}
2012-02-27 22:13:25 -------- d-----w- C:\Users\Jess\AppData

\Local\{43F82235-DB49-428C-9A3F-2C162778D482}
2012-02-27 22:13:14 -------- d-----w- C:\Users\Jess\AppData

\Local\{7AD257C8-D001-47D1-A86F-114C89E0CBF5}
2012-02-26 22:17:39 -------- d-----w- C:\Users\Jess\AppData

\Local\{8C197855-8808-4CED-95FC-FFB61F7F4460}
2012-02-26 22:17:29 -------- d-----w- C:\Users\Jess\AppData

\Local\{0E0362D4-2332-455B-8E7E-6D5080FF35CD}
2012-02-25 17:14:34 -------- d-----w- C:\Users\Jess\AppData

\Local\{04B854E2-E5FF-4E70-A9B2-15202F753A64}
2012-02-24 23:59:31 -------- d-----w- C:\Users\Jess\AppData

\Local\{A38119C4-363F-4D8F-AF9C-D44C09EBFFF9}
2012-02-24 23:59:21 -------- d-----w- C:\Users\Jess\AppData

\Local\{C8EE16CD-C3BA-47D5-8FDF-8608CCCAA546}
2012-02-24 20:54:33 -------- d-----w- C:\Windows

\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{7CB7C727-ADCB-478F-8CEB-

2BA7D854837A}
2012-02-24 20:54:32 -------- d-----w- C:\Windows

\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{FA56F1D6-BF47-41D5-A560-

86EBA6AEDBFF}
2012-02-24 20:54:29 -------- d-----w- C:\Windows

\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{DBB132CF-A909-4618-8CC3-

11E88759E168}
.
==================== Find3M ====================
.
2012-02-23 14:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-04 09:58:13 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 09:03:07 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-01-03 06:24:52 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-01-03 05:44:24 478208 ----a-w- C:\Windows\SysWow64\timedate.cpl
2011-12-28 03:59:11 499200 ----a-w- C:\Windows\System32\drivers

\afd.sys
.
============= FINISH: 16:15:46.04 ===============

BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:04:15 PM

Posted 25 March 2012 - 04:10 PM

Good evening. :)

Open any Notepad file (*.txt), click on Format and ensure that Wordwrap is unchecked. If it isn't, uncheck it and then close the file. If you look at the DDS log you posted you can see that it has extra blank lines in it and this will correct that.

Next, will you post a fresh DDS log, which should be more readable, attach the second file that DDS creates, attach.txt, and also post the GMER log from the instructions Broni linked to here.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Please take the time to read and follow all the instructions that are posted as they are for your benefit as the reduce the time that this procedure will take.

So long, and thanks for all the fish.

 

 


#3 kpryde

kpryde
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 25 March 2012 - 06:12 PM

Thank you very much for a speedy reply. Here are my correct DDS logs as well as the GMER log

regarding GMER, i originally skipped this step as the tutorial suggested as i had a 64-bit system. I wasn't able to check all the areas that were requested as the program was not letting me. so all i managed to check was service registry and files.



.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_27
Run by Jess at 17:52:14 on 2012-03-25
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5998.3640 [GMT -4:00]
.
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Sony\VAIO Care\VCSpt.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe
C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Users\Jess\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\Apvfb.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Sony\VAIO Care\VCPerfService.exe
C:\Program Files\Sony\VAIO Personalization Manager\VpmIfPav.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Photoshop.exe
C:\Windows\splwow64.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://sony.msn.com
uDefault_Page_URL = hxxp://sony.msn.com
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\IPS\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Google Update] "C:\Users\Jess\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Octoshape Streaming Services] "C:\Users\Jess\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
uRun: [Elbserver] C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe /Stay
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun: [SHTtray.exe] C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Jess\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Jess\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{172F2F57-9B13-4095-8ADB-7D63B1ADE604} : DhcpNameServer = 10.100.22.1
TCP: Interfaces\{198F0C01-C53B-4763-8787-736C4B97C334} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{198F0C01-C53B-4763-8787-736C4B97C334} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{198F0C01-C53B-4763-8787-736C4B97C334}\16474777966696 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{198F0C01-C53B-4763-8787-736C4B97C334}\16474777966696 : DhcpNameServer = 192.168.5.1
TCP: Interfaces\{198F0C01-C53B-4763-8787-736C4B97C334}\244584572633D235743543 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{198F0C01-C53B-4763-8787-736C4B97C334}\244584572633D235743543 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{198F0C01-C53B-4763-8787-736C4B97C334}\35455465540274F4F444245525E4723702E4564777F627B6 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{198F0C01-C53B-4763-8787-736C4B97C334}\35455465540274F4F444245525E4723702E4564777F627B6 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{198F0C01-C53B-4763-8787-736C4B97C334}\7496C6D6F65727370284F6D6560275962756C656373702C416E6 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{198F0C01-C53B-4763-8787-736C4B97C334}\7496C6D6F65727370284F6D6560275962756C656373702C416E6 : DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{198F0C01-C53B-4763-8787-736C4B97C334}\940786F6E656 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{198F0C01-C53B-4763-8787-736C4B97C334}\940786F6E656 : DhcpNameServer = 88.82.13.60 88.82.13.60
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [(Default)]
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
mRun-x64: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun-x64: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun-x64: [SHTtray.exe] C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jess\AppData\Roaming\Mozilla\Firefox\Profiles\hjg0p76j.default\
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Jess\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Users\Jess\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Jess\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll
FF - plugin: C:\Users\Jess\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1207000.00D\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1207000.00D\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1207000.00D\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1207000.00D\SYMEFA64.SYS [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110603.003\IDSviA64.sys [2011-6-4 476792]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1207000.00D\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1207000.00D\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-6 169312]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-1-10 13336]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-23 652360]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccsvchst.exe [2012-1-31 130008]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]
R2 rimspci;rimspci;C:\Windows\system32\drivers\rimssne64.sys --> C:\Windows\system32\drivers\rimssne64.sys [?]
R2 risdsnpe;risdsnpe;C:\Windows\system32\drivers\risdsne64.sys --> C:\Windows\system32\drivers\risdsne64.sys [?]
R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-4-28 252416]
R2 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-6-21 108400]
R2 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-6-18 423280]
R2 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-6-21 67952]
R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2011-5-13 5790064]
R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2011-5-13 487280]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-4-28 104960]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-4-28 2320920]
R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2011-4-28 575856]
R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-9-27 864000]
R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-10-25 549168]
R2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-6-9 384880]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys --> C:\Windows\system32\DRIVERS\SFEP.sys [?]
R3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-6-7 304496]
R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2011-9-23 1429608]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110518.001\BHDrvx64.sys [2011-5-17 1127032]
S1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1207000.00D\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1207000.00D\Ironx64.SYS [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-16 136176]
S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-16 136176]
S3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-10-25 101152]
S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\system32\DRIVERS\WSDScan.sys --> C:\Windows\system32\DRIVERS\WSDScan.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-03-25 19:58:15 -------- d-----w- C:\Users\Jess\AppData\Local\{4E02863F-6E91-4F09-9E70-7447FD1B584A}
2012-03-25 19:58:03 -------- d-----w- C:\Users\Jess\AppData\Local\{D86ABA1C-B19B-4612-8EA3-D1973870B0F5}
2012-03-25 03:31:21 -------- d-----w- C:\Users\Jess\AppData\Local\{E09633E6-96F6-4C5D-BC47-335F68AB56F4}
2012-03-25 03:30:37 -------- d-----w- C:\Users\Jess\AppData\Local\{A88CF67D-D2BB-4428-AC7A-D854F5BEACB8}
2012-03-23 20:55:10 -------- d-----w- C:\Users\Jess\AppData\Local\{D4498E94-7DB7-4FAA-8024-8F4A140E5BD3}
2012-03-23 20:54:18 -------- d-----w- C:\Users\Jess\AppData\Local\{77B9F43D-FE15-484F-B2BE-B5BF9E451133}
2012-03-23 19:38:05 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-23 19:38:05 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-23 19:34:50 -------- d-----w- C:\Users\Jess\AppData\Local\{75AD5456-EA35-436D-A0CD-75661AA18B29}
2012-03-23 19:34:33 -------- d-----w- C:\Users\Jess\AppData\Local\{0EF5D376-3669-4CE0-9A0B-3725004EA908}
2012-03-23 19:10:40 -------- d-----w- C:\Users\Jess\AppData\Local\{8E49D6F3-2818-465D-BCB2-324F8FC495C6}
2012-03-23 00:05:27 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-22 20:45:14 -------- d-----w- C:\Users\Jess\AppData\Local\{CBCC10AA-540D-477A-ACDE-AF96707F03BB}
2012-03-22 20:44:52 -------- d-----w- C:\Users\Jess\AppData\Local\{9E7E71A0-4525-4411-8DD6-12B8342CF82E}
2012-03-22 20:33:50 -------- d-----w- C:\Users\Jess\AppData\Local\{977A7AC0-2C9D-4C59-84E3-7145FCD71D67}
2012-03-22 20:33:36 -------- d-----w- C:\Users\Jess\AppData\Local\{F8D07C84-9EE6-45A3-A3E2-0D66F09BB91B}
2012-03-22 20:29:34 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-03-22 20:29:19 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-03-22 20:18:01 -------- d-----w- C:\Users\Jess\AppData\Local\{AAC3B2F1-96FE-4933-BBEE-2F78BD350EAF}
2012-03-22 20:17:35 -------- d-----w- C:\Users\Jess\AppData\Local\{2A2AD64B-51FB-4559-8580-B9C28B86F617}
2012-03-22 18:13:25 -------- d-----w- C:\Users\Jess\AppData\Local\{6487597D-00A6-417D-8A81-B30936ECCC10}
2012-03-22 18:13:15 -------- d-----w- C:\Users\Jess\AppData\Local\{A73CE846-BB76-4DE3-9FBB-144D93A3E45B}
2012-03-22 05:38:04 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{49DF1048-3DC2-4639-A5B1-041D5197EA75}
2012-03-22 05:38:04 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{517BDDFB-3939-4AB2-BFE7-2D0F760965D2}
2012-03-22 05:38:02 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{13C19F27-E43F-4D83-82E9-6287EE449298}
2012-03-22 05:03:54 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{B85959C8-DAD6-4242-B37C-69FD515BDA1C}
2012-03-22 05:03:53 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{9CDC341F-3D83-49AA-AC8E-C4E3874C1E29}
2012-03-22 05:03:52 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{D3A9C732-0F7B-468A-9C7E-FDEA76B86B86}
2012-03-22 03:53:00 -------- d-----w- C:\Users\Jess\AppData\Local\{5239B27F-372E-4269-B80F-6749714B3B79}
2012-03-22 03:52:49 -------- d-----w- C:\Users\Jess\AppData\Local\{18844805-F8CB-4A61-B0CF-8E72322B94EF}
2012-03-21 23:59:40 -------- d-----w- C:\Users\Jess\AppData\Local\{31163838-F431-4D3C-BA10-BEA567225508}
2012-03-21 23:58:52 -------- d-----w- C:\Users\Jess\AppData\Local\{EBE1FB86-B595-4D47-8CCD-89C6F4298445}
2012-03-21 22:10:27 -------- d-----w- C:\Users\Jess\AppData\Local\{16DD8B70-1390-40BF-BF1D-9AA7B5D58F64}
2012-03-21 22:09:48 -------- d-----w- C:\Users\Jess\AppData\Local\{84320C84-7810-420C-8728-AF076AA64CDA}
2012-03-21 19:51:23 -------- d-----w- C:\Users\Jess\AppData\Local\{4C67D449-34D5-4C4B-885E-23FAEBA667EE}
2012-03-21 19:51:13 -------- d-----w- C:\Users\Jess\AppData\Local\{A7FEA023-D3F3-4E21-8EE8-4717E423C65D}
2012-03-21 18:55:47 -------- d-----w- C:\Users\Jess\AppData\Roaming\Malwarebytes
2012-03-21 18:55:39 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-21 18:43:02 -------- d-----w- C:\Users\Jess\AppData\Local\{5951AF5E-6EC9-4DD6-81DC-2BFF73F46416}
2012-03-21 18:42:46 -------- d-----w- C:\Users\Jess\AppData\Local\{5F2A24F9-E9BD-42CE-B384-11E816CBA632}
2012-03-21 18:34:25 -------- d-----w- C:\Users\Jess\AppData\Local\{55EED264-BCE8-4F08-A5AD-FEE39B2C5BC3}
2012-03-21 18:34:15 -------- d-----w- C:\Users\Jess\AppData\Local\{C7D3865A-00C1-4C6F-ABF0-068F265BD187}
2012-03-21 16:36:38 -------- d-----w- C:\Users\Jess\AppData\Local\ElevatedDiagnostics
2012-03-21 14:46:33 -------- d-----w- C:\Users\Jess\AppData\Local\{3123F7B8-DBA8-4768-8F53-33652A188EAF}
2012-03-21 14:46:26 -------- d-----w- C:\Users\Jess\AppData\Roaming\Tific
2012-03-21 14:46:23 -------- d-----w- C:\Users\Jess\AppData\Local\{26B29F72-9CDD-4FAB-A905-F5655FBBFCE1}
2012-03-21 14:46:17 -------- d-----w- C:\Users\Jess\AppData\Local\Symantec
2012-03-21 03:31:31 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd
2012-03-21 03:30:25 -------- d-----we C:\Windows\system64
2012-03-20 18:25:00 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{074FED03-6178-4171-8567-5ECABCC4F671}\mpengine.dll
2012-03-20 18:10:46 -------- d-----w- C:\Users\Jess\AppData\Local\{94F95918-FEA3-4D26-A426-7F0640CFE758}
2012-03-20 18:10:35 -------- d-----w- C:\Users\Jess\AppData\Local\{0DEB721F-E717-4D95-9BCA-3685F6D31FEE}
2012-03-19 21:27:12 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{9B25665C-7F4C-4A0A-B0C6-B6A4810C1E90}
2012-03-19 21:27:10 -------- d-----w- C:\Windows\SysWow64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{F020A976-7D5E-4A3E-99E9-10AAB98CA80E}
2012-03-19 21:27:10 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{16514762-27BF-42CB-8B70-A867DD7E9FEA}
2012-03-19 21:27:09 -------- d-----w- C:\Windows\SysWow64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{38E29FCE-F6B5-4734-8D93-D7435DA98550}
2012-03-19 21:27:09 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{B0C939AD-D295-4EB2-ACBC-B81D07B99FF6}
2012-03-19 21:27:09 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{50412389-01B2-4CE2-A88F-DC910C5C2B91}
2012-03-19 18:27:05 -------- d-----w- C:\Users\Jess\AppData\Local\{D28AA34D-65D9-4095-9550-541B49100372}
2012-03-19 18:26:54 -------- d-----w- C:\Users\Jess\AppData\Local\{0EFE3E83-E2B3-4CDC-AFF8-EB4860E29EE7}
2012-03-19 14:42:28 -------- d-----w- C:\Users\Jess\AppData\Local\{806FBADA-4B50-4216-8626-76AAF3F33DB8}
2012-03-19 14:42:17 -------- d-----w- C:\Users\Jess\AppData\Local\{A9E25445-6A9A-49E3-A114-E382F1247509}
2012-03-19 04:58:44 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{9F94A697-5516-44EC-83F2-B6AA8B321C78}
2012-03-19 04:58:42 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{27383FAA-1369-4093-BDF9-48A82713D089}
2012-03-19 04:58:40 -------- d-----w- C:\Windows\SysWow64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{96D342A6-5B72-403D-B311-521590D1C543}
2012-03-19 04:58:40 -------- d-----w- C:\Windows\SysWow64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{36200DF9-F186-472E-A455-DA0633BA867B}
2012-03-19 04:58:40 -------- d-----w- C:\Windows\SysWow64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{2F44D7F9-4D60-4254-8D16-7867EF8AF5BF}
2012-03-19 04:58:40 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{893D1FAA-3DF5-4219-A674-AEBBFBC75EFA}
2012-03-19 04:58:39 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{C1D4CD83-7E1D-4EB6-8CB1-4C131B12BBA5}
2012-03-19 04:58:39 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{4B4CE1FC-E4B2-4F54-A678-83F695089E4B}
2012-03-19 04:58:38 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{EDB3F7F6-792F-4FA2-9BA6-504AC0AFCB04}
2012-03-18 20:01:15 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{422DB86B-E4F2-42EB-ACB5-9B640A33EC21}
2012-03-18 20:01:14 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{3BE5EDD3-07B4-4F4C-83AB-06E6B5FB4846}
2012-03-18 20:01:14 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{2CA68CB0-DF27-43AD-B59A-203BDB4507AE}
2012-03-18 20:01:14 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{74044053-71D3-40A1-AB24-E5BC56C6C9ED}
2012-03-18 20:01:14 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{D7E4393A-7A34-4218-8E5B-EB381C9AF8BF}
2012-03-18 20:01:07 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{802A3D0F-99B2-4595-8E2C-DC5E8A5D3232}
2012-03-18 20:01:07 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{2222B901-9633-486D-98E2-5858965528FD}
2012-03-18 20:00:27 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{AF5CC9CD-DFF7-46D3-9956-799955146EB9}
2012-03-18 20:00:27 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{9B970D0E-1D7B-4869-9F9C-6339DAB0D05A}
2012-03-18 19:57:01 -------- d-----w- C:\Users\Jess\AppData\Local\{6C280007-550C-456F-9799-921C066A616D}
2012-03-18 19:56:49 -------- d-----w- C:\Users\Jess\AppData\Local\{FE32F752-95FA-4D76-8785-7549599BC10F}
2012-03-17 16:21:45 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{C925AF27-8A08-47E4-8C4C-0B2BBC85A64F}
2012-03-17 16:21:45 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{ACF8DC37-F97A-4069-89C9-F0988F667118}
2012-03-17 16:21:45 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{E1296FCA-DDB4-4EC2-98E8-1CC6E9DD4408}
2012-03-17 16:21:44 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{36447849-051C-4AF0-80B5-4B334F3C9799}
2012-03-17 16:21:44 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{B50F675F-91FE-4E84-8857-B34D77F4F05E}
2012-03-17 16:21:43 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{D2DB0AFA-97ED-4A2E-AE99-523F31AB5E7D}
2012-03-17 16:21:35 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{9F7458D9-39E9-4207-959D-FD870D3F3223}
2012-03-17 16:21:34 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{5AA0E879-9593-46A0-9649-94C8026071AE}
2012-03-17 16:21:33 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{55BD262E-0DC5-4B2C-954E-4561E42AA3B1}
2012-03-17 16:20:49 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{7E416F0F-71A3-49F7-BF40-8BEE750931B2}
2012-03-17 16:20:46 -------- d-----w- C:\Windows\SysWow64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{3A2DC000-7F46-4316-8C1D-C84340EB28C0}
2012-03-17 16:20:45 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{7DF171B7-CE40-441D-ACAF-3F7FCD4B7224}
2012-03-17 16:20:35 -------- d-----w- C:\Windows\SysWow64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{0420E020-2D95-4854-AE57-CA36A53CECEA}
2012-03-17 16:20:22 -------- d-----w- C:\Windows\SysWow64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{1829AED9-E64F-4CA2-94D3-541920B14DF5}
2012-03-17 16:20:18 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{A1A9AC93-F6AE-4E81-BA13-B9029F98613D}
2012-03-17 16:20:15 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{B9D4A666-B389-407B-934F-C1F15DBE770B}
2012-03-17 16:20:05 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{B2DBC8F6-097B-46A0-AE30-F9198BA67C4F}
2012-03-17 16:20:04 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{2FE4FD51-2619-445C-B8E9-BA93C18AF633}
2012-03-17 16:17:42 -------- d-----w- C:\Users\Jess\AppData\Local\{1D96B306-B36D-46C8-B76B-4F0FE58BA789}
2012-03-17 16:17:31 -------- d-----w- C:\Users\Jess\AppData\Local\{C6B702D3-2223-477D-80D8-F43DDBD9A7DB}
2012-03-16 21:32:13 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{7E381D76-3BC3-436D-83FD-8D99BD4FA85F}
2012-03-16 21:32:05 -------- d-----w- C:\Windows\SysWow64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{B6678824-2E12-46AD-B57B-53BF94196C1B}
2012-03-16 21:32:04 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{6BF1C848-F702-4611-A232-DF6528896AC2}
2012-03-16 18:26:33 -------- d-----w- C:\Users\Jess\AppData\Local\{43692315-E895-4E21-A61F-426BC61C3CCA}
2012-03-16 18:25:54 -------- d-----w- C:\Users\Jess\AppData\Local\{9D0EF8C4-9B05-4F19-BBEF-208ABE3BE498}
2012-03-15 18:26:19 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{B61170AE-1B9E-4F55-9CC6-6803AA9A26F0}
2012-03-15 18:26:19 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{1B7FC800-E533-447A-BF68-9954C4A03CD0}
2012-03-15 18:26:16 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{7847F022-A90F-4C6E-A711-335238196DFC}
2012-03-15 18:26:07 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{6A860682-547B-4B27-8772-279236395743}
2012-03-15 18:26:07 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{64A1A5C9-66CA-407E-833D-C905AC385CE9}
2012-03-15 18:26:06 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{5A5EA0C6-1E8D-41C4-877F-C22C14CEBDB3}
2012-03-15 18:23:33 -------- d-----w- C:\Users\Jess\AppData\Local\{11BD78E8-9372-4D0C-921B-A0BE5D85934B}
2012-03-14 19:04:09 -------- d-----w- C:\Users\Jess\AppData\Local\{8C0E8623-989E-4660-94EE-28CD200A9D8B}
2012-03-14 19:03:44 -------- d-----w- C:\Users\Jess\AppData\Local\{48C9028D-CA36-46D6-AAED-9D63F0AEAFA1}
2012-03-14 05:53:12 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-14 05:53:12 3957616 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-14 05:53:12 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-13 23:27:13 3143168 ----a-w- C:\Windows\System32\win32k.sys
2012-03-13 23:27:10 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-03-13 23:27:10 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-03-13 23:27:10 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-03-13 23:27:10 1541120 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-13 23:27:10 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-03-13 23:27:09 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-03-13 23:27:09 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-03-13 23:27:09 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-03-13 23:27:09 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-03-13 23:27:09 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-13 19:32:45 -------- d-----w- C:\Windows\SysWow64\spool
2012-03-13 19:04:53 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-13 19:04:53 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-13 19:04:52 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-13 19:04:52 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-13 19:03:53 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-13 19:03:53 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-13 19:03:53 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-13 18:57:24 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{2FC6B1D9-6019-468B-BC07-36EF72D7CC01}
2012-03-13 18:57:20 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{C8F35C34-80C8-47F7-B3DE-04E13E3A0D89}
2012-03-13 18:57:20 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{67448DE9-FF5F-4935-A753-0C3561ADA53C}
2012-03-13 18:56:00 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{45DAF0AA-767A-4041-ACF2-3E4B4C09BDFE}
2012-03-13 18:55:59 -------- d-----w- C:\Windows\SysWow64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{98E6AF83-29FC-4F1C-89BF-F936CA6B422C}
2012-03-13 18:55:56 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{3E06D39A-91B3-4FD6-945A-78DBA1CF6D03}
2012-03-13 18:55:54 -------- d-----w- C:\Users\Jess\AppData\Local\{0CC8093E-8241-44C7-B4ED-C6B1D5239EFF}
2012-03-13 18:53:32 -------- d-----w- C:\Users\Jess\AppData\Local\{8BF2CBCC-42AD-4150-A0E1-A41C2DDDEB10}
2012-03-12 18:34:09 -------- d-----w- C:\Users\Jess\AppData\Local\{3F29EEA6-D4B0-4018-A433-278AF22E4476}
2012-03-12 15:36:47 -------- d-----w- C:\Users\Jess\AppData\Local\{901F7E1B-715A-495B-94E6-D61938BE4D20}
2012-03-11 20:54:02 -------- d-----w- C:\Users\Jess\AppData\Local\{770666E7-C498-464F-B7F5-8F96F7B5AF7B}
2012-03-11 20:52:45 -------- d-----w- C:\Users\Jess\AppData\Local\{32D997BA-DE69-48C8-8D03-01F617DC0651}
2012-03-11 05:20:09 -------- d-----w- C:\Users\Jess\AppData\Local\{8F654F31-7DA9-4BA9-B2A9-94965862F4E6}
2012-03-11 05:19:35 -------- d-----w- C:\Users\Jess\AppData\Local\{FFA6E7D8-F729-4DB1-B402-CDC3A6F6167F}
2012-03-10 18:21:54 -------- d-----w- C:\Users\Jess\AppData\Local\{935FC14E-DDB6-4DB4-B2F5-2143E1D82BA6}
2012-03-10 18:21:30 -------- d-----w- C:\Users\Jess\AppData\Local\{FB102592-CA72-48BE-AC5E-94E8C189005B}
2012-03-10 05:08:59 -------- d-----w- C:\Users\Jess\AppData\Local\{4158FEAA-0889-4E69-8895-5C8D6779FFA4}
2012-03-10 05:08:46 -------- d-----w- C:\Users\Jess\AppData\Local\{A310F170-C58A-45C3-991B-831C91861623}
2012-03-09 16:57:06 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{E6622C31-A00B-4C1B-9765-5FA225B585F8}
2012-03-09 16:57:06 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{1ECC504F-1A4D-421D-AF99-809E580B538D}
2012-03-09 16:57:04 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{8E4B6420-ED6F-4211-9F82-C2228D96AFB7}
2012-03-09 16:51:01 -------- d-----w- C:\Users\Jess\AppData\Local\{A126CE33-0772-4CBB-9C43-DB28C66FD27C}
2012-03-08 19:29:42 -------- d-----w- C:\Users\Jess\AppData\Local\{68E3A21A-7593-42D9-BF45-994F8AA09D6E}
2012-03-08 19:29:31 -------- d-----w- C:\Users\Jess\AppData\Local\{A502B832-406B-4232-90F7-7893ADFCEF55}
2012-03-08 16:26:45 -------- d-----w- C:\Users\Jess\AppData\Local\{9796CB40-6948-41C4-9AD2-CCB8DAADAA9A}
2012-03-08 16:26:35 -------- d-----w- C:\Users\Jess\AppData\Local\{C4A0CCDE-4335-4993-BA74-87E8B2FA7F0E}
2012-03-07 19:12:05 -------- d-----w- C:\Users\Jess\AppData\Local\{1C421265-733A-4BD8-BB24-E7BFE9913DEB}
2012-03-07 19:11:54 -------- d-----w- C:\Users\Jess\AppData\Local\{333BD13E-42E6-4CCA-A2FE-584F51946472}
2012-03-07 16:42:36 -------- d-----w- C:\Users\Jess\AppData\Local\{992361CC-4610-411E-A97C-73887CDB7B68}
2012-03-07 16:42:26 -------- d-----w- C:\Users\Jess\AppData\Local\{3C5C7B55-19F9-4CD5-A568-228B0E3305A4}
2012-03-07 16:16:03 -------- d-----w- C:\Users\Jess\AppData\Local\{96CFF67C-7287-41D1-ADE0-BD8189484DAD}
2012-03-07 14:21:23 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{194DC1F1-1131-4C55-972E-D785CBBBB073}
2012-03-07 14:21:22 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{8987C8D4-EC41-4B14-BF36-A7B14B35ECEE}
2012-03-07 14:21:21 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{4A32EC74-061E-4846-A6E0-22A4214D14EB}
2012-03-07 14:21:03 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{88696FC5-32A2-480B-9AB2-18534BEDE4DA}
2012-03-07 14:21:03 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{644379F1-3E15-47C2-8B0A-D4B7291630A9}
2012-03-07 14:21:03 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{97BE8A04-EB80-4A6C-822F-8BCC1153BBE0}
2012-03-07 14:21:03 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{2B30CA5B-C9B6-4942-9443-49B1B66AE441}
2012-03-07 14:21:01 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{ECDC5A39-9E4A-4304-AF52-7CE51842CFEE}
2012-03-07 14:21:01 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{E527A6C7-3743-4E8C-8796-1FF3772BE4A0}
2012-03-07 14:17:03 -------- d-----w- C:\Users\Jess\AppData\Local\{3874FDB0-228A-4DC4-8D5C-065993322E9A}
2012-03-07 14:16:53 -------- d-----w- C:\Users\Jess\AppData\Local\{93E0FA19-8210-4F5D-AE81-8FBBD3979BF4}
2012-03-07 03:54:43 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{AC07EE1E-AAA3-45E3-A72D-606F9ABAED80}
2012-03-07 03:54:43 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{9BFB522F-8F82-48A5-BF37-522500EDF00D}
2012-03-07 03:54:36 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{184CDC1D-568A-4462-986D-752AE66A6CAC}
2012-03-07 03:53:48 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{948B53FB-DE04-4495-A02E-ADA633B9B805}
2012-03-07 03:53:15 -------- d-----w- C:\Windows\SysWow64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{FF4645E4-55E8-42D1-918C-C29944D75E7C}
2012-03-07 03:52:58 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{35114B93-3F4A-42F5-B336-5CD4F84D4AC4}
2012-03-07 03:50:37 -------- d-----w- C:\Users\Jess\AppData\Local\{8380A96B-6666-4044-BEAD-74B83BE64E11}
2012-03-07 03:50:27 -------- d-----w- C:\Users\Jess\AppData\Local\{5CB43A45-DC53-4954-94CA-02438C78FE00}
2012-03-06 21:34:44 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{7D7E38E3-24F6-4212-B4AD-C475A4F102A0}
2012-03-06 21:34:44 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{666F25E5-8DB9-4E2F-9977-50BBA47B52D9}
2012-03-06 21:34:44 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{C656F101-DA75-4563-B9D5-C64EECA848B0}
2012-03-06 21:34:44 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{5773DF48-808A-48F1-8E79-7FEDD9649F94}
2012-03-06 14:38:57 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{DA25A596-1160-4758-B018-911D9BF42646}
2012-03-06 14:38:57 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{BD8411D8-81EC-4E77-A0DA-DBBBCBD562D6}
2012-03-06 14:38:55 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{3CD328BB-6222-401F-90EF-67AC983A041F}
2012-03-06 14:35:42 -------- d-----w- C:\Users\Jess\AppData\Local\{A4C5ED1D-8C22-4B0E-97CC-6CF2901B4FBF}
2012-03-06 14:35:32 -------- d-----w- C:\Users\Jess\AppData\Local\{31588B78-4184-467C-A889-3AD16DC92FD5}
2012-03-05 21:40:48 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{201A8701-ECCD-43CE-B7FB-FA94F62B4815}
2012-03-05 21:40:46 -------- d-----w- C:\Windows\SysWow64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{FC13FD9F-F3D6-43DD-A404-845F9530FC0A}
2012-03-05 21:40:46 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{C015F77B-7453-46E6-8646-E36C4D628DC2}
2012-03-05 16:24:30 -------- d-----w- C:\Users\Jess\AppData\Local\{9A800431-F29C-4D03-A78E-32A8E23D90C4}
2012-03-05 04:29:45 -------- d-----w- C:\Program Files (x86)\TunnelBear
2012-03-04 19:47:05 -------- d-----w- C:\Users\Jess\AppData\Local\{2AA4AC81-61B9-4E53-99DB-3BCEF54E981F}
2012-03-04 19:46:43 -------- d-----w- C:\Users\Jess\AppData\Local\{5EE88AED-A2E2-4130-A05D-A301801DCC7B}
2012-03-03 16:43:08 -------- d-----w- C:\Users\Jess\AppData\Local\{DBBE53A0-F908-4876-B350-1CC407E70412}
2012-03-03 16:42:57 -------- d-----w- C:\Users\Jess\AppData\Local\{98B6DF76-ADA8-4188-9ECD-8A532000DC6F}
2012-03-03 10:48:05 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{FFE05882-6DA9-42A4-8047-55CEDFE95AE8}
2012-03-03 10:48:05 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{CA4C4C09-A2F7-4B35-A497-2E13E08EFA6E}
2012-03-03 10:48:03 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{7EF48426-7D22-41CF-8AF1-D4F5C0BDF433}
2012-03-03 10:48:02 -------- d-----w- C:\Windows\SysWow64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{B2BD33AC-F7DE-4533-AB8A-FFC6486830FA}
2012-03-03 10:48:02 -------- d-----w- C:\Windows\SysWow64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{96B97420-F13C-4AC1-A39B-EB4552A7709E}
2012-03-03 10:48:01 -------- d-----w- C:\Windows\SysWow64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{D5CFF127-FD2E-439C-9174-E48E03E356CE}
2012-03-03 10:48:00 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{F62AECC1-A61E-405C-B4CB-3363BE0D0068}
2012-03-03 10:48:00 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{40E7C023-B26D-4061-823E-818F09D493B9}
2012-03-03 10:48:00 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{02738692-B79D-45FF-826A-A693CD951389}
2012-03-03 10:26:52 -------- d-----w- C:\Users\Jess\AppData\Local\{C1898870-275E-4F2C-95DA-60E61A6EB8A2}
2012-03-03 10:26:00 -------- d-----w- C:\Users\Jess\AppData\Local\{F1EAD473-F3AF-43C8-9176-503B989540B4}
2012-03-03 04:18:03 -------- d-----w- C:\Users\Jess\AppData\Local\{04FBFE80-9444-42D7-B749-ACB2FF729371}
2012-03-03 04:17:53 -------- d-----w- C:\Users\Jess\AppData\Local\{57B7DEF8-34E4-442B-8ABF-7D5A1B90ED17}
2012-03-02 16:01:40 -------- d-----w- C:\Users\Jess\AppData\Local\{CE1C7E4F-3907-4336-B4AB-F5A5C079F843}
2012-03-02 15:59:28 -------- d-----w- C:\Users\Jess\AppData\Local\{B9EA9E5A-5456-46D7-B0FC-BB97EEE417AA}
2012-03-02 09:40:18 -------- d-----w- C:\Users\Jess\AppData\Local\{F4347332-D0E7-4F12-A747-5363B97B7C1B}
2012-03-02 09:40:08 -------- d-----w- C:\Users\Jess\AppData\Local\{3EC98513-9360-490C-A319-475F912F7073}
2012-03-01 09:39:09 -------- d-----w- C:\Users\Jess\AppData\Local\{49453245-FC74-490A-827F-3AC1A6924A70}
2012-03-01 09:38:59 -------- d-----w- C:\Users\Jess\AppData\Local\{4CF3E3CB-E686-43C3-94BA-4F860065F34D}
2012-02-29 23:56:35 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{7224783D-00AC-42DF-BCF3-84EAE1709F5D}
2012-02-29 23:56:32 -------- d-----w- C:\Windows\SysWow64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{DC2FDB53-BF4E-4B85-855D-1033BCD35293}
2012-02-29 23:56:32 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{7D30B863-84EA-46EA-BC43-1B8BA261E9D5}
2012-02-29 23:11:58 -------- d-----w- C:\Users\Jess\AppData\Local\{3BD0231D-714D-489D-B6F6-2E6F261D95E8}
2012-02-29 23:11:46 -------- d-----w- C:\Users\Jess\AppData\Local\{1769EA76-D1A4-441F-B138-147109BDC741}
2012-02-29 17:13:52 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{D50B359F-EEA3-438E-9813-FA18FD4D75D9}
2012-02-29 17:13:51 -------- d-----w- C:\Windows\SysWow64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{38D78037-752D-41A6-A812-B6436BCF1BCA}
2012-02-29 17:13:50 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{4378352A-46DB-4F1A-A7FC-D047E820C451}
2012-02-29 17:12:57 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{D0FE8B6D-4121-4610-987E-13C6F63FFCF2}
2012-02-29 17:12:55 -------- d-----w- C:\Windows\SysWow64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{FAF58420-9B4E-4304-A90D-2A37589A4737}
2012-02-29 17:12:54 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{73D942DA-B541-4EE6-9300-AD3EAAC20D26}
2012-02-29 15:23:50 -------- d-----w- C:\Users\Jess\AppData\Local\{6AB8EB5B-9EE5-44E7-8848-EFD90CA6A9CB}
2012-02-29 15:23:40 -------- d-----w- C:\Users\Jess\AppData\Local\{48AD6D8E-7335-4E56-87DA-810B90E048BF}
2012-02-28 22:51:05 -------- d-----w- C:\Users\Jess\AppData\Local\{3C820D80-25D2-4EE8-8307-949407FECA54}
2012-02-28 22:50:55 -------- d-----w- C:\Users\Jess\AppData\Local\{CC350AC1-745D-462A-95B8-5EA3A31B615F}
2012-02-27 22:13:25 -------- d-----w- C:\Users\Jess\AppData\Local\{43F82235-DB49-428C-9A3F-2C162778D482}
2012-02-27 22:13:14 -------- d-----w- C:\Users\Jess\AppData\Local\{7AD257C8-D001-47D1-A86F-114C89E0CBF5}
2012-02-26 22:17:39 -------- d-----w- C:\Users\Jess\AppData\Local\{8C197855-8808-4CED-95FC-FFB61F7F4460}
2012-02-26 22:17:29 -------- d-----w- C:\Users\Jess\AppData\Local\{0E0362D4-2332-455B-8E7E-6D5080FF35CD}
2012-02-25 17:14:34 -------- d-----w- C:\Users\Jess\AppData\Local\{04B854E2-E5FF-4E70-A9B2-15202F753A64}
2012-02-24 23:59:31 -------- d-----w- C:\Users\Jess\AppData\Local\{A38119C4-363F-4D8F-AF9C-D44C09EBFFF9}
2012-02-24 23:59:21 -------- d-----w- C:\Users\Jess\AppData\Local\{C8EE16CD-C3BA-47D5-8FDF-8608CCCAA546}
.
==================== Find3M ====================
.
2012-02-23 14:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-04 09:58:13 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 09:03:07 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-01-03 06:24:52 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-01-03 05:44:24 478208 ----a-w- C:\Windows\SysWow64\timedate.cpl
2011-12-28 03:59:11 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
.
============= FINISH: 17:52:34.73 ===============

#4 kpryde

kpryde
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 26 March 2012 - 11:05 AM

Just a quick question, my task manager keeps showing a process called PING.exe it is taking a lot of memory and causing my cooling fan to work overtime. Is this accoociated with the root kit? Or have I squired yet another virus? Also sorry to keep asking questions, by is it still ok to run my computer if I disconnect from the Internet? I have an important deadline next week and need my computer to finish my work.

#5 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:04:15 PM

Posted 26 March 2012 - 02:47 PM

Good evening. :)

regarding GMER, i originally skipped this step as the tutorial suggested as i had a 64-bit system. I wasn't able to check all the areas that were requested as the program was not letting me. so all i managed to check was service registry and files.

That's fine.

is it still ok to run my computer if I disconnect from the Internet?

Should be OK.

When you ran DDS it should have created two logs, dds.txt and attach.txt, and you should have attached the second as both the tutorial and my previous post state. Please post all the information asked for or let me know exactly what the problems were that meant that you couldn't complete the instructions.

So long, and thanks for all the fish.

 

 


#6 kpryde

kpryde
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 26 March 2012 - 03:05 PM

I'm really sorry, I though i attached the file, Hopefully it has worked now, and it has attached to this post. Attached File  Attach.zip   4.04KB   2 downloads I shall ensure to check i have provided all the infomation before i post. thank you for taking the time to help me.

#7 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:04:15 PM

Posted 26 March 2012 - 05:35 PM

Download CKScanner by askey127 from here and save it to your Desktop.

  • Double click CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • Please copy and paste the contents of CKFiles.txt into your next reply.

So long, and thanks for all the fish.

 

 


#8 kpryde

kpryde
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 26 March 2012 - 10:22 PM

contents of ckfiles.txt:

CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11.HCAPUN
----- EOF -----

#9 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:04:15 PM

Posted 27 March 2012 - 03:05 PM

Good evening. :)

All your security software components, Norton Internet Security and Windows Defender, show Disabled/Outdated - is there any reason that they are all disabled and out of date?

Also, download aswMBR.exe from here and save it to your Desktop.

  • Double click the tool to run it.
  • When prompted "Would you like to download latest Avast! virus definitions?" click No .
  • Click the Scan button to, well, start the scan - obvious really!
  • Once the scan reports "Scan finished successfully" click Save log.
  • On my system it offers to save it to the Desktop, which may or may not be it's default behaviour, but it's as handy a place as any.
  • You'll also see a file called MBR.dat appear as well - this is a backup that it created, just in case it's needed. Keep it handy for now.

I'd like the contents of aswMBR.txt in your next reply, if you'd be so kind.

So long, and thanks for all the fish.

 

 


#10 kpryde

kpryde
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 27 March 2012 - 03:57 PM

My norton subscription ran out, and i wasn't able to pay for the re subscription.

I was using windows defender, but at the moment when i click on it says "a problem has caused this programs services to stop" when i try to turn it on it gives me an error code "the specified service does not exist as an installed service. (error code: 0x80070424)"

contents from aswMBR.txt:



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-27 16:19:06
-----------------------------
16:19:06.260 OS Version: Windows x64 6.1.7600
16:19:06.260 Number of processors: 4 586 0x2505
16:19:06.260 ComputerName: JESS-VAIO UserName: Jess
16:19:10.940 Initialize success
16:19:20.410 AVAST engine defs: 12032401
16:19:30.019 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:19:30.019 Disk 0 Vendor: TOSHIBA_ GH01 Size: 476940MB BusType: 3
16:19:30.050 Disk 0 MBR read successfully
16:19:30.050 Disk 0 MBR scan
16:19:30.050 Disk 0 Windows 7 default MBR code
16:19:30.050 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 14609 MB offset 2048
16:19:30.066 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 29921280
16:19:30.097 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 462229 MB offset 30126080
16:19:30.128 Disk 0 scanning C:\Windows\system32\drivers
16:19:41.081 Service scanning
16:19:43.982 Service aniwzcsdservice C:\Windows\system32\botcbs.dll **INFECTED** Win64:ZAccess-E [Rtk]
16:20:27.263 Modules scanning
16:20:27.271 Disk 0 trace - called modules:
16:20:27.619 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
16:20:27.624 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007c70790]
16:20:27.629 3 CLASSPNP.SYS[fffff880015cf43f] -> nt!IofCallDriver -> [0xfffffa8005c00b20]
16:20:27.634 5 ACPI.sys[fffff88000fa1781] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005c59050]
16:20:30.418 AVAST engine scan C:\Windows
16:20:33.818 AVAST engine scan C:\Windows\system32
16:20:44.516 File: C:\Windows\system32\botcbs.dll **INFECTED** Win64:ZAccess-E [Rtk]
16:20:50.304 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Sirefef-HO [Rtk]
16:22:35.614 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
16:22:37.814 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-HO [Rtk]
16:24:30.440 File: C:\Windows\assembly\temp\U\80000004.@ **INFECTED** Win64:ZAccess-A [Trj]
16:24:30.502 File: C:\Windows\assembly\temp\U\80000032.@ **INFECTED** Win32:DNSChanger-VJ [Trj]
16:24:31.422 AVAST engine scan C:\Windows\system32\drivers
16:24:45.119 AVAST engine scan C:\Users\Jess
16:36:16.743 AVAST engine scan C:\ProgramData
16:39:12.629 Scan finished successfully
16:50:21.631 Disk 0 MBR has been saved successfully to "C:\Users\Jess\Desktop\MBR.dat"
16:50:21.636 The log file has been saved successfully to "C:\Users\Jess\Desktop\aswMBR.txt"

#11 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:04:15 PM

Posted 27 March 2012 - 04:11 PM

How long has it been since Norton has been able to update?

So long, and thanks for all the fish.

 

 


#12 kpryde

kpryde
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 27 March 2012 - 04:21 PM

I don't know. I am not able to open the program.

#13 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:04:15 PM

Posted 27 March 2012 - 04:37 PM

Roughly how long has it been since the subscription ran out - all ball-park figure will do.

So long, and thanks for all the fish.

 

 


#14 kpryde

kpryde
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 27 March 2012 - 04:41 PM

6-7monthd maybe?

#15 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:04:15 PM

Posted 28 March 2012 - 02:42 PM

Good evening. :)

What concerns about this is the length of time that your PC has been inadequately protected by your anti-virus program. While you will have been partially protected from the malware that had been identified at the time, the quantity of fresh nasties being released "into the wild" each week makes me wonder what sort of infections your PC may have picked up without any security program fighting it's corner as it were.
If this was my machine I would back up any important data and then reformat and reinstall Windows as this is the best way to guarantee a clean machine given the circumstances, and this is what I recommend you do.

I can supply links to free anti-virus programs to help you keep the machine clean in the future, if you wish.

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users