Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple Trojans Found


  • This topic is locked This topic is locked
18 replies to this topic

#1 Jesson125

Jesson125

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:34 PM

Posted 29 August 2012 - 05:15 PM

Last week, bloopie helped me clean my PC after my Norton 360 discovered multiple trojan infections (that thread here) Unfortunately it seems that the infection was either not completely removed or it is back; last night, my Norton 360 quarantined 3 trojans.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Jesson at 18:12:50 on 2012-08-29
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5692
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\IPSBHO.DLL
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\coIEPlg.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
mRun: [ButtonMonitor] C:\Program Files (x86)\IOI\ButtonMonitor.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [BYRUA_AGENT] C:\ProgramData\LGMOBILEAX\BYR_Client\VZWUAAgent.exe
mRun: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: C:\Users\Jesson\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Jesson\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.21.0.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{9E7D4302-B517-47F3-88CC-64B552D0C3B5} : DhcpNameServer = 68.87.75.194 68.87.64.146 68.87.72.130
TCP: Interfaces\{A08AB3DB-74E8-4E78-AFAC-6D85B2F1998D} : DhcpNameServer = 75.75.76.76 75.75.75.75
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\coIEPlg.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
mRun-x64: [ButtonMonitor] C:\Program Files (x86)\IOI\ButtonMonitor.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun-x64: [BYRUA_AGENT] C:\ProgramData\LGMOBILEAX\BYR_Client\VZWUAAgent.exe
mRun-x64: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce-x64: [Launcher] %WINDIR%\SMINST\launcher.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jesson\AppData\Roaming\Mozilla\Firefox\Profiles\nscq00pb.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.thepittsburghchannel.com/index.html
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-08-25 05:07:51 916456 ----a-w- C:\Windows\System32\deployJava1.dll
2012-08-25 05:07:50 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-08-25 05:07:12 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2012-08-24 06:55:08 -------- d-sh--w- C:\$RECYCLE.BIN
2012-08-23 23:35:08 -------- d-----w- C:\Users\Jesson\AppData\Local\temp
2012-08-23 11:15:55 -------- d-----w- C:\Program Files (x86)\Windows Portable Devices
2012-08-23 11:15:52 -------- d-----w- C:\Program Files\Windows Portable Devices
2012-08-23 11:15:09 -------- d-----w- C:\Windows\SysWow64\spool
2012-08-23 07:15:44 979456 ----a-w- C:\Windows\SysWow64\MFH264Dec.dll
2012-08-23 07:14:46 3584 ----a-w- C:\Windows\System32\drivers\en-US\dxgkrnl.sys.mui
2012-08-23 07:04:32 92672 ----a-w- C:\Windows\SysWow64\UIAnimation.dll
2012-08-23 07:04:32 1164800 ----a-w- C:\Windows\System32\UIRibbonRes.dll
2012-08-23 07:04:32 103424 ----a-w- C:\Windows\System32\UIAnimation.dll
2012-08-23 07:04:31 3815424 ----a-w- C:\Windows\System32\UIRibbon.dll
2012-08-23 07:04:31 3023360 ----a-w- C:\Windows\SysWow64\UIRibbon.dll
2012-08-23 07:04:31 1164800 ----a-w- C:\Windows\SysWow64\UIRibbonRes.dll
2012-08-23 07:03:48 78848 ----a-w- C:\Windows\System32\imagehlp.dll
2012-08-23 07:03:48 5632 ----a-w- C:\Windows\System32\wmi.dll
2012-08-23 07:03:48 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-08-23 07:03:48 219136 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-23 07:03:48 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-23 07:03:48 16384 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-08-23 07:03:48 157696 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-08-14 00:04:51 129024 ----a-w- C:\Windows\RegBootClean64.exe
2012-08-14 00:03:02 167696 ----a-w- C:\Windows\System32\drivers\tmcomm.sys
2012-08-06 11:04:14 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-08-06 11:04:14 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
.
==================== Find3M ====================
.
2012-08-23 07:15:44 428544 ----a-w- C:\Windows\System32\MFHEAACdec.dll
2012-08-23 07:14:45 449024 ----a-w- C:\Windows\System32\WMPhoto.dll
2012-08-15 05:25:13 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-15 05:25:12 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 17:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-05 16:47:28 1401856 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-05 16:47:27 1248768 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-05 16:22:47 1797120 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-05 16:22:46 1869824 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-04 15:29:59 516480 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 22:12:13 88576 ----a-w- C:\Windows\SysWow64\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 19:19:42 171904 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 19:12:20 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2012-06-02 00:22:56 347136 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 00:22:10 254464 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 00:05:11 77312 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 00:04:25 278528 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 00:03:42 204288 ----a-w- C:\Windows\SysWow64\ncrypt.dll
.
============= FINISH: 18:13:42.25 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:34 PM

Posted 31 August 2012 - 05:06 PM

Please do the following:

download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
services.exe
[*]now press the search button
[*]when the search is complete, search.txt will also be written to your USB
[*]type exit and reboot the computer normally
[*]please copy and paste both logs in your reply.(FRST.txt and Search.txt)[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 Jesson125

Jesson125
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:34 PM

Posted 01 September 2012 - 06:36 PM

I followed your directions precisely, but no services.txt was written to the flash drive. Do you want me to try running it again?

Here is the frst.txt

Scan result of Farbar Recovery Scan Tool Version: 19-08-2012
Ran by SYSTEM at 01-09-2012 19:27:36
Running from I:\
Windows Vista ™ Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] RAVCpl64.exe [x]
HKLM\...\Run: [Skytel] Skytel.exe [x]
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ButtonMonitor] C:\Program Files (x86)\IOI\ButtonMonitor.exe [53248 2007-05-11] ()
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421160 2011-01-25] (Apple Inc.)
HKLM-x32\...\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [BYRUA_AGENT] C:\ProgramData\LGMOBILEAX\BYR_Client\VZWUAAgent.exe [396408 2012-07-27] (LG Electronics)
HKLM-x32\...\Run: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe [43520 2011-02-14] ()
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\Default\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-10] (Microsoft Corporation)
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-10] (Microsoft Corporation)
HKU\Jesson\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\Jesson\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\Mcx1\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\Mcx1\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-10] (Microsoft Corporation)
HKU\Mcx1\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\Mcx1\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [196608 2009-04-10] (Microsoft Corporation)
HKLM-x32\...\Runonce: [Launcher] %WINDIR%\SMINST\launcher.exe [x]
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
Startup: C:\Users\Jesson\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)

==================== Services (Whitelisted) ======

2 N360; "C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe" /s "N360" /m "C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\diMaster.dll" /prefetch:1 [135032 2010-04-29] (Symantec Corporation)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2011-05-31] ()

========================== Drivers (Whitelisted) =============

3 BCM43XV; C:\Windows\System32\DRIVERS\bcmwl664.sys [550912 2006-10-06] (Broadcom Corporation)
1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20120823.007\BHDrvx64.sys [1161376 2012-06-18] (Symantec Corporation)
1 ccHP; C:\Windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys [593544 2011-08-03] (Symantec Corporation)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-08] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-08] (Symantec Corporation)
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20120831.001\IDSvia64.sys [512672 2012-08-21] (Symantec Corporation)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20120831.032\ENG64.SYS [125600 2012-08-20] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20120831.032\EX64.SYS [2084000 2012-08-20] (Symantec Corporation)
3 PnkBstrK; C:\Windows\SysWow64\Drivers\PnkBstrK.sys [22584 2009-08-03] ()
2 PrismXL; C:\Program Files (x86)\Common Files\New Boundary\PrismXL\PRISMXL.SYS [65536 2008-05-12] (New Boundary Technologies, Inc.)
3 SRTSP; C:\Windows\System32\Drivers\N360x64\0404000.00C\SRTSP64.SYS [505392 2010-04-21] (Symantec Corporation)
1 SRTSPX; C:\Windows\system32\drivers\N360x64\0404000.00C\SRTSPX64.SYS [32304 2010-04-21] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\N360x64\0404000.00C\SYMDS64.SYS [433200 2010-02-03] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\N360x64\0404000.00C\SYMEFA64.SYS [221304 2011-08-21] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [173104 2010-05-16] (Symantec Corporation)
1 SymIRON; C:\Windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS [150064 2010-04-28] (Symantec Corporation)
1 SYMTDIv; C:\Windows\System32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS [451704 2011-08-21] (Symantec Corporation)
1 Beep; [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-09-01 19:27 - 2012-09-01 19:27 - 00000000 ____D C:\FRST
2012-08-29 14:14 - 2012-08-29 14:14 - 00010266 ____A C:\Users\Jesson\Desktop\DDS.txt
2012-08-29 14:14 - 2012-08-29 14:14 - 00007042 ____A C:\Users\Jesson\Desktop\Attach.txt
2012-08-29 13:57 - 2012-08-29 13:57 - 00607260 ____R (Swearware) C:\Users\Jesson\Desktop\dds.com
2012-08-24 21:15 - 2012-08-24 21:15 - 00000000 ____D C:\Program Files (x86)\Adobe
2012-08-24 21:07 - 2012-08-24 21:06 - 01034216 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-08-24 21:07 - 2012-08-24 21:06 - 00916456 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-08-24 21:07 - 2012-08-24 21:06 - 00289768 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-08-24 21:07 - 2012-08-24 21:06 - 00189416 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-08-24 21:07 - 2012-08-24 21:06 - 00188904 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-08-24 21:07 - 2012-08-24 21:06 - 00108008 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2012-08-24 21:06 - 2012-08-24 21:06 - 00000000 ____D C:\Program Files\Java
2012-08-23 03:15 - 2012-08-23 03:15 - 00000000 ____D C:\Windows\SysWOW64\spool
2012-08-23 03:15 - 2012-08-23 03:15 - 00000000 ____D C:\Program Files\Windows Portable Devices
2012-08-23 03:15 - 2012-08-23 03:15 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2012-08-23 03:14 - 2012-08-23 03:14 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2012-08-23 03:14 - 2012-08-23 03:14 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_07_00.Wdf
2012-08-22 23:38 - 2009-09-30 17:02 - 02537472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2012-08-22 23:38 - 2009-09-30 17:02 - 00334848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceApi.dll
2012-08-22 23:38 - 2009-09-30 17:02 - 00087552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WPDShServiceObj.dll
2012-08-22 23:38 - 2009-09-30 17:02 - 00030208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WPDShextAutoplay.exe
2012-08-22 23:38 - 2009-09-30 17:01 - 00350208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WPDSp.dll
2012-08-22 23:38 - 2009-09-30 17:01 - 00196608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceWMDRM.dll
2012-08-22 23:38 - 2009-09-30 17:01 - 00160256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceTypes.dll
2012-08-22 23:38 - 2009-09-30 17:01 - 00100864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceClassExtension.dll
2012-08-22 23:38 - 2009-09-30 17:01 - 00060928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceConnectApi.dll
2012-08-22 23:38 - 2009-09-30 16:52 - 02727936 ____A (Microsoft Corporation) C:\Windows\System32\wpdshext.dll
2012-08-22 23:38 - 2009-09-30 16:52 - 00453120 ____A (Microsoft Corporation) C:\Windows\System32\PortableDeviceApi.dll
2012-08-22 23:38 - 2009-09-30 16:52 - 00034816 ____A (Microsoft Corporation) C:\Windows\System32\WPDShextAutoplay.exe
2012-08-22 23:38 - 2009-09-30 16:51 - 00573440 ____A (Microsoft Corporation) C:\Windows\System32\wpd_ci.dll
2012-08-22 23:38 - 2009-09-30 16:51 - 00433152 ____A (Microsoft Corporation) C:\Windows\System32\WPDSp.dll
2012-08-22 23:38 - 2009-09-30 16:51 - 00295936 ____A (Microsoft Corporation) C:\Windows\System32\WpdMtp.dll
2012-08-22 23:38 - 2009-09-30 16:51 - 00218624 ____A (Microsoft Corporation) C:\Windows\System32\PortableDeviceWMDRM.dll
2012-08-22 23:38 - 2009-09-30 16:51 - 00214528 ____A (Microsoft Corporation) C:\Windows\System32\PortableDeviceTypes.dll
2012-08-22 23:38 - 2009-09-30 16:51 - 00113152 ____A (Microsoft Corporation) C:\Windows\System32\PortableDeviceClassExtension.dll
2012-08-22 23:38 - 2009-09-30 16:51 - 00110080 ____A (Microsoft Corporation) C:\Windows\System32\WPDShServiceObj.dll
2012-08-22 23:38 - 2009-09-30 16:51 - 00107008 ____A (Microsoft Corporation) C:\Windows\System32\wpdbusenum.dll
2012-08-22 23:38 - 2009-09-30 16:51 - 00077824 ____A (Microsoft Corporation) C:\Windows\System32\PortableDeviceConnectApi.dll
2012-08-22 23:38 - 2009-09-30 16:51 - 00075264 ____A (Microsoft Corporation) C:\Windows\System32\WpdMtpUS.dll
2012-08-22 23:38 - 2009-09-30 16:51 - 00046592 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WpdUsb.sys
2012-08-22 23:38 - 2009-09-30 16:51 - 00037888 ____A (Microsoft Corporation) C:\Windows\System32\BthMtpContextHandler.dll
2012-08-22 23:38 - 2009-09-30 16:51 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\WpdConns.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-08-22 23:17 - 2012-08-22 23:17 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-08-22 23:17 - 2012-08-22 23:17 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-22 23:17 - 2012-08-22 23:17 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-22 23:17 - 2012-08-22 23:17 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-22 23:17 - 2012-08-22 23:17 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-08-22 23:17 - 2012-08-22 23:17 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-08-22 23:17 - 2012-08-22 23:17 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-08-22 23:17 - 2012-08-22 23:17 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-22 23:17 - 2012-08-22 23:17 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-08-22 23:17 - 2012-08-22 23:17 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-08-22 23:17 - 2012-08-22 23:17 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-08-22 23:17 - 2012-08-22 23:17 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-08-22 23:17 - 2012-08-22 23:17 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-08-22 23:17 - 2012-08-22 23:17 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\advpack.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00114176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\advpack.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-08-22 23:17 - 2012-08-22 23:17 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-08-22 23:17 - 2012-08-22 23:17 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-08-22 23:17 - 2012-08-22 23:17 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-08-22 23:17 - 2012-08-22 23:17 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-08-22 23:17 - 2012-08-22 23:17 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-08-22 23:17 - 2012-08-22 23:17 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-08-22 23:17 - 2012-08-22 23:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-08-22 23:17 - 2012-08-22 23:17 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-08-22 23:17 - 2012-08-22 23:17 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-08-22 23:17 - 2012-08-22 23:17 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-08-22 23:17 - 2012-08-22 23:17 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-08-22 23:15 - 2012-08-22 23:15 - 03548672 ____A (Microsoft Corporation) C:\Windows\System32\mf.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 03068416 ____A (Microsoft Corporation) C:\Windows\System32\xpsservices.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 02873344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 02002944 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 01653760 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 01554432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xpsservices.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 01461760 ____A (Microsoft Corporation) C:\Windows\System32\OpcServices.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 01268224 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 01257984 ____A (Microsoft Corporation) C:\Windows\System32\MFH264Dec.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 01204224 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 01172480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 01075712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 01032192 ____A (Microsoft Corporation) C:\Windows\System32\printfilterpipelinesvc.exe
2012-08-22 23:15 - 2012-08-22 23:15 - 01029120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 00979456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MFH264Dec.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 00900480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2012-08-22 23:15 - 2012-08-22 23:15 - 00876032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 00847360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\OpcServices.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 00834048 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 00748544 ____A (Microsoft Corporation) C:\Windows\System32\stobject.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 00683008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 00625152 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 00586240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\stobject.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 00566272 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 00486400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 00478720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 00428544 ____A (Microsoft Corporation) C:\Windows\System32\MFHEAACdec.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 00377344 ____A (Microsoft Corporation) C:\Windows\System32\mfmp4src.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\winspool.drv
2012-08-22 23:15 - 2012-08-22 23:15 - 00357376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MFHEAACdec.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 00345088 ____A (Microsoft Corporation) C:\Windows\System32\mfreadwrite.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 00327680 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 00302592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4src.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 00287232 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 00278528 ____A (Microsoft Corporation) C:\Windows\System32\mfplat.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 00261632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 00258048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2012-08-22 23:15 - 2012-08-22 23:15 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\XpsRasterService.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 00219648 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 00209920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 00196096 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 00195072 ____A (Microsoft Corporation) C:\Windows\System32\mfps.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 00189952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 00160768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 00135680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsRasterService.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 00098816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 00047104 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 00035840 ____A (Microsoft Corporation) C:\Windows\System32\printfilterpipelineprxy.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 00034304 ____A (Microsoft Corporation) C:\Windows\System32\mfpmp.exe
2012-08-22 23:14 - 2012-08-22 23:14 - 01209856 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2012-08-22 23:14 - 2012-08-22 23:14 - 00974848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2012-08-22 23:14 - 2012-08-22 23:14 - 00792576 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2012-08-22 23:14 - 2012-08-22 23:14 - 00519680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2012-08-22 23:14 - 2012-08-22 23:14 - 00449024 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2012-08-22 23:14 - 2012-08-22 23:14 - 00411648 ____A (Microsoft Corporation) C:\Windows\System32\PhotoMetadataHandler.dll
2012-08-22 23:14 - 2012-08-22 23:14 - 00369664 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2012-08-22 23:14 - 2012-08-22 23:14 - 00328192 ____A (Microsoft Corporation) C:\Windows\System32\dxdiag.exe
2012-08-22 23:14 - 2012-08-22 23:14 - 00321024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\PhotoMetadataHandler.dll
2012-08-22 23:14 - 2012-08-22 23:14 - 00262656 ____A (Microsoft Corporation) C:\Windows\System32\dxdiagn.dll
2012-08-22 23:14 - 2012-08-22 23:14 - 00252928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxdiag.exe
2012-08-22 23:14 - 2012-08-22 23:14 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2012-08-22 23:14 - 2012-08-22 23:14 - 00195584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxdiagn.dll
2012-08-22 23:14 - 2012-08-22 23:14 - 00189440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2012-08-22 23:12 - 2012-08-22 23:18 - 00004020 ____A C:\Windows\IE9_main.log
2012-08-22 23:04 - 2009-09-09 18:07 - 03815424 ____A (Microsoft Corporation) C:\Windows\System32\UIRibbon.dll
2012-08-22 23:04 - 2009-09-09 18:06 - 01164800 ____A (Microsoft Corporation) C:\Windows\System32\UIRibbonRes.dll
2012-08-22 23:04 - 2009-09-09 18:05 - 00103424 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2012-08-22 23:04 - 2009-09-09 18:01 - 03023360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbon.dll
2012-08-22 23:04 - 2009-09-09 18:00 - 01164800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbonRes.dll
2012-08-22 23:04 - 2009-09-09 18:00 - 00092672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2012-08-22 23:03 - 2012-02-29 07:37 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-08-22 23:03 - 2012-02-29 07:37 - 00005632 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-08-22 23:03 - 2012-02-29 07:35 - 00078848 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-08-22 23:03 - 2012-02-29 07:11 - 00172032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-08-22 23:03 - 2012-02-29 07:11 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-08-22 23:03 - 2012-02-29 07:09 - 00157696 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-08-22 23:03 - 2012-02-29 05:52 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-08-22 15:12 - 2012-08-29 12:17 - 00000000 ____D C:\Windows\erdnt
2012-08-14 12:40 - 2012-09-01 01:56 - 00011298 ____A C:\Windows\setupact.log
2012-08-14 12:40 - 2012-08-14 12:40 - 00000000 ____A C:\Windows\setuperr.log
2012-08-13 17:32 - 2012-08-14 01:53 - 00000000 ____D C:\Users\Jesson\Desktop\comics
2012-08-13 17:10 - 2012-08-13 17:10 - 00070760 ____A C:\Users\Jesson\Local Settings\GDIPFONTCACHEV1.DAT
2012-08-13 17:10 - 2012-08-13 17:10 - 00070760 ____A C:\Users\Jesson\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-08-13 17:10 - 2012-08-13 17:10 - 00070760 ____A C:\Users\Jesson\AppData\Local\GDIPFONTCACHEV1.DAT
2012-08-13 16:04 - 2012-08-13 16:04 - 00129024 ____A C:\Windows\RegBootClean64.exe
2012-08-13 16:03 - 2012-08-13 16:03 - 00167696 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmcomm.sys
2012-08-13 16:02 - 2012-08-13 16:03 - 00000000 ____D C:\Users\Jesson\Downloads\TrendMicro AntiThreat Toolkit
2012-08-13 15:54 - 2012-08-13 15:54 - 00000036 ____A C:\Users\Jesson\Local Settings\housecall.guid.cache
2012-08-13 15:54 - 2012-08-13 15:54 - 00000036 ____A C:\Users\Jesson\Local Settings\Application Data\housecall.guid.cache
2012-08-13 15:54 - 2012-08-13 15:54 - 00000036 ____A C:\Users\Jesson\AppData\Local\housecall.guid.cache
2012-08-13 13:04 - 2012-08-13 13:04 - 07921752 ____A (Trend Micro Inc.) C:\Users\Jesson\Downloads\attk_far_gui_x64.exe
2012-08-13 12:11 - 2012-09-01 02:25 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-04 20:00 - 2012-08-04 20:00 - 00138802 ____A C:\Users\Jesson\Desktop\b266e047825ba8f59c86ccd66caad393.jpeg
2012-08-02 14:23 - 2012-08-29 12:21 - 00009558 ____A C:\Windows\PFRO.log

============ 3 Months Modified Files ========================

2012-09-01 15:23 - 2011-11-16 13:07 - 01510829 ____A C:\Windows\WindowsUpdate.log
2012-09-01 15:23 - 2006-11-02 07:42 - 00032640 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-09-01 15:23 - 2006-11-02 07:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-01 15:23 - 2006-11-02 07:22 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-01 15:23 - 2006-11-02 07:22 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-01 15:14 - 2011-09-19 21:23 - 00002427 ____A C:\Windows\SysWOW64\lgAxconfig.ini
2012-09-01 02:25 - 2012-08-13 12:11 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-09-01 01:56 - 2012-08-14 12:40 - 00011298 ____A C:\Windows\setupact.log
2012-08-29 14:14 - 2012-08-29 14:14 - 00010266 ____A C:\Users\Jesson\Desktop\DDS.txt
2012-08-29 14:14 - 2012-08-29 14:14 - 00007042 ____A C:\Users\Jesson\Desktop\Attach.txt
2012-08-29 13:57 - 2012-08-29 13:57 - 00607260 ____R (Swearware) C:\Users\Jesson\Desktop\dds.com
2012-08-29 12:30 - 2006-11-02 07:21 - 00305208 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-29 12:21 - 2012-08-02 14:23 - 00009558 ____A C:\Windows\PFRO.log
2012-08-24 21:21 - 2006-11-02 04:46 - 00709408 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-24 21:06 - 2012-08-24 21:07 - 01034216 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-08-24 21:06 - 2012-08-24 21:07 - 00916456 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-08-24 21:06 - 2012-08-24 21:07 - 00289768 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-08-24 21:06 - 2012-08-24 21:07 - 00189416 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-08-24 21:06 - 2012-08-24 21:07 - 00188904 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-08-24 21:06 - 2012-08-24 21:07 - 00108008 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2012-08-23 15:32 - 2006-11-02 04:34 - 00000215 ____A C:\Windows\system.ini
2012-08-23 03:14 - 2012-08-23 03:14 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2012-08-23 03:14 - 2012-08-23 03:14 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_07_00.Wdf
2012-08-22 23:18 - 2012-08-22 23:12 - 00004020 ____A C:\Windows\IE9_main.log
2012-08-22 23:17 - 2012-08-22 23:17 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-08-22 23:17 - 2012-08-22 23:17 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-08-22 23:17 - 2012-08-22 23:17 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-22 23:17 - 2012-08-22 23:17 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-22 23:17 - 2012-08-22 23:17 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-22 23:17 - 2012-08-22 23:17 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-08-22 23:17 - 2012-08-22 23:17 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-08-22 23:17 - 2012-08-22 23:17 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-08-22 23:17 - 2012-08-22 23:17 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-22 23:17 - 2012-08-22 23:17 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-08-22 23:17 - 2012-08-22 23:17 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-08-22 23:17 - 2012-08-22 23:17 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-08-22 23:17 - 2012-08-22 23:17 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-08-22 23:17 - 2012-08-22 23:17 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-08-22 23:17 - 2012-08-22 23:17 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\advpack.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00114176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\advpack.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-08-22 23:17 - 2012-08-22 23:17 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-08-22 23:17 - 2012-08-22 23:17 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-08-22 23:17 - 2012-08-22 23:17 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-08-22 23:17 - 2012-08-22 23:17 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-08-22 23:17 - 2012-08-22 23:17 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-08-22 23:17 - 2012-08-22 23:17 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-08-22 23:17 - 2012-08-22 23:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-08-22 23:17 - 2012-08-22 23:17 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-08-22 23:17 - 2012-08-22 23:17 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-08-22 23:17 - 2012-08-22 23:17 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-08-22 23:17 - 2012-08-22 23:17 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-08-22 23:17 - 2012-08-22 23:17 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-08-22 23:17 - 2006-11-02 04:16 - 00008798 ____A C:\Windows\SysWOW64\icrav03.rat
2012-08-22 23:17 - 2006-11-02 04:16 - 00001988 ____A C:\Windows\SysWOW64\ticrf.rat
2012-08-22 23:17 - 2006-11-01 22:36 - 00008798 ____A C:\Windows\System32\icrav03.rat
2012-08-22 23:17 - 2006-11-01 22:36 - 00001988 ____A C:\Windows\System32\ticrf.rat
2012-08-22 23:15 - 2012-08-22 23:15 - 03548672 ____A (Microsoft Corporation) C:\Windows\System32\mf.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 03068416 ____A (Microsoft Corporation) C:\Windows\System32\xpsservices.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 02873344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 02002944 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 01653760 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 01554432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xpsservices.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 01461760 ____A (Microsoft Corporation) C:\Windows\System32\OpcServices.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 01268224 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 01257984 ____A (Microsoft Corporation) C:\Windows\System32\MFH264Dec.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 01204224 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 01172480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 01075712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 01032192 ____A (Microsoft Corporation) C:\Windows\System32\printfilterpipelinesvc.exe
2012-08-22 23:15 - 2012-08-22 23:15 - 01029120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 00979456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MFH264Dec.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 00900480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2012-08-22 23:15 - 2012-08-22 23:15 - 00876032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 00847360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\OpcServices.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 00834048 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 00748544 ____A (Microsoft Corporation) C:\Windows\System32\stobject.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 00683008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 00625152 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 00586240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\stobject.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 00566272 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 00486400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 00478720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 00428544 ____A (Microsoft Corporation) C:\Windows\System32\MFHEAACdec.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 00377344 ____A (Microsoft Corporation) C:\Windows\System32\mfmp4src.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\winspool.drv
2012-08-22 23:15 - 2012-08-22 23:15 - 00357376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MFHEAACdec.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 00345088 ____A (Microsoft Corporation) C:\Windows\System32\mfreadwrite.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 00327680 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 00302592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4src.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 00287232 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 00278528 ____A (Microsoft Corporation) C:\Windows\System32\mfplat.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 00261632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 00258048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2012-08-22 23:15 - 2012-08-22 23:15 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\XpsRasterService.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 00219648 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 00209920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 00196096 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 00195072 ____A (Microsoft Corporation) C:\Windows\System32\mfps.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 00189952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 00160768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 00135680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsRasterService.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 00098816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 00047104 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 00035840 ____A (Microsoft Corporation) C:\Windows\System32\printfilterpipelineprxy.dll
2012-08-22 23:15 - 2012-08-22 23:15 - 00034304 ____A (Microsoft Corporation) C:\Windows\System32\mfpmp.exe
2012-08-22 23:14 - 2012-08-22 23:14 - 01209856 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2012-08-22 23:14 - 2012-08-22 23:14 - 00974848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2012-08-22 23:14 - 2012-08-22 23:14 - 00792576 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2012-08-22 23:14 - 2012-08-22 23:14 - 00519680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2012-08-22 23:14 - 2012-08-22 23:14 - 00449024 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2012-08-22 23:14 - 2012-08-22 23:14 - 00411648 ____A (Microsoft Corporation) C:\Windows\System32\PhotoMetadataHandler.dll
2012-08-22 23:14 - 2012-08-22 23:14 - 00369664 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2012-08-22 23:14 - 2012-08-22 23:14 - 00328192 ____A (Microsoft Corporation) C:\Windows\System32\dxdiag.exe
2012-08-22 23:14 - 2012-08-22 23:14 - 00321024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\PhotoMetadataHandler.dll
2012-08-22 23:14 - 2012-08-22 23:14 - 00262656 ____A (Microsoft Corporation) C:\Windows\System32\dxdiagn.dll
2012-08-22 23:14 - 2012-08-22 23:14 - 00252928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxdiag.exe
2012-08-22 23:14 - 2012-08-22 23:14 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2012-08-22 23:14 - 2012-08-22 23:14 - 00195584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxdiagn.dll
2012-08-22 23:14 - 2012-08-22 23:14 - 00189440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2012-08-14 21:25 - 2012-04-13 14:22 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-14 21:25 - 2011-08-22 02:53 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-14 12:40 - 2012-08-14 12:40 - 00000000 ____A C:\Windows\setuperr.log
2012-08-13 17:10 - 2012-08-13 17:10 - 00070760 ____A C:\Users\Jesson\Local Settings\GDIPFONTCACHEV1.DAT
2012-08-13 17:10 - 2012-08-13 17:10 - 00070760 ____A C:\Users\Jesson\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-08-13 17:10 - 2012-08-13 17:10 - 00070760 ____A C:\Users\Jesson\AppData\Local\GDIPFONTCACHEV1.DAT
2012-08-13 16:04 - 2012-08-13 16:04 - 00129024 ____A C:\Windows\RegBootClean64.exe
2012-08-13 16:03 - 2012-08-13 16:03 - 00167696 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmcomm.sys
2012-08-13 15:54 - 2012-08-13 15:54 - 00000036 ____A C:\Users\Jesson\Local Settings\housecall.guid.cache
2012-08-13 15:54 - 2012-08-13 15:54 - 00000036 ____A C:\Users\Jesson\Local Settings\Application Data\housecall.guid.cache
2012-08-13 15:54 - 2012-08-13 15:54 - 00000036 ____A C:\Users\Jesson\AppData\Local\housecall.guid.cache
2012-08-13 13:04 - 2012-08-13 13:04 - 07921752 ____A (Trend Micro Inc.) C:\Users\Jesson\Downloads\attk_far_gui_x64.exe
2012-08-10 18:21 - 2010-07-26 20:53 - 00000943 ____A C:\Users\Public\Desktop\StarCraft II.lnk
2012-08-10 18:21 - 2010-07-26 20:53 - 00000943 ____A C:\Users\All Users\Desktop\StarCraft II.lnk
2012-08-04 20:00 - 2012-08-04 20:00 - 00138802 ____A C:\Users\Jesson\Desktop\b266e047825ba8f59c86ccd66caad393.jpeg
2012-08-02 00:36 - 2008-08-26 22:31 - 00213504 ____A C:\Users\Jesson\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-02 00:36 - 2008-08-26 22:31 - 00213504 ____A C:\Users\Jesson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-02 00:36 - 2008-08-26 22:31 - 00213504 ____A C:\Users\Jesson\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-07-23 15:18 - 2012-02-08 23:51 - 00002497 ____A C:\Users\Public\Desktop\WoW Model Viewer 64-bit.lnk
2012-07-23 15:18 - 2012-02-08 23:51 - 00002497 ____A C:\Users\All Users\Desktop\WoW Model Viewer 64-bit.lnk
2012-07-03 09:46 - 2012-02-06 22:26 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-08 09:59 - 2012-07-10 17:53 - 12899840 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 09:47 - 2012-07-10 17:53 - 11586048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-05 08:47 - 2012-07-10 17:53 - 01401856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 08:47 - 2012-07-10 17:53 - 01248768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 08:22 - 2012-07-10 17:53 - 01869824 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 08:22 - 2012-07-10 17:53 - 01797120 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-04 07:29 - 2012-07-10 17:53 - 00516480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys

ZeroAccess:
C:\Windows\Installer\{b3fd0a3e-c0a9-cc91-bdbf-6d4702427f02}
C:\Windows\Installer\{b3fd0a3e-c0a9-cc91-bdbf-6d4702427f02}\L
C:\Windows\Installer\{b3fd0a3e-c0a9-cc91-bdbf-6d4702427f02}\U

ZeroAccess:
C:\Users\Jesson\AppData\Local\{b3fd0a3e-c0a9-cc91-bdbf-6d4702427f02}
C:\Users\Jesson\AppData\Local\{b3fd0a3e-c0a9-cc91-bdbf-6d4702427f02}\@
C:\Users\Jesson\AppData\Local\{b3fd0a3e-c0a9-cc91-bdbf-6d4702427f02}\L
C:\Users\Jesson\AppData\Local\{b3fd0a3e-c0a9-cc91-bdbf-6d4702427f02}\n
C:\Users\Jesson\AppData\Local\{b3fd0a3e-c0a9-cc91-bdbf-6d4702427f02}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 12%
Total physical RAM: 3838.38 MB
Available physical RAM: 3358.17 MB
Total Pagefile: 3712.3 MB
Available Pagefile: 3472.67 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (Partition_1) (Fixed) (Total:450.3 GB) (Free:126.39 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
7 Drive i: (DIABLO II) (Removable) (Total:3.73 GB) (Free:3.73 GB) FAT32
8 Drive x: (Recovery) (Fixed) (Total:15.46 GB) (Free:7.95 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 466 GB 1528 KB
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 Online 3824 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 15 GB 32 KB
Partition 2 Primary 450 GB 15 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 X Recovery NTFS Partition 15 GB Healthy Boot

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 C Partition_1 NTFS Partition 450 GB Healthy

==================================================================================

Partitions of Disk 5:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3823 MB 564 KB

==================================================================================

Disk: 5
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 I DIABLO II FAT32 Removable 3823 MB Healthy

==================================================================================

Last Boot: 2012-09-01 15:23

======================= End Of Log ==========================

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:34 PM

Posted 01 September 2012 - 07:12 PM

no, we don't need it as FRST is showing the MD5 for services.exe is legit, so we are OK

please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
C:\Windows\Installer\{b3fd0a3e-c0a9-cc91-bdbf-6d4702427f02}
C:\Users\Jesson\AppData\Local\{b3fd0a3e-c0a9-cc91-bdbf-6d4702427f02}
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.



NEXT


Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 Jesson125

Jesson125
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:34 PM

Posted 01 September 2012 - 08:20 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 19-08-2012
Ran by SYSTEM at 2012-09-01 20:48:25 Run:1
Running from D:\

==============================================

C:\Windows\Installer\{b3fd0a3e-c0a9-cc91-bdbf-6d4702427f02} moved successfully.
C:\Users\Jesson\AppData\Local\{b3fd0a3e-c0a9-cc91-bdbf-6d4702427f02} moved successfully.

==== End of Fixlog ====


ComboFix 12-08-31.08 - Jesson 09/01/2012 21:06:15.3.3 - x64
Running from: c:\users\Jesson\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-08-02 to 2012-09-02 )))))))))))))))))))))))))))))))
.
.
2012-09-02 03:27 . 2012-09-02 03:27 -------- d-----w- C:\FRST
2012-08-30 07:39 . 2012-08-30 07:39 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-08-25 05:15 . 2012-08-25 05:15 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-08-25 05:07 . 2012-08-25 05:06 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-25 05:07 . 2012-08-25 05:06 289768 ----a-w- c:\windows\system32\javaws.exe
2012-08-25 05:07 . 2012-08-25 05:06 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-25 05:07 . 2012-08-25 05:06 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-08-25 05:07 . 2012-08-25 05:06 189416 ----a-w- c:\windows\system32\javaw.exe
2012-08-25 05:07 . 2012-08-25 05:06 188904 ----a-w- c:\windows\system32\java.exe
2012-08-25 05:06 . 2012-08-25 05:06 -------- d-----w- c:\program files\Java
2012-08-23 11:15 . 2012-08-23 11:15 -------- d-----w- c:\program files (x86)\Windows Portable Devices
2012-08-23 11:15 . 2012-08-23 11:15 -------- d-----w- c:\program files\Windows Portable Devices
2012-08-23 11:15 . 2012-08-23 11:15 -------- d-----w- c:\windows\SysWow64\spool
2012-08-23 07:15 . 2012-08-23 07:15 979456 ----a-w- c:\windows\SysWow64\MFH264Dec.dll
2012-08-23 07:14 . 2012-08-23 07:14 3584 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
2012-08-23 07:04 . 2009-09-10 02:06 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2012-08-23 07:04 . 2009-09-10 02:05 103424 ----a-w- c:\windows\system32\UIAnimation.dll
2012-08-23 07:04 . 2009-09-10 02:00 92672 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2012-08-23 07:04 . 2009-09-10 02:07 3815424 ----a-w- c:\windows\system32\UIRibbon.dll
2012-08-23 07:04 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\SysWow64\UIRibbon.dll
2012-08-23 07:04 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\SysWow64\UIRibbonRes.dll
2012-08-23 07:03 . 2012-02-29 15:37 5632 ----a-w- c:\windows\system32\wmi.dll
2012-08-23 07:03 . 2012-02-29 15:37 219136 ----a-w- c:\windows\system32\wintrust.dll
2012-08-23 07:03 . 2012-02-29 15:35 78848 ----a-w- c:\windows\system32\imagehlp.dll
2012-08-23 07:03 . 2012-02-29 15:11 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-08-23 07:03 . 2012-02-29 15:11 172032 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-08-23 07:03 . 2012-02-29 15:09 157696 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-08-23 07:03 . 2012-02-29 13:52 16384 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-08-14 00:04 . 2012-08-14 00:04 129024 ----a-w- c:\windows\RegBootClean64.exe
2012-08-14 00:03 . 2012-08-14 00:03 167696 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-08-06 11:04 . 2012-08-06 11:04 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-08-06 11:04 . 2012-08-06 11:04 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 05:25 . 2012-04-13 22:22 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-15 05:25 . 2011-08-22 10:53 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 17:46 . 2012-02-07 06:26 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-08 17:59 . 2012-07-11 01:53 12899840 ----a-w- c:\windows\system32\shell32.dll
2012-06-05 16:47 . 2012-07-11 01:53 1401856 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-05 16:47 . 2012-07-11 01:53 1248768 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-05 16:22 . 2012-07-11 01:53 1797120 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:22 . 2012-07-11 01:53 1869824 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:29 . 2012-07-11 01:53 516480 ----a-w- c:\windows\system32\drivers\ksecdd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Jesson\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Jesson\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Jesson\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Jesson\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"ButtonMonitor"="c:\program files (x86)\IOI\ButtonMonitor.exe" [2007-05-11 53248]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"BYRUA_AGENT"="c:\programdata\LGMOBILEAX\BYR_Client\VZWUAAgent.exe" [2012-07-27 396408]
"VMM Mode Selection"="c:\program files\HTC\ModeSelection\VMMModeSelection.exe" [2011-02-14 43520]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2008-01-19 40072]
.
c:\users\Jesson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Jesson\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 05:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Jesson\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Jesson\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Jesson\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Jesson\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2007-12-17 5453824]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5692
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Jesson\AppData\Roaming\Mozilla\Firefox\Profiles\nscq00pb.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.thepittsburghchannel.com/index.html
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\4.4.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3968901160-2759726070-778273491-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:47,fb,46,40,5d,5d,35,f2,0a,16,45,7c,f9,f7,fd,66,92,6a,79,97,c3,6f,f5,
f8,e0,8a,55,b7,85,b7,52,eb,19,26,71,8e,e4,6a,3a,48,68,fa,65,cc,f9,9b,74,cb,\
"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22
.
[HKEY_USERS\S-1-5-21-3968901160-2759726070-778273491-1000\Software\SecuROM\License information*]
"datasecu"=hex:61,eb,17,96,0b,87,2a,7d,5b,37,a0,90,75,1f,3a,71,ae,9d,d3,f3,0c,
d7,b7,57,4e,a4,3e,9a,bb,5a,fa,46,3e,6a,36,c1,93,f9,eb,a7,23,81,5a,7b,82,ef,\
"rkeysecu"=hex:e2,26,6d,94,9c,ba,ad,1d,64,79,70,1b,d8,19,de,23
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-09-01 21:18:33
ComboFix-quarantined-files.txt 2012-09-02 01:18
.
Pre-Run: 135,431,778,304 bytes free
Post-Run: 136,342,032,384 bytes free
.
- - End Of File - - 99A5EC301AD44D628C14B17175DAC119

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:34 PM

Posted 01 September 2012 - 08:25 PM

Please do the following:

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 Jesson125

Jesson125
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:34 PM

Posted 02 September 2012 - 12:07 AM

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.02.01

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Jesson :: JESSON-PC [administrator]

9/1/2012 10:16:12 PM
mbam-log-2012-09-01 (22-16-12).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 227314
Time elapsed: 4 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


The ESET online scan also detected no threats, and did not produce a log.

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:34 PM

Posted 02 September 2012 - 07:33 AM

please run the following:

  • Please download MiniToolBox and save it to your desktop and run it.

    Checkmark following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List installed programs.

Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.

NEXT


Please download Farbar Service Scanner to your desktop and run it.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


NEXT



Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 Jesson125

Jesson125
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:34 PM

Posted 02 September 2012 - 06:31 PM

MiniToolBox by Farbar Version: 23-07-2012
Ran by Jesson (administrator) on 02-09-2012 at 19:20:58
Windows ™ Vista Home Premium Service Pack 2 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

"network.proxy.socks_version", 0
========================= Hosts content: =================================

127.0.0.1 localhost


=========================== Installed Programs ============================

Apple Mobile Device Support (Version: 3.3.1.3)
ATI Catalyst Install Manager (Version: 3.0.664.0)
Bonjour (Version: 2.0.4.0)
ccc-utility64 (Version: 2008.0309.2141.36947)
Dropbox (Version: 1.4.7)
iTunes (Version: 10.1.2.17)
Java 7 Update 6 (64-bit) (Version: 7.0.60)
Marvell Miniport Driver (Version: 10.51.4.3)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Paint.NET v3.5.8 (Version: 3.58.0)
Soft Data Fax Modem with SmartCP
TeamSpeak 3 Client
Ventrilo Client for Windows x64 (Version: 3.0.3.8)
VTFEdit 1.3.2
Warcraft III: All Products
World of Warcraft Model Viewer 64-bit (Version: 07.03.000)

**** End of log ****


Farbar Service Scanner Version: 06-08-2012
Ran by Jesson (administrator) on 02-09-2012 at 19:22:18
Running from "C:\Users\Jesson\Desktop"
Windows Vista ™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============
BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll
[2009-09-24 00:30] - [2009-04-11 03:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7

C:\Windows\System32\drivers\afd.sys
[2012-04-21 01:03] - [2012-01-03 10:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-09 19:07] - [2012-03-30 08:45] - 1423744 ____A (Microsoft Corporation) 46D448E9117464E4D3BBF36D7E3FA48E

C:\Windows\System32\dnsrslvr.dll
[2011-04-12 20:23] - [2011-03-02 12:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0

C:\Windows\System32\mpssvc.dll
[2009-09-24 00:30] - [2009-04-11 03:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C

C:\Windows\System32\bfe.dll
[2009-09-24 00:29] - [2009-04-11 03:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe
[2009-09-24 00:30] - [2009-04-11 03:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1

C:\Windows\System32\wscsvc.dll
[2009-09-24 00:29] - [2009-04-11 03:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A

C:\Windows\System32\wbem\WMIsvc.dll
[2009-09-24 00:30] - [2009-04-11 03:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02

C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll
[2009-09-24 00:30] - [2009-04-11 03:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C

C:\Windows\System32\es.dll
[2009-09-24 00:30] - [2009-04-11 03:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF

C:\Windows\System32\cryptsvc.dll
[2012-06-13 18:58] - [2012-04-23 12:25] - 0174592 ____A (Microsoft Corporation) 62740B9D2A137E8CED41A9E4239A7A31

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-09-24 00:30] - [2009-04-11 03:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF



**** End of log ****


My computer appears to be running fine. However, my Norton 360 security history notes a medium level threat from a svchost.exe that occured today.

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:34 PM

Posted 02 September 2012 - 07:36 PM

Your BITS registry key is missing so we need to replace it or your Windows update wont work, please download the attached registry fix and extract it to your desktop.
Right click and choose to Merge it into your registry (then delete the file as you wont need it again)



Now reboot the computer and check that windows update is working correctly.


NEXT


Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System/TDSS File system is found then ensure Cure is selected (if cure is not available, choose skip)
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 Jesson125

Jesson125
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:34 PM

Posted 02 September 2012 - 09:32 PM

Windows update is working properly. There were some updates available so I went ahead and installed them. The only threat found with TDSSkiller was the TDSS File system; cure was not available.

22:26:39.0911 4620 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
22:26:41.0913 4620 ============================================================
22:26:41.0913 4620 Current date / time: 2012/09/02 22:26:41.0913
22:26:41.0913 4620 SystemInfo:
22:26:41.0913 4620
22:26:41.0913 4620 OS Version: 6.0.6002 ServicePack: 2.0
22:26:41.0913 4620 Product type: Workstation
22:26:41.0913 4620 ComputerName: JESSON-PC
22:26:41.0913 4620 UserName: Jesson
22:26:41.0913 4620 Windows directory: C:\Windows
22:26:41.0913 4620 System windows directory: C:\Windows
22:26:41.0913 4620 Running under WOW64
22:26:41.0914 4620 Processor architecture: Intel x64
22:26:41.0914 4620 Number of processors: 3
22:26:41.0914 4620 Page size: 0x1000
22:26:41.0914 4620 Boot type: Normal boot
22:26:41.0914 4620 ============================================================
22:26:44.0256 4620 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:26:44.0330 4620 ============================================================
22:26:44.0330 4620 \Device\Harddisk0\DR0:
22:26:44.0342 4620 MBR partitions:
22:26:44.0342 4620 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1EEAD23
22:26:44.0342 4620 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1EEAD62, BlocksNum 0x38499EDF
22:26:44.0342 4620 ============================================================
22:26:44.0433 4620 C: <-> \Device\Harddisk0\DR0\Partition2
22:26:44.0469 4620 D: <-> \Device\Harddisk0\DR0\Partition1
22:26:44.0470 4620 ============================================================
22:26:44.0470 4620 Initialize success
22:26:44.0470 4620 ============================================================
22:27:45.0902 4796 ============================================================
22:27:45.0902 4796 Scan started
22:27:45.0902 4796 Mode: Manual; TDLFS;
22:27:45.0902 4796 ============================================================
22:27:47.0067 4796 ================ Scan system memory ========================
22:27:47.0067 4796 System memory - ok
22:27:47.0067 4796 ================ Scan services =============================
22:27:47.0411 4796 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
22:27:47.0445 4796 ACPI - ok
22:27:47.0642 4796 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:27:47.0644 4796 AdobeARMservice - ok
22:27:47.0773 4796 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:27:47.0788 4796 AdobeFlashPlayerUpdateSvc - ok
22:27:47.0857 4796 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
22:27:47.0884 4796 adp94xx - ok
22:27:47.0911 4796 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
22:27:47.0916 4796 adpahci - ok
22:27:47.0934 4796 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
22:27:47.0937 4796 adpu160m - ok
22:27:47.0952 4796 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
22:27:47.0955 4796 adpu320 - ok
22:27:47.0996 4796 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:27:47.0998 4796 AeLookupSvc - ok
22:27:48.0059 4796 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
22:27:48.0065 4796 AFD - ok
22:27:48.0083 4796 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
22:27:48.0084 4796 agp440 - ok
22:27:48.0100 4796 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
22:27:48.0102 4796 aic78xx - ok
22:27:48.0117 4796 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
22:27:48.0123 4796 ALG - ok
22:27:48.0139 4796 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys
22:27:48.0148 4796 aliide - ok
22:27:48.0180 4796 [ A359974EAAC83A435497C52F62A2E590 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
22:27:48.0184 4796 AMD External Events Utility - ok
22:27:48.0195 4796 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
22:27:48.0197 4796 amdide - ok
22:27:48.0212 4796 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
22:27:48.0221 4796 AmdK8 - ok
22:27:49.0173 4796 [ 60216B0E704584DE6D5A9F59E9C34C47 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
22:27:50.0105 4796 amdkmdag - ok
22:27:50.0181 4796 [ 6B4E9261B613B047A9A145F328889968 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
22:27:50.0198 4796 amdkmdap - ok
22:27:50.0230 4796 [ F5761675DA9D15D7AE0E40907A8F4404 ] AmdLLD64 C:\Windows\system32\DRIVERS\AmdLLD64.sys
22:27:50.0232 4796 AmdLLD64 - ok
22:27:50.0287 4796 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
22:27:50.0288 4796 Appinfo - ok
22:27:50.0334 4796 [ 5AA788D5A2C6737BB9C45933985BC1B8 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:27:50.0337 4796 Apple Mobile Device - ok
22:27:50.0395 4796 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
22:27:50.0408 4796 arc - ok
22:27:50.0427 4796 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
22:27:50.0440 4796 arcsas - ok
22:27:50.0455 4796 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:27:50.0456 4796 AsyncMac - ok
22:27:50.0474 4796 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys
22:27:50.0475 4796 atapi - ok
22:27:50.0860 4796 [ 60216B0E704584DE6D5A9F59E9C34C47 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
22:27:50.0923 4796 atikmdag - ok
22:27:50.0996 4796 [ 69EEBB256503CDED9BD0E9E43128C626 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
22:27:50.0997 4796 AtiPcie - ok
22:27:51.0033 4796 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:27:51.0040 4796 AudioEndpointBuilder - ok
22:27:51.0058 4796 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:27:51.0062 4796 AudioSrv - ok
22:27:51.0216 4796 [ 1777E5AC9FC74F7991B2ABA25EA34759 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
22:27:51.0226 4796 b57nd60a - ok
22:27:51.0274 4796 [ A2160C5D70F3517FC7356B689ABD6FCD ] BCM43XV C:\Windows\system32\DRIVERS\bcmwl664.sys
22:27:51.0299 4796 BCM43XV - ok
22:27:51.0319 4796 Beep - ok
22:27:51.0404 4796 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
22:27:51.0416 4796 BFE - ok
22:27:51.0797 4796 [ C8AB71A5102D0FC103F6DFC750005137 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20120823.007\BHDrvx64.sys
22:27:51.0822 4796 BHDrvx64 - ok
22:27:51.0893 4796 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\system32\qmgr.dll
22:27:51.0918 4796 BITS - ok
22:27:51.0950 4796 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
22:27:51.0952 4796 blbdrive - ok
22:27:51.0990 4796 [ F832F1505AD8B83474BD9A5B1B985E01 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
22:27:51.0996 4796 Bonjour Service - ok
22:27:52.0017 4796 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:27:52.0019 4796 bowser - ok
22:27:52.0043 4796 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
22:27:52.0044 4796 BrFiltLo - ok
22:27:52.0060 4796 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
22:27:52.0061 4796 BrFiltUp - ok
22:27:52.0090 4796 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
22:27:52.0092 4796 Browser - ok
22:27:52.0112 4796 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
22:27:52.0115 4796 Brserid - ok
22:27:52.0127 4796 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
22:27:52.0129 4796 BrSerWdm - ok
22:27:52.0143 4796 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
22:27:52.0144 4796 BrUsbMdm - ok
22:27:52.0172 4796 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
22:27:52.0173 4796 BrUsbSer - ok
22:27:52.0196 4796 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
22:27:52.0198 4796 BTHMODEM - ok
22:27:52.0234 4796 [ 551BE1536B27DC056EA4D48275EFB089 ] CAXHWBS2 C:\Windows\system32\DRIVERS\CAXHWBS2.sys
22:27:52.0240 4796 CAXHWBS2 - ok
22:27:52.0307 4796 [ 37F1BAEC39B505B3B51893A35C8337EA ] ccHP C:\Windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys
22:27:52.0324 4796 ccHP - ok
22:27:52.0331 4796 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:27:52.0333 4796 cdfs - ok
22:27:52.0376 4796 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:27:52.0378 4796 cdrom - ok
22:27:52.0404 4796 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
22:27:52.0405 4796 CertPropSvc - ok
22:27:52.0418 4796 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys
22:27:52.0420 4796 circlass - ok
22:27:52.0441 4796 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
22:27:52.0447 4796 CLFS - ok
22:27:52.0499 4796 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:27:52.0501 4796 clr_optimization_v2.0.50727_32 - ok
22:27:52.0542 4796 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:27:52.0544 4796 clr_optimization_v2.0.50727_64 - ok
22:27:52.0603 4796 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:27:52.0689 4796 clr_optimization_v4.0.30319_32 - ok
22:27:52.0921 4796 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:27:52.0943 4796 clr_optimization_v4.0.30319_64 - ok
22:27:52.0970 4796 [ B52D9A14CE4101577900A364BA86F3DF ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:27:52.0971 4796 CmBatt - ok
22:27:52.0983 4796 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:27:52.0985 4796 cmdide - ok
22:27:52.0990 4796 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:27:52.0991 4796 Compbatt - ok
22:27:53.0005 4796 COMSysApp - ok
22:27:53.0012 4796 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
22:27:53.0013 4796 crcdisk - ok
22:27:53.0047 4796 [ 62740B9D2A137E8CED41A9E4239A7A31 ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:27:53.0049 4796 CryptSvc - ok
22:27:53.0083 4796 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
22:27:53.0100 4796 DcomLaunch - ok
22:27:53.0132 4796 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:27:53.0134 4796 DfsC - ok
22:27:53.0254 4796 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
22:27:53.0328 4796 DFSR - ok
22:27:53.0389 4796 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
22:27:53.0392 4796 Dhcp - ok
22:27:53.0405 4796 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
22:27:53.0407 4796 disk - ok
22:27:53.0438 4796 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:27:53.0440 4796 Dnscache - ok
22:27:53.0471 4796 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
22:27:53.0475 4796 dot3svc - ok
22:27:53.0493 4796 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
22:27:53.0495 4796 DPS - ok
22:27:53.0534 4796 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:27:53.0535 4796 drmkaud - ok
22:27:53.0573 4796 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:27:53.0597 4796 DXGKrnl - ok
22:27:53.0620 4796 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
22:27:53.0637 4796 E1G60 - ok
22:27:53.0682 4796 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
22:27:53.0684 4796 EapHost - ok
22:27:53.0734 4796 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
22:27:53.0737 4796 Ecache - ok
22:27:53.0879 4796 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
22:27:53.0896 4796 eeCtrl - ok
22:27:53.0928 4796 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:27:53.0933 4796 ehRecvr - ok
22:27:53.0939 4796 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
22:27:53.0942 4796 ehSched - ok
22:27:53.0971 4796 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
22:27:53.0971 4796 ehstart - ok
22:27:53.0996 4796 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
22:27:54.0002 4796 elxstor - ok
22:27:54.0052 4796 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
22:27:54.0057 4796 EMDMgmt - ok
22:27:54.0087 4796 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
22:27:54.0089 4796 EraserUtilRebootDrv - ok
22:27:54.0109 4796 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:27:54.0110 4796 ErrDev - ok
22:27:54.0151 4796 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
22:27:54.0156 4796 EventSystem - ok
22:27:54.0174 4796 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
22:27:54.0177 4796 exfat - ok
22:27:54.0206 4796 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:27:54.0209 4796 fastfat - ok
22:27:54.0239 4796 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:27:54.0240 4796 fdc - ok
22:27:54.0259 4796 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
22:27:54.0260 4796 fdPHost - ok
22:27:54.0275 4796 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
22:27:54.0277 4796 FDResPub - ok
22:27:54.0282 4796 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:27:54.0284 4796 FileInfo - ok
22:27:54.0317 4796 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:27:54.0318 4796 Filetrace - ok
22:27:54.0327 4796 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:27:54.0328 4796 flpydisk - ok
22:27:54.0355 4796 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:27:54.0359 4796 FltMgr - ok
22:27:54.0443 4796 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll
22:27:54.0468 4796 FontCache - ok
22:27:54.0515 4796 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:27:54.0524 4796 FontCache3.0.0.0 - ok
22:27:54.0539 4796 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:27:54.0540 4796 Fs_Rec - ok
22:27:54.0556 4796 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
22:27:54.0558 4796 gagp30kx - ok
22:27:54.0597 4796 [ 3EAFDD637416393722AA98E940DFD0A0 ] GameConsoleService C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe
22:27:54.0600 4796 GameConsoleService - ok
22:27:54.0634 4796 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\Drivers\GEARAspiWDM.sys
22:27:54.0635 4796 GEARAspiWDM - ok
22:27:54.0667 4796 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
22:27:54.0684 4796 gpsvc - ok
22:27:54.0729 4796 [ DF45F8142DC6DF9D18C39B3EFFBD0409 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:27:54.0733 4796 HdAudAddService - ok
22:27:54.0786 4796 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
22:27:54.0803 4796 HDAudBus - ok
22:27:54.0840 4796 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
22:27:54.0841 4796 HidBth - ok
22:27:54.0846 4796 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys
22:27:54.0849 4796 HidIr - ok
22:27:54.0894 4796 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\System32\hidserv.dll
22:27:54.0896 4796 hidserv - ok
22:27:54.0917 4796 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:27:54.0918 4796 HidUsb - ok
22:27:54.0938 4796 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
22:27:54.0942 4796 hkmsvc - ok
22:27:54.0955 4796 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
22:27:54.0956 4796 HpCISSs - ok
22:27:55.0009 4796 [ 9C369CBC5F19DA9968223197B5205F68 ] HSF_DPV C:\Windows\system32\DRIVERS\CAX_DPV.sys
22:27:55.0042 4796 HSF_DPV - ok
22:27:55.0095 4796 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:27:55.0104 4796 HTTP - ok
22:27:55.0118 4796 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
22:27:55.0119 4796 i2omp - ok
22:27:55.0141 4796 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
22:27:55.0143 4796 i8042prt - ok
22:27:55.0166 4796 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
22:27:55.0170 4796 iaStorV - ok
22:27:55.0227 4796 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
22:27:55.0230 4796 IDriverT - ok
22:27:55.0291 4796 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:27:55.0308 4796 idsvc - ok
22:27:55.0431 4796 [ 82AB40147567DE48C405AFE570A2266F ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20120831.001\IDSvia64.sys
22:27:55.0439 4796 IDSVia64 - ok
22:27:55.0444 4796 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
22:27:55.0446 4796 iirsp - ok
22:27:55.0482 4796 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
22:27:55.0489 4796 IKEEXT - ok
22:27:55.0541 4796 [ E28D6B50A12BFA3DF0BD7C31E19599F3 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
22:27:55.0566 4796 IntcAzAudAddService - ok
22:27:55.0595 4796 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys
22:27:55.0596 4796 intelide - ok
22:27:55.0601 4796 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:27:55.0603 4796 intelppm - ok
22:27:55.0629 4796 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:27:55.0631 4796 IPBusEnum - ok
22:27:55.0656 4796 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:27:55.0659 4796 IpFilterDriver - ok
22:27:55.0711 4796 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:27:55.0715 4796 iphlpsvc - ok
22:27:55.0719 4796 IpInIp - ok
22:27:55.0740 4796 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
22:27:55.0742 4796 IPMIDRV - ok
22:27:55.0755 4796 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
22:27:55.0757 4796 IPNAT - ok
22:27:55.0808 4796 [ 3D62FE4FEFE9C67DAFEC52B534DFA1FB ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
22:27:55.0825 4796 iPod Service - ok
22:27:55.0856 4796 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:27:55.0864 4796 IRENUM - ok
22:27:55.0886 4796 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:27:55.0895 4796 isapnp - ok
22:27:55.0932 4796 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
22:27:55.0936 4796 iScsiPrt - ok
22:27:55.0949 4796 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
22:27:55.0950 4796 iteatapi - ok
22:27:55.0972 4796 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
22:27:55.0974 4796 iteraid - ok
22:27:55.0987 4796 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:27:55.0988 4796 kbdclass - ok
22:27:56.0003 4796 [ BF8783A5066CFECF45095459E8010FA7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:27:56.0004 4796 kbdhid - ok
22:27:56.0023 4796 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
22:27:56.0024 4796 KeyIso - ok
22:27:56.0103 4796 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:27:56.0155 4796 KSecDD - ok
22:27:56.0181 4796 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:27:56.0183 4796 ksthunk - ok
22:27:56.0210 4796 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
22:27:56.0216 4796 KtmRm - ok
22:27:56.0256 4796 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\System32\srvsvc.dll
22:27:56.0268 4796 LanmanServer - ok
22:27:56.0299 4796 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:27:56.0304 4796 LanmanWorkstation - ok
22:27:56.0316 4796 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:27:56.0318 4796 lltdio - ok
22:27:56.0349 4796 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:27:56.0355 4796 lltdsvc - ok
22:27:56.0370 4796 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:27:56.0372 4796 lmhosts - ok
22:27:56.0429 4796 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
22:27:56.0451 4796 LSI_FC - ok
22:27:56.0464 4796 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
22:27:56.0466 4796 LSI_SAS - ok
22:27:56.0478 4796 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
22:27:56.0501 4796 LSI_SCSI - ok
22:27:56.0549 4796 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
22:27:56.0585 4796 luafv - ok
22:27:56.0612 4796 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:27:56.0614 4796 Mcx2Svc - ok
22:27:56.0666 4796 [ E4F44EC214B3E381E1FC844A02926666 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
22:27:56.0679 4796 mdmxsdk - ok
22:27:56.0736 4796 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
22:27:56.0738 4796 megasas - ok
22:27:56.0758 4796 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
22:27:56.0764 4796 MegaSR - ok
22:27:56.0787 4796 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
22:27:56.0789 4796 MMCSS - ok
22:27:56.0811 4796 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
22:27:56.0812 4796 Modem - ok
22:27:56.0832 4796 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:27:56.0835 4796 monitor - ok
22:27:56.0846 4796 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:27:56.0848 4796 mouclass - ok
22:27:56.0870 4796 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:27:56.0872 4796 mouhid - ok
22:27:56.0880 4796 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
22:27:56.0882 4796 MountMgr - ok
22:27:56.0927 4796 [ E8D79312373F254DC13F3965BDB3D521 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:27:56.0929 4796 MozillaMaintenance - ok
22:27:56.0954 4796 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
22:27:56.0956 4796 mpio - ok
22:27:56.0971 4796 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:27:56.0973 4796 mpsdrv - ok
22:27:57.0016 4796 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll
22:27:57.0031 4796 MpsSvc - ok
22:27:57.0055 4796 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
22:27:57.0056 4796 Mraid35x - ok
22:27:57.0081 4796 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:27:57.0083 4796 MRxDAV - ok
22:27:57.0098 4796 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:27:57.0101 4796 mrxsmb - ok
22:27:57.0114 4796 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:27:57.0118 4796 mrxsmb10 - ok
22:27:57.0135 4796 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:27:57.0137 4796 mrxsmb20 - ok
22:27:57.0159 4796 [ 1AC860612B85D8E85EE257D372E39F4D ] msahci C:\Windows\system32\drivers\msahci.sys
22:27:57.0160 4796 msahci - ok
22:27:57.0175 4796 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:27:57.0178 4796 msdsm - ok
22:27:57.0192 4796 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
22:27:57.0195 4796 MSDTC - ok
22:27:57.0227 4796 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:27:57.0228 4796 Msfs - ok
22:27:57.0250 4796 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:27:57.0251 4796 msisadrv - ok
22:27:57.0284 4796 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:27:57.0287 4796 MSiSCSI - ok
22:27:57.0292 4796 msiserver - ok
22:27:57.0326 4796 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:27:57.0327 4796 MSKSSRV - ok
22:27:57.0350 4796 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:27:57.0351 4796 MSPCLOCK - ok
22:27:57.0369 4796 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:27:57.0370 4796 MSPQM - ok
22:27:57.0401 4796 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:27:57.0412 4796 MsRPC - ok
22:27:57.0446 4796 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
22:27:57.0447 4796 mssmbios - ok
22:27:57.0469 4796 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:27:57.0471 4796 MSTEE - ok
22:27:57.0487 4796 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
22:27:57.0488 4796 Mup - ok
22:27:57.0538 4796 [ B4187346F54E362DAFFE647B25A58D50 ] N360 C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe
22:27:57.0539 4796 N360 - ok
22:27:57.0556 4796 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
22:27:57.0592 4796 napagent - ok
22:27:57.0628 4796 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:27:57.0631 4796 NativeWifiP - ok
22:27:57.0703 4796 [ 149A9AD81BB327E892FA1ACB77722442 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20120902.007\ENG64.SYS
22:27:57.0721 4796 NAVENG - ok
22:27:58.0272 4796 [ 4AF8750E71B549FEC5F6D1D01398CA69 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20120902.007\EX64.SYS
22:27:58.0336 4796 NAVEX15 - ok
22:27:58.0470 4796 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:27:58.0517 4796 NDIS - ok
22:27:58.0546 4796 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:27:58.0557 4796 NdisTapi - ok
22:27:58.0571 4796 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:27:58.0601 4796 Ndisuio - ok
22:27:58.0686 4796 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:27:58.0712 4796 NdisWan - ok
22:27:58.0738 4796 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:27:58.0752 4796 NDProxy - ok
22:27:58.0771 4796 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:27:58.0786 4796 NetBIOS - ok
22:27:58.0835 4796 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
22:27:58.0852 4796 netbt - ok
22:27:58.0873 4796 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
22:27:58.0874 4796 Netlogon - ok
22:27:58.0929 4796 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
22:27:58.0942 4796 Netman - ok
22:27:59.0004 4796 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
22:27:59.0014 4796 netprofm - ok
22:27:59.0050 4796 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:27:59.0059 4796 NetTcpPortSharing - ok
22:27:59.0073 4796 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
22:27:59.0078 4796 nfrd960 - ok
22:27:59.0112 4796 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
22:27:59.0120 4796 NlaSvc - ok
22:27:59.0159 4796 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:27:59.0160 4796 Npfs - ok
22:27:59.0172 4796 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
22:27:59.0174 4796 nsi - ok
22:27:59.0199 4796 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:27:59.0210 4796 nsiproxy - ok
22:27:59.0466 4796 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:27:59.0519 4796 Ntfs - ok
22:27:59.0540 4796 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
22:27:59.0552 4796 Null - ok
22:27:59.0566 4796 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:27:59.0577 4796 nvraid - ok
22:27:59.0597 4796 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:27:59.0608 4796 nvstor - ok
22:27:59.0626 4796 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:27:59.0633 4796 nv_agp - ok
22:27:59.0637 4796 NwlnkFlt - ok
22:27:59.0644 4796 NwlnkFwd - ok
22:27:59.0796 4796 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:27:59.0813 4796 odserv - ok
22:27:59.0862 4796 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
22:27:59.0865 4796 ohci1394 - ok
22:27:59.0904 4796 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:27:59.0920 4796 ose - ok
22:28:00.0064 4796 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
22:28:00.0093 4796 p2pimsvc - ok
22:28:00.0108 4796 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
22:28:00.0114 4796 p2psvc - ok
22:28:00.0163 4796 [ 4C6A7FD04DDF4DB88791048382E3EDB1 ] Parport C:\Windows\system32\DRIVERS\parport.sys
22:28:00.0165 4796 Parport - ok
22:28:00.0196 4796 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:28:00.0202 4796 partmgr - ok
22:28:00.0241 4796 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
22:28:00.0244 4796 PcaSvc - ok
22:28:00.0292 4796 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
22:28:00.0306 4796 pci - ok
22:28:00.0330 4796 [ 2657F6C0B78C36D95034BE109336E382 ] pciide C:\Windows\system32\drivers\pciide.sys
22:28:00.0337 4796 pciide - ok
22:28:00.0401 4796 [ A2D6B9C3F532BAA27CB0C158D8EF4DA6 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
22:28:00.0436 4796 pcmcia - ok
22:28:00.0525 4796 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:28:00.0548 4796 PEAUTH - ok
22:28:00.0731 4796 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:28:00.0744 4796 PerfHost - ok
22:28:00.0874 4796 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
22:28:00.0925 4796 pla - ok
22:28:00.0989 4796 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:28:01.0002 4796 PlugPlay - ok
22:28:01.0022 4796 PnkBstrA - ok
22:28:01.0029 4796 PnkBstrK - ok
22:28:01.0092 4796 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
22:28:01.0099 4796 PNRPAutoReg - ok
22:28:01.0122 4796 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
22:28:01.0129 4796 PNRPsvc - ok
22:28:01.0168 4796 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:28:01.0181 4796 PolicyAgent - ok
22:28:01.0217 4796 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:28:01.0230 4796 PptpMiniport - ok
22:28:01.0261 4796 [ 6135B976E16F80C1B1363BE882344785 ] PrismXL C:\Program Files (x86)\Common Files\New Boundary\PrismXL\PRISMXL.SYS
22:28:01.0276 4796 PrismXL - ok
22:28:01.0330 4796 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\DRIVERS\processr.sys
22:28:01.0338 4796 Processor - ok
22:28:01.0372 4796 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
22:28:01.0385 4796 ProfSvc - ok
22:28:01.0406 4796 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
22:28:01.0407 4796 ProtectedStorage - ok
22:28:01.0444 4796 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
22:28:01.0457 4796 PSched - ok
22:28:01.0727 4796 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
22:28:01.0767 4796 ql2300 - ok
22:28:01.0787 4796 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
22:28:01.0790 4796 ql40xx - ok
22:28:01.0874 4796 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
22:28:01.0893 4796 QWAVE - ok
22:28:01.0915 4796 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:28:01.0922 4796 QWAVEdrv - ok
22:28:02.0751 4796 [ 60216B0E704584DE6D5A9F59E9C34C47 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
22:28:02.0814 4796 R300 - ok
22:28:02.0869 4796 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:28:02.0882 4796 RasAcd - ok
22:28:02.0915 4796 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
22:28:02.0929 4796 RasAuto - ok
22:28:02.0964 4796 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:28:02.0973 4796 Rasl2tp - ok
22:28:03.0031 4796 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
22:28:03.0048 4796 RasMan - ok
22:28:03.0074 4796 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:28:03.0083 4796 RasPppoe - ok
22:28:03.0103 4796 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:28:03.0281 4796 RasSstp - ok
22:28:03.0334 4796 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:28:03.0399 4796 rdbss - ok
22:28:03.0449 4796 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:28:03.0457 4796 RDPCDD - ok
22:28:03.0490 4796 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
22:28:03.0496 4796 rdpdr - ok
22:28:03.0656 4796 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:28:03.0669 4796 RDPENCDD - ok
22:28:03.0749 4796 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:28:03.0752 4796 RDPWD - ok
22:28:03.0792 4796 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:28:03.0800 4796 RemoteAccess - ok
22:28:03.0844 4796 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:28:03.0853 4796 RemoteRegistry - ok
22:28:03.0882 4796 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
22:28:03.0896 4796 RpcLocator - ok
22:28:03.0950 4796 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll
22:28:03.0955 4796 RpcSs - ok
22:28:03.0971 4796 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:28:03.0973 4796 rspndr - ok
22:28:03.0989 4796 [ 0328FFDF9D805723D0E420018136FA7B ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
22:28:03.0992 4796 RTHDMIAzAudService - ok
22:28:04.0021 4796 [ 15C2F0082D5E1CE5124EDA4050E77986 ] RTSTOR C:\Windows\system32\drivers\RTSTOR64.SYS
22:28:04.0023 4796 RTSTOR - ok
22:28:04.0039 4796 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
22:28:04.0041 4796 SamSs - ok
22:28:04.0059 4796 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:28:04.0061 4796 sbp2port - ok
22:28:04.0086 4796 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:28:04.0090 4796 SCardSvr - ok
22:28:04.0138 4796 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
22:28:04.0163 4796 Schedule - ok
22:28:04.0220 4796 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
22:28:04.0221 4796 SCPolicySvc - ok
22:28:04.0250 4796 [ B42EE50F7D24F837F925332EB349ECA5 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
22:28:04.0262 4796 sdbus - ok
22:28:04.0292 4796 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:28:04.0295 4796 SDRSVC - ok
22:28:04.0305 4796 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:28:04.0306 4796 secdrv - ok
22:28:04.0314 4796 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
22:28:04.0316 4796 seclogon - ok
22:28:04.0336 4796 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\system32\sens.dll
22:28:04.0338 4796 SENS - ok
22:28:04.0379 4796 [ 2449316316411D65BD2C761A6FFB2CE2 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:28:04.0389 4796 Serenum - ok
22:28:04.0409 4796 [ 4B438170BE2FC8E0BD35EE87A960F84F ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:28:04.0421 4796 Serial - ok
22:28:04.0460 4796 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
22:28:04.0473 4796 sermouse - ok
22:28:04.0501 4796 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
22:28:04.0504 4796 SessionEnv - ok
22:28:04.0547 4796 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:28:04.0570 4796 sffdisk - ok
22:28:04.0604 4796 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:28:04.0629 4796 sffp_mmc - ok
22:28:04.0647 4796 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:28:04.0649 4796 sffp_sd - ok
22:28:04.0666 4796 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
22:28:04.0676 4796 sfloppy - ok
22:28:04.0782 4796 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:28:04.0837 4796 SharedAccess - ok
22:28:04.0947 4796 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:28:04.0965 4796 ShellHWDetection - ok
22:28:04.0983 4796 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
22:28:04.0988 4796 SiSRaid2 - ok
22:28:05.0004 4796 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
22:28:05.0041 4796 SiSRaid4 - ok
22:28:05.0365 4796 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
22:28:05.0470 4796 slsvc - ok
22:28:05.0511 4796 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
22:28:05.0523 4796 SLUINotify - ok
22:28:05.0571 4796 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:28:05.0594 4796 Smb - ok
22:28:05.0622 4796 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:28:05.0632 4796 SNMPTRAP - ok
22:28:05.0667 4796 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
22:28:05.0679 4796 spldr - ok
22:28:05.0748 4796 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
22:28:05.0753 4796 Spooler - ok
22:28:05.0881 4796 [ 96BABC4906ECDB1C69D1176F8647AD8E ] SRTSP C:\Windows\System32\Drivers\N360x64\0404000.00C\SRTSP64.SYS
22:28:05.0902 4796 SRTSP - ok
22:28:05.0925 4796 [ C7F491A290E0E4222F5CDCD50EEB8167 ] SRTSPX C:\Windows\system32\drivers\N360x64\0404000.00C\SRTSPX64.SYS
22:28:05.0926 4796 SRTSPX - ok
22:28:06.0005 4796 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
22:28:06.0089 4796 srv - ok
22:28:06.0146 4796 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:28:06.0158 4796 srv2 - ok
22:28:06.0204 4796 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:28:06.0216 4796 srvnet - ok
22:28:06.0256 4796 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:28:06.0268 4796 SSDPSRV - ok
22:28:06.0291 4796 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:28:06.0294 4796 SstpSvc - ok
22:28:06.0376 4796 Steam Client Service - ok
22:28:06.0491 4796 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
22:28:06.0513 4796 stisvc - ok
22:28:06.0543 4796 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
22:28:06.0551 4796 swenum - ok
22:28:06.0617 4796 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
22:28:06.0630 4796 swprv - ok
22:28:06.0648 4796 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
22:28:06.0662 4796 Symc8xx - ok
22:28:06.0731 4796 [ 659B227A72B76115975A6A9491B2FE1F ] SymDS C:\Windows\system32\drivers\N360x64\0404000.00C\SYMDS64.SYS
22:28:06.0757 4796 SymDS - ok
22:28:06.0805 4796 [ 9F5783A4A03D0091CDBDAA858B566926 ] SymEFA C:\Windows\system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS
22:28:06.0823 4796 SymEFA - ok
22:28:06.0883 4796 [ 3F9D5FE52585E2653E59FDBFDF09A94C ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
22:28:06.0915 4796 SymEvent - ok
22:28:06.0939 4796 [ F57588546E738DB1583981D8F44E9BC2 ] SymIRON C:\Windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS
22:28:06.0951 4796 SymIRON - ok
22:28:06.0997 4796 [ 3ADFB72F0797AE3832509FE030755E21 ] SYMTDIv C:\Windows\System32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS
22:28:07.0022 4796 SYMTDIv - ok
22:28:07.0044 4796 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
22:28:07.0046 4796 Sym_hi - ok
22:28:07.0071 4796 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
22:28:07.0094 4796 Sym_u3 - ok
22:28:07.0207 4796 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
22:28:07.0243 4796 SysMain - ok
22:28:07.0273 4796 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:28:07.0276 4796 TabletInputService - ok
22:28:07.0362 4796 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
22:28:07.0371 4796 TapiSrv - ok
22:28:07.0385 4796 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
22:28:07.0387 4796 TBS - ok
22:28:07.0650 4796 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:28:07.0695 4796 Tcpip - ok
22:28:07.0737 4796 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
22:28:07.0747 4796 Tcpip6 - ok
22:28:07.0786 4796 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:28:07.0795 4796 tcpipreg - ok
22:28:07.0832 4796 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:28:07.0843 4796 TDPIPE - ok
22:28:07.0864 4796 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:28:07.0874 4796 TDTCP - ok
22:28:07.0901 4796 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:28:07.0929 4796 tdx - ok
22:28:07.0944 4796 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
22:28:07.0945 4796 TermDD - ok
22:28:07.0989 4796 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
22:28:08.0002 4796 TermService - ok
22:28:08.0027 4796 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
22:28:08.0030 4796 Themes - ok
22:28:08.0061 4796 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
22:28:08.0063 4796 THREADORDER - ok
22:28:08.0081 4796 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
22:28:08.0084 4796 TrkWks - ok
22:28:08.0153 4796 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:28:08.0166 4796 TrustedInstaller - ok
22:28:08.0192 4796 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:28:08.0202 4796 tssecsrv - ok
22:28:08.0221 4796 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
22:28:08.0222 4796 tunmp - ok
22:28:08.0267 4796 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:28:08.0280 4796 tunnel - ok
22:28:08.0290 4796 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
22:28:08.0302 4796 uagp35 - ok
22:28:08.0373 4796 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:28:08.0386 4796 udfs - ok
22:28:08.0397 4796 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:28:08.0399 4796 UI0Detect - ok
22:28:08.0420 4796 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:28:08.0432 4796 uliagpkx - ok
22:28:08.0472 4796 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
22:28:08.0484 4796 uliahci - ok
22:28:08.0509 4796 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
22:28:08.0512 4796 UlSata - ok
22:28:08.0553 4796 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
22:28:08.0565 4796 ulsata2 - ok
22:28:08.0581 4796 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
22:28:08.0587 4796 umbus - ok
22:28:08.0632 4796 [ 01ABE05C401E70795B43A8933B44831E ] UMPass C:\Windows\system32\DRIVERS\umpass.sys
22:28:08.0636 4796 UMPass - ok
22:28:08.0707 4796 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
22:28:08.0717 4796 upnphost - ok
22:28:08.0756 4796 [ F724B03C3DFAACF08D17D38BF3333583 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
22:28:08.0933 4796 USBAAPL64 - ok
22:28:08.0986 4796 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:28:09.0058 4796 usbccgp - ok
22:28:09.0077 4796 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:28:09.0089 4796 usbcir - ok
22:28:09.0179 4796 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
22:28:09.0186 4796 usbehci - ok
22:28:09.0259 4796 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:28:09.0263 4796 usbhub - ok
22:28:09.0300 4796 [ E406B003A354776D317762694956B0FC ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
22:28:09.0304 4796 usbohci - ok
22:28:09.0326 4796 [ ACFEE697AF477021BB3EC78C5431FED2 ] usbprint C:\Windows\system32\drivers\usbprint.sys
22:28:09.0338 4796 usbprint - ok
22:28:09.0379 4796 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:28:09.0388 4796 USBSTOR - ok
22:28:09.0412 4796 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
22:28:09.0419 4796 usbuhci - ok
22:28:09.0454 4796 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
22:28:09.0456 4796 UxSms - ok
22:28:09.0541 4796 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
22:28:09.0564 4796 vds - ok
22:28:09.0594 4796 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:28:09.0606 4796 vga - ok
22:28:09.0625 4796 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
22:28:09.0640 4796 VgaSave - ok
22:28:09.0706 4796 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
22:28:09.0721 4796 viaide - ok
22:28:09.0742 4796 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:28:09.0750 4796 volmgr - ok
22:28:09.0807 4796 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:28:09.0865 4796 volmgrx - ok
22:28:09.0914 4796 [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:28:09.0919 4796 volsnap - ok
22:28:09.0948 4796 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
22:28:09.0951 4796 vsmraid - ok
22:28:10.0185 4796 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
22:28:10.0205 4796 VSS - ok
22:28:10.0264 4796 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
22:28:10.0276 4796 W32Time - ok
22:28:10.0300 4796 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
22:28:10.0310 4796 WacomPen - ok
22:28:10.0349 4796 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
22:28:10.0357 4796 Wanarp - ok
22:28:10.0364 4796 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:28:10.0365 4796 Wanarpv6 - ok
22:28:10.0472 4796 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:28:10.0494 4796 wcncsvc - ok
22:28:10.0520 4796 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:28:10.0528 4796 WcsPlugInService - ok
22:28:10.0564 4796 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
22:28:10.0569 4796 Wd - ok
22:28:10.0648 4796 [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:28:10.0668 4796 Wdf01000 - ok
22:28:10.0680 4796 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:28:10.0683 4796 WdiServiceHost - ok
22:28:10.0698 4796 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:28:10.0700 4796 WdiSystemHost - ok
22:28:10.0719 4796 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
22:28:10.0738 4796 WebClient - ok
22:28:10.0779 4796 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:28:10.0787 4796 Wecsvc - ok
22:28:10.0794 4796 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:28:10.0815 4796 wercplsupport - ok
22:28:10.0836 4796 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
22:28:10.0843 4796 WerSvc - ok
22:28:10.0955 4796 [ D36AF55C2C09B55AACF4A65C7FEA9C37 ] winachsf C:\Windows\system32\DRIVERS\CAX_CNXT.sys
22:28:11.0059 4796 winachsf - ok
22:28:11.0094 4796 WinDefend - ok
22:28:11.0099 4796 WinHttpAutoProxySvc - ok
22:28:11.0227 4796 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:28:11.0237 4796 Winmgmt - ok
22:28:11.0491 4796 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
22:28:11.0570 4796 WinRM - ok
22:28:11.0671 4796 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
22:28:11.0740 4796 Wlansvc - ok
22:28:11.0769 4796 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
22:28:11.0771 4796 WmiAcpi - ok
22:28:11.0825 4796 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:28:11.0830 4796 wmiApSrv - ok
22:28:11.0837 4796 WMPNetworkSvc - ok
22:28:11.0885 4796 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:28:11.0892 4796 WPCSvc - ok
22:28:11.0934 4796 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:28:11.0937 4796 WPDBusEnum - ok
22:28:11.0977 4796 [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
22:28:11.0994 4796 WpdUsb - ok
22:28:12.0138 4796 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
22:28:12.0268 4796 WPFFontCache_v0400 - ok
22:28:12.0289 4796 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:28:12.0302 4796 ws2ifsl - ok
22:28:12.0347 4796 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\system32\wscsvc.dll
22:28:12.0350 4796 wscsvc - ok
22:28:12.0354 4796 WSearch - ok
22:28:12.0473 4796 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
22:28:12.0568 4796 wuauserv - ok
22:28:12.0620 4796 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:28:12.0634 4796 WUDFRd - ok
22:28:12.0665 4796 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:28:12.0668 4796 wudfsvc - ok
22:28:12.0696 4796 [ E288FA83C178A3458BAC1FA80B346C06 ] XAudio C:\Windows\system32\DRIVERS\xaudio64.sys
22:28:12.0701 4796 XAudio - ok
22:28:12.0727 4796 [ 510652A925B5D6C3892379D263A87F00 ] XAudioService C:\Windows\system32\DRIVERS\xaudio64.exe
22:28:12.0734 4796 XAudioService - ok
22:28:12.0760 4796 [ 2AE06B41B36549FABF0886B2AF89A599 ] yukonx64 C:\Windows\system32\DRIVERS\yk60x64.sys
22:28:12.0778 4796 yukonx64 - ok
22:28:12.0784 4796 ================ Scan global ===============================
22:28:12.0822 4796 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
22:28:12.0903 4796 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
22:28:12.0945 4796 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
22:28:13.0005 4796 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
22:28:13.0018 4796 [Global] - ok
22:28:13.0019 4796 ================ Scan MBR ==================================
22:28:13.0035 4796 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
22:28:14.0648 4796 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
22:28:14.0648 4796 \Device\Harddisk0\DR0 - detected TDSS File System (1)
22:28:14.0648 4796 ================ Scan VBR ==================================
22:28:14.0652 4796 [ 65687D4FC3D8FD0E2D61FE44E7F65B80 ] \Device\Harddisk0\DR0\Partition1
22:28:14.0655 4796 \Device\Harddisk0\DR0\Partition1 - ok
22:28:14.0658 4796 [ D0C606C55FE7039A3EAF3A68911679B3 ] \Device\Harddisk0\DR0\Partition2
22:28:14.0659 4796 \Device\Harddisk0\DR0\Partition2 - ok
22:28:14.0660 4796 ============================================================
22:28:14.0660 4796 Scan finished
22:28:14.0660 4796 ============================================================
22:28:14.0671 4776 Detected object count: 1
22:28:14.0671 4776 Actual detected object count: 1
22:29:04.0369 4776 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
22:29:04.0369 4776 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
22:29:14.0008 4636 Deinitialize success

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:34 PM

Posted 02 September 2012 - 09:44 PM

ok good, please re-run TDSSKiller with the same parameters, this time choose to "delete" the TDSS file system

Please advise how the computer is running now and if there are any outstanding issues

Edited by CatByte, 02 September 2012 - 09:44 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 Jesson125

Jesson125
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:34 PM

Posted 02 September 2012 - 11:24 PM

As soon as TDSSKiller deleted the TDSS file system, my antivirus alerted me to 4 trojans and 1 rootkit all stemming from c:\tdsskiller_quarantine\etc....

it appears to have blocked them.

Edited by Jesson125, 02 September 2012 - 11:26 PM.


#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:34 PM

Posted 03 September 2012 - 07:24 AM

you don't need to worry about those detections, as they are already in quarantine, they can no longer harm your computer.

how is the computer running now?

Are there any outstanding issues?

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 Jesson125

Jesson125
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:34 PM

Posted 03 September 2012 - 02:59 PM

No other issues. Everything appears to be in order.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users