Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Zeroaccess C Relapse?


  • This topic is locked This topic is locked
27 replies to this topic

#1 z3n_Force

z3n_Force

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:45 PM

Posted 22 March 2014 - 12:43 AM

Hello,
 
A few months ago I seemingly got rid of a Zeroaccess B & C variant. Combined or singular I have no idea but that's what Norton was reporting.
 
Anyway, on to business. 
 
I noticed a folder today.
It was called 34BE82C4-E596-4e99-A191-52C6199EBF69.
 
It was very out of place so I did a quick google search with zeroaccess tacked on. An old post from this forum with the folder being deleted by combofix appeared.
 
So it seems I may need real help from you guys, not just old forum posts. 
 
 
 
To start us off here's a combofix log.  
 
ComboFix 14-03-19.01 - owner 22/03/2014   1:29.7.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.2.1033.18.32713.28643 [GMT -4:00]
Running from: c:\users\owner\Desktop\ComboFix.exe
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
FW: Privatefirewall *Enabled* {16337F50-A853-219F-6DEC-E7BDA0A7E8E7}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
.
(((((((((((((((((((((((((   Files Created from 2014-02-22 to 2014-03-22  )))))))))))))))))))))))))))))))
.
.
2014-03-22 05:33 . 2014-03-22 05:33 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-03-22 05:33 . 2014-03-22 05:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-22 04:44 . 2014-03-22 04:44 -------- d-----w- c:\users\owner\AppData\Local\Privatefirewall
2014-03-22 04:37 . 2013-09-30 01:24 133152 ----a-w- c:\windows\system32\drivers\pwipf6.sys
2014-03-22 04:37 . 2014-03-22 04:37 -------- d-----w- c:\programdata\Privacyware
2014-03-22 04:37 . 2014-03-22 04:37 -------- d-----w- c:\program files (x86)\Privacyware
2014-03-22 04:33 . 2014-03-22 04:34 -------- d-----w- c:\program files\HitmanPro
2014-03-22 03:18 . 2014-03-22 03:18 -------- d-----w- c:\users\owner\AppData\Roaming\Opera Software
2014-03-22 03:18 . 2014-03-22 03:18 -------- d-----w- c:\users\owner\AppData\Local\Opera Software
2014-03-22 03:18 . 2014-03-22 03:18 -------- d-----w- c:\program files (x86)\Opera
2014-03-21 05:39 . 2014-03-22 03:04 -------- d-----w- c:\windows\system32\catroot2
2014-03-21 05:35 . 2014-03-22 04:44 -------- d-----w- c:\windows\system32\wbem\repository
2014-03-21 05:35 . 2014-03-21 05:35 -------- d-----w- c:\windows\SysWow64\wbem\Performance
2014-03-21 05:30 . 2014-03-21 05:41 181064 ----a-w- c:\windows\PSEXESVC.EXE
2014-03-21 05:29 . 2014-03-21 05:29 -------- d-----w- C:\RegBackup
2014-03-21 04:55 . 2014-03-21 05:05 -------- d-----w- C:\TDSSKiller_Quarantine
2014-03-21 04:46 . 2014-03-21 04:46 -------- d-----w- c:\program files (x86)\Tweaking.com
2014-03-19 08:45 . 2014-03-19 08:55 -------- d-----w- c:\program files (x86)\Hosts_Anti_Adwares_PUPs
2014-03-19 08:27 . 2014-03-19 08:27 -------- d-----w- c:\programdata\Kaspersky Lab
2014-03-19 08:11 . 2014-03-19 08:14 309320 ----a-w- c:\windows\SysWow64\drivers\TrufosAlt.sys
2014-03-19 07:45 . 2014-03-19 07:45 -------- d-----w- c:\program files (x86)\ESET
2014-03-19 05:09 . 2014-03-19 05:09 -------- d-----w- c:\windows\system32\drivers\N360x64\1502000.026
2014-03-15 13:17 . 2014-03-15 13:17 -------- d-----w- C:\tmp
2014-03-09 02:01 . 2014-03-09 02:03 -------- d-----w- c:\programdata\SUPERSetup
2014-03-07 22:52 . 2014-03-07 22:52 -------- d-----w- c:\users\owner\AppData\Roaming\Winff
2014-03-06 05:15 . 2014-03-06 05:25 -------- d-----w- c:\program files\WinFF
2014-03-05 00:26 . 2014-03-05 00:52 -------- d-----w- c:\users\owner\AppData\Roaming\TeamViewer
2014-03-05 00:23 . 2014-03-05 00:23 -------- d-----w- c:\program files (x86)\TeamViewer
2014-02-27 18:51 . 2014-02-27 19:04 -------- d-----w- c:\users\owner\AppData\Local\ESL Wire Game Client
2014-02-27 18:51 . 2014-02-27 18:51 -------- d-----w- c:\program files\EslWire
2014-02-27 18:51 . 2014-02-27 18:51 -------- d-----w- c:\programdata\ESL Wire
2014-02-27 17:41 . 2014-02-27 17:41 -------- d-----w- c:\users\owner\AppData\Roaming\OpenVPN Technologies
2014-02-27 17:41 . 2014-02-27 17:41 -------- d-----w- c:\users\owner\AppData\Local\OpenVPN Technologies
2014-02-27 17:35 . 2014-02-27 17:38 -------- d-----w- c:\users\owner\AppData\Roaming\PrivateTunnel
2014-02-27 17:35 . 2014-02-27 17:41 -------- d-----w- c:\program files (x86)\OpenVPN Technologies
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-12 18:55 . 2013-05-25 21:43 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 18:55 . 2013-05-25 21:43 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-09 01:47 . 2013-12-31 18:16 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-02-14 00:01 . 2014-02-13 13:17 128320 ----a-w- c:\windows\system32\IObitSmartDefragExtension.dll
2014-01-16 14:43 . 2014-01-16 14:43 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-24 15:40 . 2013-05-29 00:12 21184 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2013-10-23 06:39 . 2013-10-24 18:39 44 ----a-w- c:\program files (x86)\a8ec4c03.tmp
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-08-27 04:42 220632 ----a-w- c:\users\owner\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-08-27 04:42 220632 ----a-w- c:\users\owner\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-08-27 04:42 220632 ----a-w- c:\users\owner\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2014-02-25 1821888]
"Akamai NetSession Interface"="c:\users\owner\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472]
"icq"="c:\users\owner\AppData\Roaming\ICQM\icq.exe" [2014-02-10 33664344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-05-20 291648]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-11-25 25600]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"PCE-AC66 WLAN Control Center"="c:\program files (x86)\ASUS\PCE-AC66 WLAN Card Utilities\WlanMgr.exe" [2012-12-03 9440256]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-10-01 152392]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"HOSTS Anti-Adware_PUPs"="c:\program files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe" [2014-03-19 302961]
"Privatefirewall"="c:\program files (x86)\Privacyware\Privatefirewall 7.0\PFGUI.exe" [2013-12-17 3048480]
.
c:\users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2013-5-28 576000]
Samsung Magician.lnk - c:\program files (x86)\Samsung Magician\Samsung Magician.exe  /AUTOHIDE [2013-12-20 4580256]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-11-28 1338656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ   scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HOSTS Anti-PUPs;HOSTS Anti-PUPs;c:\program files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe;c:\program files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R2 OpenVPNAccessClient;OpenVPN Access Client;c:\program files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe;c:\program files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys;c:\windows\SYSNATIVE\DRIVERS\bcmvwl64.sys [x]
R3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys;c:\windows\SYSNATIVE\DRIVERS\btwdpan.sys [x]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS;c:\windows\SYSNATIVE\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS;c:\windows\SYSNATIVE\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS;c:\windows\SYSNATIVE\drivers\CTHWIUT.SYS [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;k:\games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe;k:\games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 GPU-Z;GPU-Z; [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver;c:\windows\system32\DRIVERS\PcaSp60.sys;c:\windows\SYSNATIVE\DRIVERS\PcaSp60.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 shy;shy; [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys;c:\windows\SYSNATIVE\DRIVERS\asahci64.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1501000.012\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1501000.012\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1501000.012\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1501000.012\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140214.001\BHDrvx64.sys;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140214.001\BHDrvx64.sys [x]
S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1501000.012\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1501000.012\ccSetx64.sys [x]
S1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\program files\Malwarebytes Anti-Exploit\MBAE.sys;c:\program files\Malwarebytes Anti-Exploit\MBAE.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140321.001\IDSvia64.sys;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140321.001\IDSvia64.sys [x]
S1 pwipf6;Privacyware Filter Driver;c:\windows\system32\DRIVERS\pwipf6.sys;c:\windows\SYSNATIVE\DRIVERS\pwipf6.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1501000.012\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1501000.012\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1501000.012\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1501000.012\SYMNETS.SYS [x]
S2 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 EslWireHelper;ESL Wire Helper Service;c:\program files\EslWire\service\WireHelperSvc.exe;c:\program files\EslWire\service\WireHelperSvc.exe [x]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\21.1.0.18\N360.exe;c:\program files (x86)\Norton 360\Engine\21.1.0.18\N360.exe [x]
S2 PFNet;Privacyware network service;c:\program files (x86)\Privacyware\Privatefirewall 7.0\pfsvc.exe;c:\program files (x86)\Privacyware\Privatefirewall 7.0\pfsvc.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS;c:\windows\SYSNATIVE\drivers\CT20XUT.SYS [x]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS;c:\windows\SYSNATIVE\drivers\CTEXFIFX.SYS [x]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS;c:\windows\SYSNATIVE\drivers\CTHWIUT.SYS [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys;c:\windows\SYSNATIVE\drivers\ha20x22k.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTCore64;RTCore64;c:\program files (x86)\EVGA Precision X\RTCore64.sys;c:\program files (x86)\EVGA Precision X\RTCore64.sys [x]
S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys;c:\windows\SYSNATIVE\DRIVERS\tapoas.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-25 18:55]
.
2014-03-22 c:\windows\Tasks\Malwarebytes Anti-Exploit.job
- c:\program files\Malwarebytes Anti-Exploit\mbae-loader.exe [2014-01-17 15:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2014-01-09 05:14 2486592 ----a-w- c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-08-27 04:42 244696 ----a-w- c:\users\owner\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-08-27 04:42 244696 ----a-w- c:\users\owner\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-08-27 04:42 244696 ----a-w- c:\users\owner\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-08-07 6827664]
"Broadcom Wireless Manager UI"="c:\program files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe" [2013-05-09 7144960]
"AsioReg"="CTASIO.DLL" [BU]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-10-18 1063200]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: aeriagames.com
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{1B2669EF-4A6C-4202-A3B5-0CD09F25CCA3}: NameServer = 209.250.128.6,66.163.0.173
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\21.1.0.18\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\21.1.0.18\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\N360x64\1501000.012\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton 360\Engine\21.1.0.18;c:\program files (x86)\Norton 360\Engine64\21.1.0.18"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2014-03-22  01:34:41
ComboFix-quarantined-files.txt  2014-03-22 05:34
ComboFix2.txt  2014-03-22 04:04
ComboFix3.txt  2014-03-21 05:23
.
Pre-Run: 42,558,758,912 bytes free
Post-Run: 42,218,274,816 bytes free
.
- - End Of File - - 87C1BC07025B6FF4717C94FAD9B100EA
 


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,731 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:45 PM

Posted 27 March 2014 - 12:45 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/528301 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 z3n_Force

z3n_Force
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:45 PM

Posted 27 March 2014 - 12:30 PM

I noticed when I have a CD in my drive symptoms similar to zeroacess start to surface, like an inability to start executables and freezes when loading up my computer. Loading it as last known good configuration let me bypass the freezes but not the inability to start executable files or anything for that matter.

 

 

The only thing that let me use my computer as normal was taking out the CD.

 

I've run many scans through different virus removal utilities to check that the infection was gone... It seems so but this makes me question once again whether it is truly gone or not. 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 8.0.7601.17514  BrowserJavaVersion: 10.51.2
Run by owner at 13:21:08 on 2014-03-27
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.32713.28306 [GMT -4:00]
.
AV: Norton 360 *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton 360 *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Norton 360 *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
FW: Privatefirewall *Enabled* {16337F50-A853-219F-6DEC-E7BDA0A7E8E7}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\HitmanPro\hmpsched.exe
C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\pfsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files\EslWire\service\WireHelperSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\N360.exe
C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE
C:\Users\owner\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Users\owner\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Program Files (x86)\ASUS\PCE-AC66 WLAN Card Utilities\WlanMgr.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\PFGUI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\N360.exe
C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 6\RealTimeProtector.exe
C:\Program Files (x86)\SRWare Iron\iron.exe
C:\Program Files (x86)\SRWare Iron\iron.exe
C:\Program Files (x86)\SRWare Iron\iron.exe
C:\Program Files (x86)\SRWare Iron\iron.exe
C:\Users\owner\AppData\Roaming\ICQM\icq.exe
C:\Program Files (x86)\SRWare Iron\iron.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\SRWare Iron\iron.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 6\DelayLoad.exe
C:\Program Files (x86)\SRWare Iron\iron.exe
C:\Program Files (x86)\SRWare Iron\iron.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyOverride = <local>
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\ips\ipsbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Microsoft Web Test Recorder 10.0 Helper: {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\coieplg.dll
EB: Web Test Recorder 10.0: {3142c289-f319-47f5-a594-a827028714c9} - 
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Akamai NetSession Interface] "C:\Users\owner\AppData\Local\Akamai\netsession_win.exe"
uRun: [icq] C:\Users\owner\AppData\Roaming\ICQM\icq.exe -CU
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [PCE-AC66 WLAN Control Center] C:\Program Files (x86)\ASUS\PCE-AC66 WLAN Card Utilities\WlanMgr.exe /hide
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [HOSTS Anti-Adware_PUPs] C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
mRun: [Privatefirewall] C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\PFGUI.exe
StartupFolder: C:\Users\owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
StartupFolder: C:\Users\owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SAMSUN~1.LNK - C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{1B2669EF-4A6C-4202-A3B5-0CD09F25CCA3} : NameServer = 209.250.128.6,66.163.0.173
TCP: Interfaces\{1B2669EF-4A6C-4202-A3B5-0CD09F25CCA3} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{5420C432-FD87-4B0D-ACEA-F435E5DA69B9}\2454C4C4038303 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{66FDA601-6238-4E84-9EA6-F9EE6D4BF583} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{66FDA601-6238-4E84-9EA6-F9EE6D4BF583}\1434E42424 : DHCPNameServer = 10.100.2.1
TCP: Interfaces\{66FDA601-6238-4E84-9EA6-F9EE6D4BF583}\2454C4C4038303 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{66FDA601-6238-4E84-9EA6-F9EE6D4BF583}\7556374705F696E6473363 : DHCPNameServer = 64.71.255.204 64.71.255.198
TCP: Interfaces\{F66E2C78-9ED6-4C76-AA45-D8F55C74A592} : DHCPNameServer = 195.60.76.114 195.60.76.115
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages =  scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
x64-BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.2.0.38\coieplg.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.2.0.38\coieplg.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe
x64-Run: [AsioReg] REGSVR32 /S CTASIO.DLL
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - <orphaned>
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2012-1-6 49760]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-5-8 19264]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2013-5-28 21184]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1502000.026\symds64.sys [2014-3-19 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1502000.026\symefa64.sys [2014-3-19 1148120]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140319.001\BHDrvx64.sys [2014-3-18 1525976]
R1 ccSet_N360;N360 Settings Manager;C:\Windows\System32\drivers\N360x64\1502000.026\ccsetx64.sys [2014-3-19 162392]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [2014-1-17 62168]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140326.001\IDSviA64.sys [2014-3-27 525016]
R1 pwipf6;Privacyware Filter Driver;C:\Windows\System32\drivers\pwipf6.sys [2014-3-22 133152]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1502000.026\ironx64.sys [2014-3-19 264280]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1502000.026\symnets.sys [2014-3-19 593112]
R2 AdvancedSystemCareService7;Advanced SystemCare Service 7;C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2014-1-9 881440]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-3-3 1363584]
R2 EslWireHelper;ESL Wire Helper Service;C:\Program Files\EslWire\service\WireHelperSvc.exe [2014-2-27 663056]
R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2014-3-22 127752]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-5-8 13592]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-7-27 170824]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-5-8 166720]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-12-20 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-12-20 701512]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\n360.exe [2014-3-19 265040]
R2 OpenVPNAccessClient;OpenVPN Access Client;C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [2010-8-12 24064]
R2 PFNet;Privacyware network service;C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\pfsvc.exe [2013-12-17 374600]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-1-9 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-1-9 1042272]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-1-9 171416]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-3-4 4915040]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-5-8 365376]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-3 130536]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-3 395752]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\System32\drivers\bcbtums.sys [2013-5-8 134696]
R3 btwampfl;btwampfl Bluetooth filter driver;C:\Windows\System32\drivers\btwampfl.sys [2013-5-8 620584]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2013-5-8 39976]
R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.sys [2013-5-23 230488]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.sys [2013-5-23 1494104]
R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.sys [2013-5-23 95320]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-3-21 137648]
R3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\System32\drivers\ha20x22k.sys [2013-5-23 1678936]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-5-8 357184]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-5-8 789824]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-12-20 25928]
R3 RTCore64;RTCore64;C:\Program Files (x86)\EVGA Precision X\RTCore64.sys [2013-7-17 15176]
R3 tapoas;TAP-Win32 Adapter OAS;C:\Windows\System32\drivers\tapoas.sys [2012-7-15 30720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 HOSTS Anti-PUPs;HOSTS Anti-PUPs;C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe -update --> C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe -update [?]
S2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2014-1-9 2151200]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-7-25 162672]
S3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\System32\drivers\bcmvwl64.sys [2013-5-8 21568]
S3 BTWDPAN;Bluetooth Personal Area Network;C:\Windows\System32\drivers\btwdpan.sys [2013-5-8 89640]
S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.sys [2013-5-23 230488]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.sys [2013-5-23 1494104]
S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.sys [2013-5-23 95320]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;K:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe [2014-3-21 25832]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver;C:\Windows\System32\drivers\PcaSp60.sys [2013-5-25 38912]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-5-28 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-3-22 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-5-28 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-1-9 1255736]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [UserChoice]
ShellExec: Opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2014-03-25 03:07:24	--------	d-----w-	C:\Users\owner\Doctor Web
2014-03-25 03:02:10	6574592	----a-w-	C:\Windows\System32\mstscax.dll
2014-03-25 03:02:10	5694464	----a-w-	C:\Windows\SysWow64\mstscax.dll
2014-03-25 02:39:51	--------	d-----w-	C:\FRST
2014-03-22 19:01:53	--------	d-sh--w-	C:\$RECYCLE.BIN
2014-03-22 15:28:54	--------	d-s---w-	C:\ComboFix
2014-03-22 04:44:05	--------	d-----w-	C:\Users\owner\AppData\Local\Privatefirewall
2014-03-22 04:37:07	133152	----a-w-	C:\Windows\System32\drivers\pwipf6.sys
2014-03-22 04:37:06	--------	d-----w-	C:\ProgramData\Privacyware
2014-03-22 04:37:06	--------	d-----w-	C:\Program Files (x86)\Privacyware
2014-03-22 04:33:37	--------	d-----w-	C:\Program Files\HitmanPro
2014-03-22 03:18:52	--------	d-----w-	C:\Users\owner\AppData\Roaming\Opera Software
2014-03-22 03:18:52	--------	d-----w-	C:\Users\owner\AppData\Local\Opera Software
2014-03-21 05:39:05	--------	d-----w-	C:\Windows\System32\catroot2
2014-03-21 05:35:42	--------	d-----w-	C:\Windows\System32\wbem\repository
2014-03-21 05:35:30	--------	d-----w-	C:\Windows\SysWow64\wbem\Performance
2014-03-21 05:29:25	--------	d-----w-	C:\RegBackup
2014-03-21 04:55:16	--------	d-----w-	C:\TDSSKiller_Quarantine
2014-03-21 04:46:37	--------	d-----w-	C:\Program Files (x86)\Tweaking.com
2014-03-19 08:45:02	--------	d-----w-	C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
2014-03-19 08:27:43	--------	d-----w-	C:\ProgramData\Kaspersky Lab
2014-03-19 08:11:28	309320	----a-w-	C:\Windows\SysWow64\drivers\TrufosAlt.sys
2014-03-19 07:45:39	--------	d-----w-	C:\Program Files (x86)\ESET
2014-03-19 05:09:20	875736	----a-w-	C:\Windows\System32\drivers\N360x64\1502000.026\srtsp64.sys
2014-03-19 05:09:20	593112	----a-w-	C:\Windows\System32\drivers\N360x64\1502000.026\symnets.sys
2014-03-19 05:09:20	493656	----a-r-	C:\Windows\System32\drivers\N360x64\1502000.026\symds64.sys
2014-03-19 05:09:20	36952	----a-r-	C:\Windows\System32\drivers\N360x64\1502000.026\srtspx64.sys
2014-03-19 05:09:20	264280	----a-r-	C:\Windows\System32\drivers\N360x64\1502000.026\ironx64.sys
2014-03-19 05:09:20	23568	----a-r-	C:\Windows\System32\drivers\N360x64\1502000.026\symelam.sys
2014-03-19 05:09:20	162392	----a-r-	C:\Windows\System32\drivers\N360x64\1502000.026\ccsetx64.sys
2014-03-19 05:09:20	1148120	----a-w-	C:\Windows\System32\drivers\N360x64\1502000.026\symefa64.sys
2014-03-19 05:09:16	--------	d-----w-	C:\Windows\System32\drivers\N360x64\1502000.026
2014-03-15 13:17:24	--------	d-----w-	C:\tmp
2014-03-07 22:52:44	--------	d-----w-	C:\Users\owner\AppData\Roaming\Winff
2014-03-06 05:15:20	--------	d-----w-	C:\Program Files\WinFF
2014-03-05 00:26:57	--------	d-----w-	C:\Users\owner\AppData\Roaming\TeamViewer
2014-03-05 00:23:30	--------	d-----w-	C:\Program Files (x86)\TeamViewer
2014-02-27 18:51:23	--------	d-----w-	C:\Users\owner\AppData\Local\ESL Wire Game Client
2014-02-27 18:51:21	--------	d-----w-	C:\ProgramData\ESL Wire
2014-02-27 18:51:21	--------	d-----w-	C:\Program Files\EslWire
2014-02-27 17:41:11	--------	d-----w-	C:\Users\owner\AppData\Roaming\OpenVPN Technologies
2014-02-27 17:41:11	--------	d-----w-	C:\Users\owner\AppData\Local\OpenVPN Technologies
2014-02-27 17:35:48	--------	d-----w-	C:\Users\owner\AppData\Roaming\PrivateTunnel
2014-02-27 17:35:40	--------	d-----w-	C:\Program Files (x86)\OpenVPN Technologies
.
==================== Find3M  ====================
.
2014-03-12 18:55:24	71048	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 18:55:24	692616	----a-w-	C:\Windows\SysWow64\FlashPlayerApp.exe
2014-02-24 15:59:53	1188864	----a-w-	C:\Windows\System32\wininet.dll
2014-02-24 15:35:41	981504	----a-w-	C:\Windows\SysWow64\wininet.dll
2014-02-24 14:01:31	1638912	----a-w-	C:\Windows\System32\mshtml.tlb
2014-02-24 13:39:32	1638912	----a-w-	C:\Windows\SysWow64\mshtml.tlb
2014-02-14 00:01:38	128320	----a-w-	C:\Windows\System32\IObitSmartDefragExtension.dll
2014-02-07 01:23:30	3156480	----a-w-	C:\Windows\System32\win32k.sys
2014-02-04 02:32:22	1424384	----a-w-	C:\Windows\System32\WindowsCodecs.dll
2014-02-04 02:32:12	624128	----a-w-	C:\Windows\System32\qedit.dll
2014-02-04 02:04:22	1230336	----a-w-	C:\Windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04:11	509440	----a-w-	C:\Windows\SysWow64\qedit.dll
2014-01-29 02:32:18	484864	----a-w-	C:\Windows\System32\wer.dll
2014-01-29 02:06:47	381440	----a-w-	C:\Windows\SysWow64\wer.dll
2014-01-28 02:32:46	228864	----a-w-	C:\Windows\System32\wwansvc.dll
2014-01-16 14:43:17	96168	----a-w-	C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-23 06:39:00	44	----a-w-	C:\Program Files (x86)\a8ec4c03.tmp
.
============= FINISH: 13:21:29.50 ===============



#4 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:45 PM

Posted 28 March 2014 - 07:04 AM

Hi and Welcome!!   
 
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to the topic if you have not already done so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.

 
Having said that....   YBCQLm4.gif   Let's get going!!  
----------
 
Run a new scan please with DDS and post the new DDS.txt log.
---------
 

weVCzW0.jpg Please download TDSSKiller

  • Double click TDSSKiller.exe
  • Press Start Scan but do nothing else as we are just looking for what is there.
  • If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
  • Attach the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#5 z3n_Force

z3n_Force
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:45 PM

Posted 28 March 2014 - 11:18 AM

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 8.0.7601.17514  BrowserJavaVersion: 10.51.2
Run by owner at 12:11:45 on 2014-03-28
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.32713.27868 [GMT -4:00]
.
AV: Norton 360 *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton 360 *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Norton 360 *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
FW: Privatefirewall *Disabled* {16337F50-A853-219F-6DEC-E7BDA0A7E8E7}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\pfsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files\EslWire\service\WireHelperSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\N360.exe
C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE
C:\Program Files (x86)\Steam\Steam.exe
C:\Users\owner\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Miner\Simple CPU Miner - 64bit\ProcessD.exe
C:\Program Files (x86)\Miner\Simple GPU Miner\ProcessG.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Users\owner\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\PFGUI.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\N360.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe
C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe
C:\Program Files (x86)\Miner\Simple GPU Miner\Cgminer\cgminer.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 6\RealTimeProtector.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Users\owner\AppData\Roaming\ICQM\icq.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\SRWare Iron\iron.exe
C:\Program Files (x86)\SRWare Iron\iron.exe
C:\Program Files (x86)\SRWare Iron\iron.exe
C:\Program Files (x86)\SRWare Iron\iron.exe
C:\Program Files (x86)\SRWare Iron\iron.exe
C:\Program Files (x86)\SRWare Iron\iron.exe
C:\Program Files (x86)\Dogecoin\dogecoin-qt.exe
C:\Program Files (x86)\SRWare Iron\iron.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 6\DelayLoad.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\NVIDIA Corporation\Control Panel Client\nvcplui.exe
C:\Program Files (x86)\SRWare Iron\iron.exe
C:\Program Files (x86)\SRWare Iron\iron.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyOverride = <local>
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\ips\ipsbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Microsoft Web Test Recorder 10.0 Helper: {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\coieplg.dll
EB: Web Test Recorder 10.0: {3142c289-f319-47f5-a594-a827028714c9} - 
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Akamai NetSession Interface] "C:\Users\owner\AppData\Local\Akamai\netsession_win.exe"
uRun: [icq] C:\Users\owner\AppData\Roaming\ICQM\icq.exe -CU
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [HOSTS Anti-Adware_PUPs] C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
mRun: [Privatefirewall] C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\PFGUI.exe
StartupFolder: C:\Users\owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
StartupFolder: C:\Users\owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SAMSUN~1.LNK - C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STARTU~1.LNK - C:\Program Files (x86)\Miner\Simple CPU Miner - 64bit\ProcessD.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STARTU~2.LNK - C:\Program Files (x86)\Miner\Simple GPU Miner\ProcessG.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{1B2669EF-4A6C-4202-A3B5-0CD09F25CCA3} : NameServer = 209.250.128.6,66.163.0.173
TCP: Interfaces\{1B2669EF-4A6C-4202-A3B5-0CD09F25CCA3} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{5420C432-FD87-4B0D-ACEA-F435E5DA69B9}\2454C4C4038303 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{66FDA601-6238-4E84-9EA6-F9EE6D4BF583} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{66FDA601-6238-4E84-9EA6-F9EE6D4BF583}\1434E42424 : DHCPNameServer = 10.100.2.1
TCP: Interfaces\{66FDA601-6238-4E84-9EA6-F9EE6D4BF583}\2454C4C4038303 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{66FDA601-6238-4E84-9EA6-F9EE6D4BF583}\7556374705F696E6473363 : DHCPNameServer = 64.71.255.204 64.71.255.198
TCP: Interfaces\{F66E2C78-9ED6-4C76-AA45-D8F55C74A592} : DHCPNameServer = 195.60.76.114 195.60.76.115
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages =  scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
x64-BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.2.0.38\coieplg.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.2.0.38\coieplg.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe
x64-Run: [AsioReg] REGSVR32 /S CTASIO.DLL
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - <orphaned>
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2012-1-6 49760]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-5-8 19264]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2013-5-28 21184]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1502000.026\symds64.sys [2014-3-19 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1502000.026\symefa64.sys [2014-3-19 1148120]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140319.001\BHDrvx64.sys [2014-3-18 1525976]
R1 ccSet_N360;N360 Settings Manager;C:\Windows\System32\drivers\N360x64\1502000.026\ccsetx64.sys [2014-3-19 162392]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [2014-1-17 62168]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140327.001\IDSviA64.sys [2014-3-27 525016]
R1 pwipf6;Privacyware Filter Driver;C:\Windows\System32\drivers\pwipf6.sys [2014-3-22 133152]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1502000.026\ironx64.sys [2014-3-19 264280]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1502000.026\symnets.sys [2014-3-19 593112]
R2 AdvancedSystemCareService7;Advanced SystemCare Service 7;C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2014-1-9 881440]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-3-3 1363584]
R2 EslWireHelper;ESL Wire Helper Service;C:\Program Files\EslWire\service\WireHelperSvc.exe [2014-2-27 663056]
R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2014-3-22 127752]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-5-8 13592]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-7-27 170824]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-5-8 166720]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-12-20 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-12-20 701512]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\n360.exe [2014-3-19 265040]
R2 OpenVPNAccessClient;OpenVPN Access Client;C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [2010-8-12 24064]
R2 PFNet;Privacyware network service;C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\pfsvc.exe [2013-12-17 374600]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-1-9 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-1-9 1042272]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-1-9 171416]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-3-4 4915040]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-5-8 365376]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-3 130536]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-3 395752]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\System32\drivers\bcbtums.sys [2013-5-8 134696]
R3 btwampfl;btwampfl Bluetooth filter driver;C:\Windows\System32\drivers\btwampfl.sys [2013-5-8 620584]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2013-5-8 39976]
R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.sys [2013-5-23 230488]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.sys [2013-5-23 1494104]
R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.sys [2013-5-23 95320]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-3-21 137648]
R3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\System32\drivers\ha20x22k.sys [2013-5-23 1678936]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-5-8 357184]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-5-8 789824]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-12-20 25928]
R3 RTCore64;RTCore64;C:\Program Files (x86)\EVGA Precision X\RTCore64.sys [2013-7-17 15176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 HOSTS Anti-PUPs;HOSTS Anti-PUPs;C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe -update --> C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe -update [?]
S2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2014-1-9 2151200]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-7-25 162672]
S3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\System32\drivers\bcmvwl64.sys [2013-5-8 21568]
S3 BTWDPAN;Bluetooth Personal Area Network;C:\Windows\System32\drivers\btwdpan.sys [2013-5-8 89640]
S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.sys [2013-5-23 230488]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.sys [2013-5-23 1494104]
S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.sys [2013-5-23 95320]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;K:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe [2014-3-21 25832]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver;C:\Windows\System32\drivers\PcaSp60.sys [2013-5-25 38912]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-5-28 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 tapoas;TAP-Win32 Adapter OAS;C:\Windows\System32\drivers\tapoas.sys [2012-7-15 30720]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-3-22 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-5-28 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-1-9 1255736]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [UserChoice]
ShellExec: Opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2014-03-28 03:47:53	--------	d-----w-	C:\Program Files (x86)\Miner
2014-03-28 03:33:56	--------	d-----w-	C:\Program Files (x86)\MSI Afterburner
2014-03-28 03:15:33	--------	d-----w-	C:\Users\owner\AppData\Roaming\Dogecoin
2014-03-28 03:15:25	--------	d-----w-	C:\Program Files (x86)\Dogecoin
2014-03-25 03:07:24	--------	d-----w-	C:\Users\owner\Doctor Web
2014-03-25 03:02:10	6574592	----a-w-	C:\Windows\System32\mstscax.dll
2014-03-25 03:02:10	5694464	----a-w-	C:\Windows\SysWow64\mstscax.dll
2014-03-25 02:39:51	--------	d-----w-	C:\FRST
2014-03-22 19:01:53	--------	d-sh--w-	C:\$RECYCLE.BIN
2014-03-22 15:28:54	--------	d-s---w-	C:\ComboFix
2014-03-22 04:44:05	--------	d-----w-	C:\Users\owner\AppData\Local\Privatefirewall
2014-03-22 04:37:07	133152	----a-w-	C:\Windows\System32\drivers\pwipf6.sys
2014-03-22 04:37:06	--------	d-----w-	C:\ProgramData\Privacyware
2014-03-22 04:37:06	--------	d-----w-	C:\Program Files (x86)\Privacyware
2014-03-22 04:33:37	--------	d-----w-	C:\Program Files\HitmanPro
2014-03-22 03:18:52	--------	d-----w-	C:\Users\owner\AppData\Roaming\Opera Software
2014-03-22 03:18:52	--------	d-----w-	C:\Users\owner\AppData\Local\Opera Software
2014-03-21 05:39:05	--------	d-----w-	C:\Windows\System32\catroot2
2014-03-21 05:35:42	--------	d-----w-	C:\Windows\System32\wbem\repository
2014-03-21 05:35:30	--------	d-----w-	C:\Windows\SysWow64\wbem\Performance
2014-03-21 05:29:25	--------	d-----w-	C:\RegBackup
2014-03-21 04:55:16	--------	d-----w-	C:\TDSSKiller_Quarantine
2014-03-21 04:46:37	--------	d-----w-	C:\Program Files (x86)\Tweaking.com
2014-03-19 08:45:02	--------	d-----w-	C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
2014-03-19 08:27:43	--------	d-----w-	C:\ProgramData\Kaspersky Lab
2014-03-19 08:11:28	309320	----a-w-	C:\Windows\SysWow64\drivers\TrufosAlt.sys
2014-03-19 07:45:39	--------	d-----w-	C:\Program Files (x86)\ESET
2014-03-19 05:09:20	875736	----a-w-	C:\Windows\System32\drivers\N360x64\1502000.026\srtsp64.sys
2014-03-19 05:09:20	593112	----a-w-	C:\Windows\System32\drivers\N360x64\1502000.026\symnets.sys
2014-03-19 05:09:20	493656	----a-r-	C:\Windows\System32\drivers\N360x64\1502000.026\symds64.sys
2014-03-19 05:09:20	36952	----a-r-	C:\Windows\System32\drivers\N360x64\1502000.026\srtspx64.sys
2014-03-19 05:09:20	264280	----a-r-	C:\Windows\System32\drivers\N360x64\1502000.026\ironx64.sys
2014-03-19 05:09:20	23568	----a-r-	C:\Windows\System32\drivers\N360x64\1502000.026\symelam.sys
2014-03-19 05:09:20	162392	----a-r-	C:\Windows\System32\drivers\N360x64\1502000.026\ccsetx64.sys
2014-03-19 05:09:20	1148120	----a-w-	C:\Windows\System32\drivers\N360x64\1502000.026\symefa64.sys
2014-03-19 05:09:16	--------	d-----w-	C:\Windows\System32\drivers\N360x64\1502000.026
2014-03-15 13:17:24	--------	d-----w-	C:\tmp
2014-03-07 22:52:44	--------	d-----w-	C:\Users\owner\AppData\Roaming\Winff
2014-03-06 05:15:20	--------	d-----w-	C:\Program Files\WinFF
2014-03-05 00:26:57	--------	d-----w-	C:\Users\owner\AppData\Roaming\TeamViewer
2014-03-05 00:23:30	--------	d-----w-	C:\Program Files (x86)\TeamViewer
2014-02-27 18:51:23	--------	d-----w-	C:\Users\owner\AppData\Local\ESL Wire Game Client
2014-02-27 18:51:21	--------	d-----w-	C:\ProgramData\ESL Wire
2014-02-27 18:51:21	--------	d-----w-	C:\Program Files\EslWire
2014-02-27 17:41:11	--------	d-----w-	C:\Users\owner\AppData\Roaming\OpenVPN Technologies
2014-02-27 17:41:11	--------	d-----w-	C:\Users\owner\AppData\Local\OpenVPN Technologies
2014-02-27 17:35:48	--------	d-----w-	C:\Users\owner\AppData\Roaming\PrivateTunnel
2014-02-27 17:35:40	--------	d-----w-	C:\Program Files (x86)\OpenVPN Technologies
.
==================== Find3M  ====================
.
2014-03-12 18:55:24	71048	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 18:55:24	692616	----a-w-	C:\Windows\SysWow64\FlashPlayerApp.exe
2014-02-24 15:59:53	1188864	----a-w-	C:\Windows\System32\wininet.dll
2014-02-24 15:35:41	981504	----a-w-	C:\Windows\SysWow64\wininet.dll
2014-02-24 14:01:31	1638912	----a-w-	C:\Windows\System32\mshtml.tlb
2014-02-24 13:39:32	1638912	----a-w-	C:\Windows\SysWow64\mshtml.tlb
2014-02-14 00:01:38	128320	----a-w-	C:\Windows\System32\IObitSmartDefragExtension.dll
2014-02-07 01:23:30	3156480	----a-w-	C:\Windows\System32\win32k.sys
2014-02-04 02:32:22	1424384	----a-w-	C:\Windows\System32\WindowsCodecs.dll
2014-02-04 02:32:12	624128	----a-w-	C:\Windows\System32\qedit.dll
2014-02-04 02:04:22	1230336	----a-w-	C:\Windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04:11	509440	----a-w-	C:\Windows\SysWow64\qedit.dll
2014-01-29 02:32:18	484864	----a-w-	C:\Windows\System32\wer.dll
2014-01-29 02:06:47	381440	----a-w-	C:\Windows\SysWow64\wer.dll
2014-01-28 02:32:46	228864	----a-w-	C:\Windows\System32\wwansvc.dll
2014-01-16 14:43:17	96168	----a-w-	C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-23 06:39:00	44	----a-w-	C:\Program Files (x86)\a8ec4c03.tmp
.
============= FINISH: 12:11:53.89 ===============

Thanks Jeff, also I am able to reformat my system but I would prefer to try and work through it with you. One last thing, if you see any dogecoin/coin mining related processes/folders that's my own doing I installed some last night after becoming curious about the process.

 

TDDSKiller log coming after a restart of my computer.


Edited by z3n_Force, 28 March 2014 - 11:20 AM.


#6 z3n_Force

z3n_Force
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:45 PM

Posted 28 March 2014 - 11:57 AM

I had to split it up since the TDDSKiller file turned out to be 1.1MB

 

Strangely I looked back through them ... I tried to do a screencapture and paste into paint then save as a jpg but paint keeps freezing when I try to do that. Quite unusual behaviour.

 

Anyway, the tddslogs all vary, from 1KB to 250KB or so, to 750KB and then 2 logs with as much as 1MB. The newest one being one of the 1MB ones. Attached are the first two parts of the log. The third one will be in another post as it gives me the to large to upload error.

Attached Files



#7 z3n_Force

z3n_Force
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:45 PM

Posted 28 March 2014 - 11:58 AM

12:28:42.0307 0x1a10  [ 4A82EA2807B16FF577AEAF8ADB8779FF, C7F9A45FF80DFDE804D81BEE23C748A465AEB729DF2C9E327374CDD94E300547 ] C:\Windows\System32\IdListen.dll
12:28:42.0307 0x1a10  C:\Windows\System32\IdListen.dll - ok
12:28:42.0310 0x1a10  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] C:\Windows\System32\pnrpsvc.dll
12:28:42.0310 0x1a10  C:\Windows\System32\pnrpsvc.dll - ok
12:28:42.0312 0x1a10  [ A0524499F4C63CADA7E1529FC77F5DC1, DCAF3C89B7363139EB128C6240CA2B301090BF18C57688B0990FC2BBF680752F ] C:\Windows\System32\hgprint.dll
12:28:42.0312 0x1a10  C:\Windows\System32\hgprint.dll - ok
12:28:42.0314 0x1a10  [ 9B66C96ECA23BB40800F380196B57FE7, 1C27F55B77A7C11B05C6AE373DBE5E317D37303B1BFE0F919032B684AA0D3A27 ] C:\Program Files\Internet Explorer\ieproxy.dll
12:28:42.0314 0x1a10  C:\Program Files\Internet Explorer\ieproxy.dll - ok
12:28:42.0316 0x1a10  [ 3F2B83695E5BF11930C16AF50E991F96, 339535078CDDEF3B0C7C749E7C53634C3B1C7FF18E808F118E1DF36D748A6E15 ] C:\Windows\SysWOW64\wmpps.dll
12:28:42.0316 0x1a10  C:\Windows\SysWOW64\wmpps.dll - ok
12:28:42.0319 0x1a10  [ 355A138ABDFD43FBABCAE3A1B06AB93D, 26015CE72D27E2F7FA7322203CDF236896A079F8325F1B24975CA12C57FD4B7B ] C:\Windows\System32\wmpps.dll
12:28:42.0319 0x1a10  C:\Windows\System32\wmpps.dll - ok
12:28:42.0321 0x1a10  [ 0C483D4826ECE9681006EA385041596A, 7EC09D898BE286183169E2F9D160E47F0EDBC073799C9C434978728B4BFB2DB9 ] C:\Program Files\WIDCOMM\Bluetooth Software\BtwRSupport.dll
12:28:42.0321 0x1a10  C:\Program Files\WIDCOMM\Bluetooth Software\BtwRSupport.dll - ok
12:28:42.0323 0x1a10  [ 577B972E0FCBC1E786A2816F2D0434E9, 5EA1D8550465CECBF355CA1E8677D32BC08154BD9DEAF05C3D223A88C6071B2D ] C:\Program Files\WIDCOMM\Bluetooth Software\BtMmHook.dll
12:28:42.0323 0x1a10  C:\Program Files\WIDCOMM\Bluetooth Software\BtMmHook.dll - ok
12:28:42.0325 0x1a10  [ 7E067D5C3EF2BB87B3E07DCD61286390, 6733450A35282D912E9A506562B89D6BB6C4204A0D8F765F4E099A18DE6A8E62 ] C:\Windows\AppPatch\acwow64.dll
12:28:42.0325 0x1a10  C:\Windows\AppPatch\acwow64.dll - ok
12:28:42.0328 0x1a10  [ 94A033217EB5B37C1FE0A9CD18C2152C, 99DB36A8ACDAF0F419A515A15E23C850D75DF04F408EABF2D9C5D2DC663A5B47 ] C:\Program Files\WIDCOMM\Bluetooth Software\syswow64\BtMmHook.dll
12:28:42.0328 0x1a10  C:\Program Files\WIDCOMM\Bluetooth Software\syswow64\BtMmHook.dll - ok
12:28:42.0330 0x1a10  [ 8E4B58E12B3FA65ED1462846906E0B59, CD9C3768A229E86B7B9A4363F805A231280EFBC969138977E6F9EBA45C978466 ] C:\Windows\SysWOW64\sppc.dll
12:28:42.0330 0x1a10  C:\Windows\SysWOW64\sppc.dll - ok
12:28:42.0332 0x1a10  [ 0B4F5F5982E277F39CA6E1548F6B0D53, 0560D0F03FF7EDF399A4FE766D23C5A3DF3B611677E4E68A096F78AF9B6DB5F6 ] C:\Windows\SysWOW64\slcext.dll
12:28:42.0332 0x1a10  C:\Windows\SysWOW64\slcext.dll - ok
12:28:42.0335 0x1a10  [ 7A3AFE50417B94910A6DAE1D07DF6E3A, 6CF5A1495903DAB6C623B675518BFDB8CE01397E9285AD5702FE7DE98B2618DF ] C:\Windows\SysWOW64\sppcext.dll
12:28:42.0335 0x1a10  C:\Windows\SysWOW64\sppcext.dll - ok
12:28:42.0337 0x1a10  [ 5E39340C4630E1044B909CB56398CC53, F733AB440A92449548C789EAA81CC144162B65234C1E24D4C9740924D218FB31 ] C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
12:28:42.0337 0x1a10  C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll - ok
12:28:42.0340 0x1a10  [ 9419ABF3163B6F0E3AD3DD2B381C879F, 75029AFDB5F8A8F74A63B6C8165E77110E2FBAEC0021A9613035BFFEC646A54E ] C:\Windows\SysWOW64\WinSCard.dll
12:28:42.0340 0x1a10  C:\Windows\SysWOW64\WinSCard.dll - ok
12:28:42.0342 0x1a10  [ 394117608EB031E622D4812E67746F09, BD4E83C8857E577B727E0A1A33E4EBB2C4326158EC3A528534EF2ED244AA628A ] C:\Windows\SysWOW64\wmdrmsdk.dll
12:28:42.0342 0x1a10  C:\Windows\SysWOW64\wmdrmsdk.dll - ok
12:28:42.0344 0x1a10  [ 5EA9A0950F322BFA382AF277801C0307, A2C00A3E22A484A00620FF801E0B6EB475C9593C80AF321564E5A0DD2B1C38B7 ] C:\Windows\System32\wbem\wmipcima.dll
12:28:42.0344 0x1a10  C:\Windows\System32\wbem\wmipcima.dll - ok
12:28:42.0347 0x1a10  [ E6410546E86DC2C8068DCA88065BD7AB, 43780BC9675B335DA0F6620528515D018060CF86FC073F28EE0549D0430D7F93 ] C:\Windows\SysWOW64\wbem\WmiPerfClass.dll
12:28:42.0347 0x1a10  C:\Windows\SysWOW64\wbem\WmiPerfClass.dll - ok
12:28:42.0349 0x1a10  [ E1B029A730548B18FACE500EE46F659B, 1B17499AC35E987EA60370BC336C04F5BCB1CD81F355824B5586A6BD43E141D4 ] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScanLibrary.dll
12:28:42.0349 0x1a10  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScanLibrary.dll - ok
12:28:42.0352 0x1a10  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] C:\Windows\System32\IPSECSVC.DLL
12:28:42.0352 0x1a10  C:\Windows\System32\IPSECSVC.DLL - ok
12:28:42.0354 0x1a10  [ DB603D3FD090C66F9709EF6493C26BA3, A9D9A3309DAEFC5AED885AC729B1E9DE8BA5454A0C83FD4F61BCAC935F6CBB4A ] C:\Windows\SysWOW64\FwRemoteSvr.dll
12:28:42.0354 0x1a10  C:\Windows\SysWOW64\FwRemoteSvr.dll - ok
12:28:42.0356 0x1a10  [ 9BC93C9ACFA34DB5A41B89357B31E4ED, C3B9DDCB31970F91F8CAF85D2431903DB1738872775EEFD6712B7646BDE1250C ] C:\Windows\System32\FwRemoteSvr.dll
12:28:42.0356 0x1a10  C:\Windows\System32\FwRemoteSvr.dll - ok
12:28:42.0359 0x1a10  [ C02F50BBC064689FE3FCD89348C884EB, 9E262C3CACE20363A37CAD6E438FA2747A056B3CABBCA231C89FF56610544BC6 ] C:\Windows\SysWOW64\netfxperf.dll
12:28:42.0359 0x1a10  C:\Windows\SysWOW64\netfxperf.dll - ok
12:28:42.0361 0x1a10  [ 315E419ABD7CFB244D1872B44A0C358D, DC5FE0BA41815CBCCE72AC16376E008CF3A6EBC1B44B63380DB687003CBF8C88 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\PerfCounter.dll
12:28:42.0361 0x1a10  C:\Windows\Microsoft.NET\Framework\v4.0.30319\PerfCounter.dll - ok
12:28:42.0364 0x1a10  [ 395AA43545B73C39A9BC4BD7502A6146, 3C9EDB65193840C3F7D8555D84F882115DA97F2A20E30D2E1FF33A2D496BD4E5 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\CORPerfMonExt.dll
12:28:42.0364 0x1a10  C:\Windows\Microsoft.NET\Framework\v4.0.30319\CORPerfMonExt.dll - ok
12:28:42.0366 0x1a10  [ 0DCA5F8AF83975061D9D8340DC471B5C, 71C8549419F46ABB4826B1847BF325374FA5C237CE14DB8B1DD8BB6FDABF6138 ] C:\Windows\SysWOW64\msvcr110_clr0400.dll
12:28:42.0366 0x1a10  C:\Windows\SysWOW64\msvcr110_clr0400.dll - ok
12:28:42.0368 0x1a10  [ 1D1EAA16D193C6A2D45981ED3914D22A, 587228942AA867FBA0D2A04F52A3431F33453B2C2735E4C45D621A4358BB9BB0 ] C:\Windows\SysWOW64\msimtf.dll
12:28:42.0368 0x1a10  C:\Windows\SysWOW64\msimtf.dll - ok
12:28:42.0370 0x1a10  [ 9FAFAC610BBA9C1A666F08388229BD46, E16307F68E650B2800065E711383A5336514FF71256704A6425EE26F5AF3800A ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\Aspnet_perf.dll
12:28:42.0370 0x1a10  C:\Windows\Microsoft.NET\Framework\v4.0.30319\Aspnet_perf.dll - ok
12:28:42.0372 0x1a10  [ CC9B428BED0D6A451F5A30FEE5B4D18B, 3EB7FF88718C621DF9A61783DB5F53F0816F062FD0E4275A7E8F018077D7F004 ] C:\Windows\SysWOW64\aspnet_counters.dll
12:28:42.0372 0x1a10  C:\Windows\SysWOW64\aspnet_counters.dll - ok
12:28:42.0374 0x1a10  [ DE77619A32EB97C9ED6BE61A2AB18B07, EDD8796F361AD237FC9BF8A22A264C54D7A2E35FCE378F1771A49D61C588BB2D ] C:\Windows\SysWOW64\jscript.dll
12:28:42.0374 0x1a10  C:\Windows\SysWOW64\jscript.dll - ok
12:28:42.0376 0x1a10  [ 0552A8684BF7566F744D5B19FF6AEC6B, D1EB44C75A0AE0C9ABFE3B1B7AD648DF77B56B4358E522DFF732911906B20B49 ] C:\Windows\SysWOW64\bitsperf.dll
12:28:42.0376 0x1a10  C:\Windows\SysWOW64\bitsperf.dll - ok
12:28:42.0378 0x1a10  [ C746F3BF98E92FB137B5BD2B8B5925BD, 67A8990F3D491D149E65C90042909259793C65E671DC953FDA1F7590FAC23D9E ] C:\Windows\System32\FXSST.dll
12:28:42.0378 0x1a10  C:\Windows\System32\FXSST.dll - ok
12:28:42.0380 0x1a10  [ 8C9179609935F84202028849112D355A, FBDD3BB4BF8F6854AA4E7E6AD4F86EA3E62363C86D87D2DE884DC343A58C7D07 ] C:\Windows\SysWOW64\esentprf.dll
12:28:42.0380 0x1a10  C:\Windows\SysWOW64\esentprf.dll - ok
12:28:42.0382 0x1a10  [ 942E57152F1CD0533644AB30EF1A4728, 4F72510BECFAFDBB06C9CAAC66BA9E95225DE1EA12B4D2FD5B67492A2E628ABD ] C:\Windows\SysWOW64\FXSAPI.dll
12:28:42.0382 0x1a10  C:\Windows\SysWOW64\FXSAPI.dll - ok
12:28:42.0383 0x1a10  [ E991956ACE9E57BFB9F8BB077D11B34E, FF7D5652E9A20D5B757B2DE83B1B4E9439D40B12B2456FDB786C3C040A765847 ] C:\Windows\SysWOW64\msdtcuiu.dll
12:28:42.0383 0x1a10  C:\Windows\SysWOW64\msdtcuiu.dll - ok
12:28:42.0385 0x1a10  [ 650CAEA856943E29F25A25D31E004B18, DCA63D2AF4C6F14B27EA006F200E58A5C13AC940A51947A40F668908A446CC4E ] C:\Windows\System32\FXSAPI.dll
12:28:42.0385 0x1a10  C:\Windows\System32\FXSAPI.dll - ok
12:28:42.0387 0x1a10  [ 19B8C44BC54C7859E57E0EC1312D5B92, F1117313A292B3D05712585328D007156474BE491E19A7215A7E85645885AF96 ] C:\Windows\SysWOW64\msdtcprx.dll
12:28:42.0387 0x1a10  C:\Windows\SysWOW64\msdtcprx.dll - ok
12:28:42.0389 0x1a10  [ C4096CA42199428B3D63DC206C197F0E, 76336CD81608650E5AAD02D59D2AC752E7BDD057314BBC7334CECF74D1EAB587 ] C:\Windows\SysWOW64\FXSRESM.dll
12:28:42.0389 0x1a10  C:\Windows\SysWOW64\FXSRESM.dll - ok
12:28:42.0391 0x1a10  [ 8483DD8F87DBE86AAB55BBF95C207061, D18080095DACEBA219D5839C04AB7FBF960BE2D41AFF164A153130EB849EF1C1 ] C:\Windows\SysWOW64\mtxclu.dll
12:28:42.0391 0x1a10  C:\Windows\SysWOW64\mtxclu.dll - ok
12:28:42.0393 0x1a10  [ 97693EDD16F3CAA37B1069F1E137835E, EF0E392A47EBD50CEFDB4BA3785A15335BF71D0468F34DCC094F97724F9A9332 ] C:\Program Files (x86)\Steam\bin\friendsui.dll
12:28:42.0393 0x1a10  C:\Program Files (x86)\Steam\bin\friendsui.dll - ok
12:28:42.0395 0x1a10  [ C8E8B8239FCF17BEA10E751BE5854631, CB869195E78AB613CEF50AE3B247F0E4E42F233A7AAF5B2BFC5ADEA2C45C5F8D ] C:\Windows\System32\FXSRESM.dll
12:28:42.0395 0x1a10  C:\Windows\System32\FXSRESM.dll - ok
12:28:42.0398 0x1a10  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] C:\Windows\System32\FXSSVC.exe
12:28:42.0398 0x1a10  C:\Windows\System32\FXSSVC.exe - ok
12:28:42.0400 0x1a10  [ F82328D895B1E33DD351F73926FF49E0, 6A0B67E56FA58D9A8A4AACABA1898591661D573726CB337E10A3F1253A10FA6C ] C:\Program Files (x86)\Steam\bin\serverbrowser.dll
12:28:42.0400 0x1a10  C:\Program Files (x86)\Steam\bin\serverbrowser.dll - ok
12:28:42.0402 0x1a10  [ 66C87DB880052104808507D6FA84D68E, 46BD5C16225B3D0BF786FDA6461CE9A549DAA9FA38C8BDADAA0AF08FA6A24260 ] C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
12:28:42.0402 0x1a10  C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL - ok
12:28:42.0405 0x1a10  [ 2DC6285EC4F902BE08E7C5FA6D3FD017, 2EBE3906BD3D53DFBD792104E5DC053BFDD1E05459C20AE587E2D093CE7C3B63 ] C:\Windows\SysWOW64\msscntrs.dll
12:28:42.0405 0x1a10  C:\Windows\SysWOW64\msscntrs.dll - ok
12:28:42.0407 0x1a10  [ 1ACC2484F3F111D577ABE4FFB1CAF2A5, 7B93481DD6BE2021C7C7B939FB90C430CB70E1BE4A14E24A8D4D34EEA5AE5F15 ] C:\Windows\SysWOW64\perfnet.dll
12:28:42.0407 0x1a10  C:\Windows\SysWOW64\perfnet.dll - ok
12:28:42.0409 0x1a10  [ 752F8E96BAB993517838315508FB82CB, E2D40BC51CAA147EBCEB9898D3D75540CEF83376E088942D289CD58FFAE654DE ] C:\Windows\SysWOW64\perfproc.dll
12:28:42.0409 0x1a10  C:\Windows\SysWOW64\perfproc.dll - ok
12:28:42.0412 0x1a10  [ 6E608664EBEEAB5A03BA32324016695B, 1137E97697E85D866622AA1F6AA2F08F9DFECABED9652A997F44E65B2F5D72EF ] C:\Windows\SysWOW64\rasctrs.dll
12:28:42.0412 0x1a10  C:\Windows\SysWOW64\rasctrs.dll - ok
12:28:42.0414 0x1a10  [ 5BBD1F824741AA1FDA9A9DFD3A9D5416, C9F3EAA48AF158A3377ADD36EA8C0C115A562BCF323D3D4AF41BD7C62285B39B ] C:\Windows\SysWOW64\tapiperf.dll
12:28:42.0414 0x1a10  C:\Windows\SysWOW64\tapiperf.dll - ok
12:28:42.0416 0x1a10  [ EDD2AD141DEBD425D74A52A4D7BE6AC4, DB32FA1033D9F1231E8A51CA345AD9EB47D08626127EBBEDCEF13D40DAA64FFD ] C:\Windows\SysWOW64\perfctrs.dll
12:28:42.0416 0x1a10  C:\Windows\SysWOW64\perfctrs.dll - ok
12:28:42.0417 0x1a10  [ FB1BA42D1A1440E99C6B8667E141CFB1, 9ABE7692169AF82150F9B33FB197363DFC37A5DA280E2C53722F9FF4AC68EA95 ] C:\Windows\SysWOW64\perfts.dll
12:28:42.0417 0x1a10  C:\Windows\SysWOW64\perfts.dll - ok
12:28:42.0419 0x1a10  [ D25958B2A71EF488959272878EF934BE, 3DD6204CDBB2AA9A1C61907E37F37ABDA06091C62E53DEFCFB2DF6791B9EFEF2 ] C:\Windows\SysWOW64\utildll.dll
12:28:42.0419 0x1a10  C:\Windows\SysWOW64\utildll.dll - ok
12:28:42.0421 0x1a10  [ 109007869CB95CBD9B92FDF35B96D7B5, 397228F01E7808C3883248D89D9A6E462857971F2FF2A456143EB30001F6BCE3 ] C:\Windows\SysWOW64\usbperf.dll
12:28:42.0421 0x1a10  C:\Windows\SysWOW64\usbperf.dll - ok
12:28:42.0423 0x1a10  [ 91429E9A7458899034952047B2B58842, CF2C5DDC0CD86C68F77565B2B25C4D932244190E7F434B76C2F35B96EC88D423 ] C:\Windows\SysWOW64\wbem\WmiApRpl.dll
12:28:42.0423 0x1a10  C:\Windows\SysWOW64\wbem\WmiApRpl.dll - ok
12:28:42.0425 0x1a10  [ 529879612A7FAE235914E3AA6A9A669C, 715843BDDCB7BFB9C6A968F6DC7BBDE0844883FD57CB72608E2D7352F385C7A8 ] C:\Windows\SysWOW64\loadperf.dll
12:28:42.0425 0x1a10  C:\Windows\SysWOW64\loadperf.dll - ok
12:28:42.0426 0x1a10  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] C:\Windows\System32\wbem\WmiApSrv.exe
12:28:42.0426 0x1a10  C:\Windows\System32\wbem\WmiApSrv.exe - ok
12:28:42.0428 0x1a10  [ 9FE3ED67345F0FF829A4A53B90E09672, F70CD131DCF101B26CD55A57876DB3765B3E15C9D3A8B508FF041C91226EC504 ] C:\Windows\System32\loadperf.dll
12:28:42.0428 0x1a10  C:\Windows\System32\loadperf.dll - ok
12:28:42.0430 0x1a10  [ 9F99E92A23BB5B8CC0823E11646BDA8E, E3C79B0343F364938D8F11E38A1A0A93CF1C8A7FA1E5655135E51966927AC446 ] C:\Windows\SysWOW64\nvd3dum.dll
12:28:42.0430 0x1a10  C:\Windows\SysWOW64\nvd3dum.dll - ok
12:28:42.0433 0x1a10  [ F774DB03213C2014363DE8D22DD6BBEF, CC3DB0208AA086F6A504FE852BAC2D940BA1520B6B88FC782A42562A819E7501 ] C:\Windows\SysWOW64\msjtes40.dll
12:28:42.0433 0x1a10  C:\Windows\SysWOW64\msjtes40.dll - ok
12:28:42.0435 0x1a10  [ C6CABBFDB1B4E7C95394A2DA0B2A0C51, ECDE72FF1E1AC0663A77360C9263D1851ACE346F1F7DEE36726CB60A0D1B3CBA ] C:\Program Files (x86)\IObit\Advanced SystemCare 6\Scan.dll
12:28:42.0435 0x1a10  C:\Program Files (x86)\IObit\Advanced SystemCare 6\Scan.dll - ok
12:28:42.0437 0x1a10  [ 73D1680C94C1B57F6D8E49B2AE8122ED, 3BFE15FA803B2D519DA577657B2281C423A53D39B24D6F7EDBE3476F317A62ED ] C:\Windows\SysWOW64\vbajet32.dll
12:28:42.0437 0x1a10  C:\Windows\SysWOW64\vbajet32.dll - ok
12:28:42.0440 0x1a10  [ EFF10B20A6F094BC75385791C526546D, 64BE512F81BCA10D10FCCDCC66FEF42D8771A419881742DD7B99A644D39191AD ] C:\Windows\SysWOW64\expsrv.dll
12:28:42.0440 0x1a10  C:\Windows\SysWOW64\expsrv.dll - ok
12:28:42.0442 0x1a10  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] C:\Windows\System32\wuaueng.dll
12:28:42.0442 0x1a10  C:\Windows\System32\wuaueng.dll - ok
12:28:42.0444 0x1a10  [ 617F6EC0AC677C685479C1D0D1E76C6F, 77B22C0817558CE70EF7D3BBE04A275FFA35ED2E4AFB17DBDF353DF9932DC693 ] C:\Windows\System32\mspatcha.dll
12:28:42.0444 0x1a10  C:\Windows\System32\mspatcha.dll - ok
12:28:42.0446 0x1a10  [ 387A8A473ECC5BA02CF453277C1F3274, 3F36D3088B0F7CB0CC2C31E8F908527EC5502F0D3153D20332745B7BBF8B04D7 ] C:\Windows\SysWOW64\mspatcha.dll
12:28:42.0446 0x1a10  C:\Windows\SysWOW64\mspatcha.dll - ok
12:28:42.0448 0x1a10  [ 07AD88DF9EF73215458867EFC1BFFE9E, 8C659B6F31111C09448B68889623886658C96467E7E5C95C1714E18AD3924463 ] C:\Windows\System32\wbem\wmiprov.dll
12:28:42.0449 0x1a10  C:\Windows\System32\wbem\wmiprov.dll - ok
12:28:42.0451 0x1a10  [ 7FE0D0C8F53735EA17C9AE93EFE7AD5A, 7F67FE1E0453CCCFA5097BFC9087BA5F4B213CCA8AC17FC05D7ED02A52112E05 ] C:\Windows\System32\wups2.dll
12:28:42.0451 0x1a10  C:\Windows\System32\wups2.dll - ok
12:28:42.0454 0x1a10  [ 5E08AC958BE05247FF1539E0D1CE7905, C6E7419EA72D1703F72292743A999F4A6CF0C6734BA1EE92C6AF18BA8B1A3A23 ] C:\Windows\SysWOW64\dinput8.dll
12:28:42.0454 0x1a10  C:\Windows\SysWOW64\dinput8.dll - ok
12:28:42.0456 0x1a10  [ 77F595DEE5FFACEA72B135B1FCE1312E, 8D540D484EA41E374FD0107D55D253F87DED4CE780D515D8FD59BBE8C98970A7 ] C:\Windows\SysWOW64\xinput1_3.dll
12:28:42.0456 0x1a10  C:\Windows\SysWOW64\xinput1_3.dll - ok
12:28:42.0458 0x1a10  [ 5893EBDCE371174AC89ECD7731DD6D77, 31CC55F4724CFD95E48954B38C0A04D674399FD243083A816893ED5E5A770086 ] C:\Windows\SysWOW64\pcwum.dll
12:28:42.0458 0x1a10  C:\Windows\SysWOW64\pcwum.dll - ok
12:28:42.0460 0x1a10  [ 1818D024AB938E05C2D97A0B1C1004BC, 37C77FBCAD25B83A198DD35AA804ADF0F04FB13F01923E99186490B638702165 ] C:\Windows\Installer\{90140000-001B-0000-0000-0000000FF1CE}\wordicon.exe
12:28:42.0460 0x1a10  C:\Windows\Installer\{90140000-001B-0000-0000-0000000FF1CE}\wordicon.exe - ok
12:28:42.0463 0x1a10  [ DE038C40F3033EDA732655FA42DCBD18, 8516D2EEA5E665FCE354A5352517EE9DA47781F507C281AE88DC1939F900BDBE ] C:\Windows\System32\filemgmt.dll
12:28:42.0463 0x1a10  C:\Windows\System32\filemgmt.dll - ok
12:28:42.0465 0x1a10  [ 7C13FEF96DFFF26FDA4F9F93D49CF2FE, 4C280B429B800EEEC3290E2B467A15F764EA1AAAC216F6B61FF701EAC13E9CC4 ] C:\Program Files (x86)\Norton 360\Engine64\21.2.0.38\uistub.exe
12:28:42.0465 0x1a10  C:\Program Files (x86)\Norton 360\Engine64\21.2.0.38\uistub.exe - ok
12:28:42.0468 0x1a10  [ FDA49D1D0C201F6C76BD2593F562BF80, AC021539FBFB30F85973797F48180BB916272A71C02B6C2E41FCAC99FDC4FD7E ] C:\Windows\System32\WindowsAnytimeUpgradeui.exe
12:28:42.0468 0x1a10  C:\Windows\System32\WindowsAnytimeUpgradeui.exe - ok
12:28:42.0470 0x1a10  [ 950C1A8C882A7E6AD875086E95711295, 33326C5AA1C389390D5FB03BD2E1160ACA8209975E7A5BBCC2A8AB7C94EF9F25 ] C:\Windows\System32\resmon.exe
12:28:42.0470 0x1a10  C:\Windows\System32\resmon.exe - ok
12:28:42.0473 0x1a10  [ 5CC39F0091D2CEBF629C36741557168E, DAD454B0BF5A94CC012A8C3EA609990E3E16715D3BD88349D74BD4BD3443754E ] C:\Windows\SysWOW64\signdrv.dll
12:28:42.0473 0x1a10  C:\Windows\SysWOW64\signdrv.dll - ok
12:28:42.0475 0x1a10  [ 24CAEDCD73B5B0E22226283B7B2468C7, DB491CC4CB4DB854C5C4EB90DA8323728C342A23CA517FC98FA4E8339531A1B6 ] C:\Windows\SysWOW64\mfc42u.dll
12:28:42.0475 0x1a10  C:\Windows\SysWOW64\mfc42u.dll - ok
12:28:42.0478 0x1a10  [ 1440C0DA81C700BD61142BC569477D81, 7FC01F25C4C18A6C539CDA38FDBF34B2FF02A15FFD1D93A7215E1F48F76FB3BE ] C:\Program Files (x86)\EVGA Precision X\RTCore64.sys
12:28:42.0478 0x1a10  C:\Program Files (x86)\EVGA Precision X\RTCore64.sys - ok
12:28:42.0481 0x1a10  [ 4D5D8058F17C873B4F0792678BAA6534, B41B263911097220D4FC1BA1897B9BA37A1FAB74441D0DE5677E02D249671CCE ] C:\Program Files (x86)\IObit\Smart Defrag 3\drivers\win7_x64\SmartDefragBootTime.exe
12:28:42.0481 0x1a10  C:\Program Files (x86)\IObit\Smart Defrag 3\drivers\win7_x64\SmartDefragBootTime.exe - ok
12:28:42.0484 0x1a10  [ 4D5D8058F17C873B4F0792678BAA6534, B41B263911097220D4FC1BA1897B9BA37A1FAB74441D0DE5677E02D249671CCE ] C:\Windows\System32\SmartDefragBootTime.exe
12:28:42.0484 0x1a10  C:\Windows\System32\SmartDefragBootTime.exe - ok
12:28:42.0487 0x1a10  [ 4169E57B4AB754E879CBDB824298D966, E30D01408DE0AB9B0C0EA3074F0D667E28B6B07BF30518124023AD4913188A76 ] C:\Windows\SysWOW64\nvapi.dll
12:28:42.0487 0x1a10  C:\Windows\SysWOW64\nvapi.dll - ok
12:28:42.0489 0x1a10  [ 19F75D71E4256F5113D64CE2BB66B838, DA54CD8811BC71FAFDD0D0B12B901747DA752F49507EDCC740CBBCC2AC3A340F ] C:\Windows\SysWOW64\slwga.dll
12:28:42.0489 0x1a10  C:\Windows\SysWOW64\slwga.dll - ok
12:28:42.0491 0x1a10  [ B6D6886149573278CBA6ABD44C4317F5, 273C05C8504CA050FE6C50B50D15F32064EC6672AE85CDE038976027CA4B14D3 ] C:\Windows\System32\slwga.dll
12:28:42.0491 0x1a10  C:\Windows\System32\slwga.dll - ok
12:28:42.0493 0x1a10  [ 9A5280DE46946604300D253B801F2876, B1994DA2BE84CC21D4CBFAD802A1084551599082B9C98ECCEE191A8206B93470 ] C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASC.exe
12:28:42.0493 0x1a10  C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASC.exe - ok
12:28:42.0495 0x1a10  [ 1897BD995EFE2AA93C87B7BAD50F0791, 9F827BBE8B7B6CF1EF58710AE6870B607704CBA2966ED854B36CC9E650C993B9 ] C:\Windows\System32\spool\drivers\x64\3\mxdwdrv.dll
12:28:42.0495 0x1a10  C:\Windows\System32\spool\drivers\x64\3\mxdwdrv.dll - ok
12:28:42.0497 0x1a10  [ 5AC3CB53406CB9AABB25D46B3385528F, D5213E1C8CBD9E82922CE7F0E49611119EC6C2C1A0DC3F5912199AF5F39830C0 ] C:\Windows\System32\spool\drivers\x64\3\unidrvui.dll
12:28:42.0497 0x1a10  C:\Windows\System32\spool\drivers\x64\3\unidrvui.dll - ok
12:28:42.0499 0x1a10  [ 02DAB5998E18C2EA4D1BD57AB57C3B94, FACB6FF811708AB1C3ADFC3DEC1937DCB4878B4DC37F2D5319A7C9417A5E3D0D ] C:\Windows\System32\spool\drivers\x64\3\mxdwdui.dll
12:28:42.0499 0x1a10  C:\Windows\System32\spool\drivers\x64\3\mxdwdui.dll - ok
12:28:42.0501 0x1a10  [ A6189F9CBE3D0CCF546CFCF1238533A1, FA64CE9736F609C2AB4ACA907D166297163FDECAA84226F7F708C77F74420C53 ] C:\Windows\System32\spool\drivers\x64\3\UNIRES.DLL
12:28:42.0501 0x1a10  C:\Windows\System32\spool\drivers\x64\3\UNIRES.DLL - ok
12:28:42.0503 0x1a10  [ A65FE5CD64D3ED79CE699ACC566A38DF, 8A9F2529B148194AC8D0D61883585286B2736D2403D67BBA09EF44FCA9DE5813 ] C:\Windows\System32\spool\drivers\x64\3\FXSDRV.DLL
12:28:42.0503 0x1a10  C:\Windows\System32\spool\drivers\x64\3\FXSDRV.DLL - ok
12:28:42.0505 0x1a10  [ 8EA8FE2BF74844EF6574A3F0A89C54FF, 265C5D6D6051B0A6A4A214E4AB2A7ECF7E284FE49A2110013D515995B7EE7E1B ] C:\Windows\System32\spool\drivers\x64\3\FXSUI.DLL
12:28:42.0505 0x1a10  C:\Windows\System32\spool\drivers\x64\3\FXSUI.DLL - ok
12:28:42.0507 0x1a10  [ C2BEBFB3E9695154452E1BE6621BC3FE, 58098C1706EEB12E2489BA920F3B24A40E39C7DD009A53944A6637655C57864C ] C:\Windows\System32\spool\drivers\x64\3\FXSWZRD.DLL
12:28:42.0507 0x1a10  C:\Windows\System32\spool\drivers\x64\3\FXSWZRD.DLL - ok
12:28:42.0509 0x1a10  [ 43FA401CF9F3343F5B0CB800909506B5, 777F9B2A9A668F23820DAD278971E719772FC3DD5BAF7F3FB7CB9C24515F7153 ] C:\Windows\System32\spool\drivers\x64\3\FXSTIFF.DLL
12:28:42.0509 0x1a10  C:\Windows\System32\spool\drivers\x64\3\FXSTIFF.DLL - ok
12:28:42.0511 0x1a10  [ DC806FE054D4F0FAA0AD6455388FFAD2, 09C5CDC7B03B88C5C78077A25E0584E04B5546CA95F92D1F1ADA54D586F8D8C9 ] C:\Windows\System32\spool\drivers\x64\3\FXSRES.DLL
12:28:42.0511 0x1a10  C:\Windows\System32\spool\drivers\x64\3\FXSRES.DLL - ok
12:28:42.0513 0x1a10  [ 650CAEA856943E29F25A25D31E004B18, DCA63D2AF4C6F14B27EA006F200E58A5C13AC940A51947A40F668908A446CC4E ] C:\Windows\System32\spool\drivers\x64\3\FXSAPI.DLL
12:28:42.0513 0x1a10  C:\Windows\System32\spool\drivers\x64\3\FXSAPI.DLL - ok
12:28:42.0515 0x1a10  [ 6FB37E7419BC450488C7C1CBFE29F3F1, AD7B31F635D214D6658FFF78492926E49D2F0DF2C8252B83464B064343F6C427 ] C:\Program Files (x86)\IObit\Advanced SystemCare 6\AutoSweep.exe
12:28:42.0515 0x1a10  C:\Program Files (x86)\IObit\Advanced SystemCare 6\AutoSweep.exe - ok
12:28:42.0517 0x1a10  [ 288ADDED26C80FDC135CAB4340161686, FEA5CBCD061E6F347670E9ED7261F1FF3433480158A2FF0AEBC8DF53930B7000 ] C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\CbsCore.dll
12:28:42.0517 0x1a10  C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\CbsCore.dll - ok
12:28:42.0519 0x1a10  [ A16195753E7C603FB732C53FE08C64BF, DBE7CDC1C642BAF2586C44AFF3CF42511AAEA7A31A3A90EA003A986F03B06EE7 ] C:\Windows\SysWOW64\wbem\WmiPerfInst.dll
12:28:42.0519 0x1a10  C:\Windows\SysWOW64\wbem\WmiPerfInst.dll - ok
12:28:42.0521 0x1a10  [ 6369F960C28A16F4502C480EEDE3652C, 43712222F1DEF7277EC6A99BEA6FB9C7E0E1FCAB2AD35C0208747D70301D0E47 ] C:\Windows\System32\dpx.dll
12:28:42.0521 0x1a10  C:\Windows\System32\dpx.dll - ok
12:28:42.0522 0x1a10  [ 0C0DF0F05BAEA320FA301F34E256E08B, 9D6C3CC1138AABEC66EABD13905C24170F7F1FE6D7AA5DD6BF51F1D3BF66F03D ] C:\Windows\SysWOW64\dpx.dll
12:28:42.0522 0x1a10  C:\Windows\SysWOW64\dpx.dll - ok
12:28:42.0524 0x1a10  [ 7957A194B8421BC070FABBF1C55DB68B, 782389F39C4CD9E13D5F9847AC33DF82BBFAEF6CF8E6150698D462F1DC270559 ] C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\wcp.dll
12:28:42.0524 0x1a10  C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\wcp.dll - ok
12:28:42.0526 0x1a10  [ 1C10E59024357AA7CAB8B836B767FB5B, 71F7385900DE7769949CF4B3AFA993F32DBEDDC7A83B9DD50DA240CDFF7A2586 ] C:\Program Files\Microsoft Mouse and Keyboard Center\dpgcmd.dll
12:28:42.0526 0x1a10  C:\Program Files\Microsoft Mouse and Keyboard Center\dpgcmd.dll - ok
12:28:42.0528 0x1a10  [ 9776DC73C92C0919B29BB6AEF5A20FDF, C381246DCBA9C3A3FADC67210F2AE4A35EF96C2658A0D20F2637E23123259368 ] C:\Program Files\Microsoft Mouse and Keyboard Center\Components\Commands\DPGHnt\DPGHnt.dll
12:28:42.0528 0x1a10  C:\Program Files\Microsoft Mouse and Keyboard Center\Components\Commands\DPGHnt\DPGHnt.dll - ok
12:28:42.0530 0x1a10  [ 9297F004FCE79FB7B26DAC6968FB5FEB, 797B4501823123FB6530F613CE996E77C3D323CD7B2365836504BD622F4CEFC2 ] C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\DrUpdate.dll
12:28:42.0530 0x1a10  C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\DrUpdate.dll - ok
12:28:42.0532 0x1a10  [ FC6C5D860CDB82411DA626821201BDF0, E062B9AFBEE5BEC64C7DC9C6C57CD31EE3148388055C4B66D208BF604C703560 ] C:\Windows\System32\srclient.dll
12:28:42.0532 0x1a10  C:\Windows\System32\srclient.dll - ok
12:28:42.0534 0x1a10  [ B7AC66C1CCD87D7C49256B5451DED4FA, 2BA412A69605D75CF10B9446725917B850A29369BD3970CA14796CC24C9BFD72 ] C:\Windows\System32\spp.dll
12:28:42.0534 0x1a10  C:\Windows\System32\spp.dll - ok
12:28:42.0536 0x1a10  [ 943F48CC3A59169E52A054946C2F59B8, 0F98177902498B251F573613EFEAC1052B9BE23115A58EF2740363BC5DE99F61 ] C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\wrpint.dll
12:28:42.0536 0x1a10  C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\wrpint.dll - ok
12:28:42.0538 0x1a10  [ 6685DD5CC357D45EEE30FD089E8A111A, FA261701D1E81029ADBE431AD740BBB00185ADD9A2E226374B9C0A0992A157D5 ] C:\Windows\System32\sxsstore.dll
12:28:42.0538 0x1a10  C:\Windows\System32\sxsstore.dll - ok
12:28:42.0540 0x1a10  [ BBED6A14692C48279F88B3127206A1BA, 594022BC22C0305B69374A3A83CE2C358019581B8A1D7A1557928E9F98F18EDD ] C:\Windows\SysWOW64\sxsstore.dll
12:28:42.0540 0x1a10  C:\Windows\SysWOW64\sxsstore.dll - ok
12:28:42.0542 0x1a10  [ B837D1528CE2E3CB79F09496BC08DDC6, ACD54CE61CFE94F23DC283537AD8FFBEB3D6041BD30317B60BA7A10FCB240A27 ] C:\Windows\System32\SensApi.dll
12:28:42.0542 0x1a10  C:\Windows\System32\SensApi.dll - ok
12:28:42.0544 0x1a10  [ D485D1BE97777617B186FC8095F58421, 6F4947E651D1D8FA4DA006AE874E91D5D87813BA84EE71C91FF6F92833B921FF ] C:\Windows\servicing\CbsApi.dll
12:28:42.0544 0x1a10  C:\Windows\servicing\CbsApi.dll - ok
12:28:42.0546 0x1a10  [ 971A10161CF1C772C24FDE11A015C18E, 77F5B793CF22955D6B892C0B218E94ABE27C99DBB04F9C61AAE9B26516A46EAF ] C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\file-jpeg.exe
12:28:42.0546 0x1a10  C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\file-jpeg.exe - ok
12:28:42.0548 0x1a10  [ CAE395A9A4D2AF69AF6FF83CFB082C9F, 14D698FD61A1DD1700393B24C734606643238C45F46EDD69925AA42B44E2D34F ] C:\Program Files (x86)\RivaTuner Statistics Server\RTFC.dll
12:28:42.0548 0x1a10  C:\Program Files (x86)\RivaTuner Statistics Server\RTFC.dll - ok
12:28:42.0550 0x1a10  [ 43547AF47E8FC215366ACE7133918FD8, 04F2711FA9661AF3AD2546EF32E07D53D960981E3D5C98A7F7707824668E3FC1 ] C:\Program Files (x86)\RivaTuner Statistics Server\RTUI.dll
12:28:42.0550 0x1a10  C:\Program Files (x86)\RivaTuner Statistics Server\RTUI.dll - ok
12:28:42.0552 0x1a10  [ 6028D50F93CF7C285AB831DB2EE9A177, 6C1866707394BDB870AA0F66DC381A379D51689026603EBB4CB94AED907A4D8F ] C:\Program Files (x86)\RivaTuner Statistics Server\RTMUI.dll
12:28:42.0552 0x1a10  C:\Program Files (x86)\RivaTuner Statistics Server\RTMUI.dll - ok
12:28:42.0554 0x1a10  [ 46A4678C2ACCBAE032C14B4A99C64D19, 57ED70AA1062A77E3494F01C081D1564158B27A3E59A6977B54B1FA4E10D16C8 ] C:\Program Files\GIMP 2\bin\gimp-2.8.exe
12:28:42.0554 0x1a10  C:\Program Files\GIMP 2\bin\gimp-2.8.exe - ok
12:28:42.0555 0x1a10  [ 4FE6AA4422BEC5DC3995051C670FFB26, 17B12B2C3D7F3DEB25069268896FA55CB704209A4A9321C3A787222341BB3A07 ] C:\Windows\SysWOW64\advpack.dll
12:28:42.0555 0x1a10  C:\Windows\SysWOW64\advpack.dll - ok
12:28:42.0557 0x1a10  [ 5FBD7BEC6CD3DCAA6A87A7F70CE8AF44, 24031667D5F437AAD5BA9BA6B14B0A939723F054096BBE19AB1EAE4F489528E0 ] C:\Windows\System32\advpack.dll
12:28:42.0557 0x1a10  C:\Windows\System32\advpack.dll - ok
12:28:42.0559 0x1a10  [ 9B966CB5B048A7B83A189CAB11E4FA0B, 2E2E0E6D6F699D603D936BF1298A9EAC2B9D051199BAE0BC71FDDFA36CEB986E ] C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooks.dll
12:28:42.0559 0x1a10  C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooks.dll - ok
12:28:42.0561 0x1a10  [ 38A3BACDF3FCF174187DD0DCA2158837, 69C1903AF86BBA022C23D2F4E1808A7ADA3505DBACB7D8830AFF1CF7EF56DD27 ] C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\lcms.exe
12:28:42.0561 0x1a10  C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\lcms.exe - ok
12:28:42.0563 0x1a10  [ 0F17CDBF23FFF73B23DA143C6522F4B7, D686B2183D4F21B531422E87BA68960D82380908A71CAFAE29D449E3BD71DD68 ] C:\Program Files\NVIDIA Corporation\Control Panel Client\nvcplui.exe
12:28:42.0563 0x1a10  C:\Program Files\NVIDIA Corporation\Control Panel Client\nvcplui.exe - ok
12:28:42.0565 0x1a10  [ E601860AA04CE2198DBC6AC2AF80AFF7, B9D2BAEF2F6F8EA687414E73DFC5207F11A406D53C3444FCDAFD9CE1B4940053 ] C:\Windows\System32\perfos.dll
12:28:42.0565 0x1a10  C:\Windows\System32\perfos.dll - ok
12:28:42.0567 0x1a10  [ B68816EE0270BFE882B4CC7B97589014, 0A6B6BA75ED44B1644081FDBD67358C7A1DF79F65054B6AEA0225C8F907B4A52 ] C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\sharpen.exe
12:28:42.0567 0x1a10  C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\sharpen.exe - ok
12:28:42.0569 0x1a10  [ DB01F00A036111102E5DBA62B72BBA73, 012D06604559630ECB14BCF46F1204BEFBAE106A207DFE5A4996F1EF509D566F ] C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\unsharp-mask.exe
12:28:42.0569 0x1a10  C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\unsharp-mask.exe - ok
12:28:42.0571 0x1a10  [ 23A945A8878174CFB5DC43FF621E29E1, D82EE1096B6526120E18280236E04612B1CDB6A7056BE8F8CDA95E5C1BE3D9C0 ] C:\Program Files\WinFF\winff.exe
12:28:42.0571 0x1a10  C:\Program Files\WinFF\winff.exe - ok
12:28:42.0572 0x1a10  [ 715BFF236158F61C042928A53C0D5AA8, D05369E606122090468137DFBCE4D6054BF35BCF1684E96074C22BD890551A8B ] C:\Program Files\Windows NT\Accessories\wordpad.exe
12:28:42.0572 0x1a10  C:\Program Files\Windows NT\Accessories\wordpad.exe - ok
12:28:42.0574 0x1a10  [ 94BDCAFBD584C979B385ADEE14B08AB4, CB1822A981E9821D571AF16B7E37BEBA5FEB8E3DEDCDD0461119AF9AAC0358B3 ] C:\Windows\SysWOW64\taskkill.exe
12:28:42.0574 0x1a10  C:\Windows\SysWOW64\taskkill.exe - ok
12:28:42.0575 0x1a10  [ 65E969CD88F8DBABEC1715421065B9DB, 296AFB5CBC9523A010C8561B756DFD1A87EE4FF1EB355023BBDC4A0F175FEA8B ] C:\Windows\SysWOW64\OpenCL.dll
12:28:42.0575 0x1a10  C:\Windows\SysWOW64\OpenCL.dll - ok
12:28:42.0577 0x1a10  [ 48131A7C1CD5BCE34DA3EDA489A81158, A899458036E4CBF1B13F755FB1C65B6A63E537EE72AEFA569A9DEA590E8D3FF6 ] C:\Program Files (x86)\Miner\Simple GPU Miner\Cgminer\libcurl-4.dll
12:28:42.0577 0x1a10  C:\Program Files (x86)\Miner\Simple GPU Miner\Cgminer\libcurl-4.dll - ok
12:28:42.0579 0x1a10  [ 9462CB83718CCAB3C744F0F5561A289D, F08009F941680657077FFF1C8D58FAC8AFFA2216B3A478312AC48948C228C73A ] C:\Program Files (x86)\Miner\Simple GPU Miner\Cgminer\libeay32.dll
12:28:42.0579 0x1a10  C:\Program Files (x86)\Miner\Simple GPU Miner\Cgminer\libeay32.dll - ok
12:28:42.0581 0x1a10  [ 7F8678C59F188528D60104E697C2361E, 9B4D262B10CB09543ACA9A78482F4EDD905791D2C8C518B574EBA440A71A85B7 ] C:\Windows\SysWOW64\mscms.dll
12:28:42.0581 0x1a10  C:\Windows\SysWOW64\mscms.dll - ok
12:28:42.0583 0x1a10  [ 5935940918FA77C777FCD0475149A217, ED0B0F0D40C902703E212279F99C6DCF403EB75EBA4ABB058CB39129D09A6467 ] C:\Program Files (x86)\Miner\Simple GPU Miner\Cgminer\ssleay32.dll
12:28:42.0583 0x1a10  C:\Program Files (x86)\Miner\Simple GPU Miner\Cgminer\ssleay32.dll - ok
12:28:42.0584 0x1a10  [ 816B681CC308FAA128EDCB90643DCED7, C2C6295F59F00F4D47673C361F1965BA62F9ADF6897A6A0BE224509628A27D7E ] C:\Windows\SysWOW64\icm32.dll
12:28:42.0584 0x1a10  C:\Windows\SysWOW64\icm32.dll - ok
12:28:42.0586 0x1a10  [ 15D6AF5C659FE2D9524DD9A90A674D02, AAD5344650F7AB0A0A396F518F7EF827B8773748220D9E48D28FE4BC7888EB0C ] C:\Program Files (x86)\Miner\Simple GPU Miner\Cgminer\zlib1.dll
12:28:42.0586 0x1a10  C:\Program Files (x86)\Miner\Simple GPU Miner\Cgminer\zlib1.dll - ok
12:28:42.0588 0x1a10  [ 1D296F090ED401967B30BD2B970DC306, 9D83B54050E7BD6D807E437CFD22FF803D450194ABA4FD0EDEBF27BEC90521AC ] C:\Windows\System32\icm32.dll
12:28:42.0588 0x1a10  C:\Windows\System32\icm32.dll - ok
12:28:42.0590 0x1a10  [ 843D21A20736016E5613E4B51EA60D46, 1247E51E8AF71B7B87DCF1D8E79C01C753C6A661AC6A734BE831DAA0E45D2F8C ] C:\Windows\SysWOW64\winusb.dll
12:28:42.0590 0x1a10  C:\Windows\SysWOW64\winusb.dll - ok
12:28:42.0593 0x1a10  [ 75077CA8080A1AE0BE3C0CF6102C5BB6, DE76BF32A9B9204851DFD64344A3732D249739DA12C7CCDB78999EB0F8E1037C ] C:\Windows\SysWOW64\nvopencl.dll
12:28:42.0593 0x1a10  C:\Windows\SysWOW64\nvopencl.dll - ok
12:28:42.0595 0x1a10  [ FCE2251FE4464DCAA2F4684F19A8EE9B, 8062CD636DEFA8E160427BC2C61BC5C0DAA5396E16ABE9353B27C217FDE70B04 ] C:\Windows\System32\drivers\hitmanpro37.sys
12:28:42.0595 0x1a10  C:\Windows\System32\drivers\hitmanpro37.sys - ok
12:28:42.0597 0x1a10  [ 218A400108F280428FA22282D3268BBC, 7712687ABAEF6616E90AE5A321044C102E79EC23F4A1EAFB4278C93724873CB3 ] C:\Windows\System32\wscapi.dll
12:28:42.0597 0x1a10  C:\Windows\System32\wscapi.dll - ok
12:28:42.0600 0x1a10  [ 6C25BFB73DE686D3EB0DA9035D62E9A8, 70473FC05527BBB1F05000E0D4D1BDB8F6C2B97E49985A8A5090BBB0D98F6206 ] C:\Windows\System32\wbem\ntevt.dll
12:28:42.0600 0x1a10  C:\Windows\System32\wbem\ntevt.dll - ok
12:28:42.0602 0x1a10  [ 23D76DEC4772EFE07DC6E0848FFFC959, 37190F53A3478078ADAECA2DA234F0D3EA464B634A542A865EE2590A76FCA315 ] C:\Windows\SysWOW64\provthrd.dll
12:28:42.0602 0x1a10  C:\Windows\SysWOW64\provthrd.dll - ok
12:28:42.0604 0x1a10  [ 5AAF10198FFBD79E7F022625FEDB79B7, BF8DB296AE67939A0860752A2B216EB9072CE67A4088CC084CAA11BA1F74FDEA ] C:\Windows\System32\provthrd.dll
12:28:42.0604 0x1a10  C:\Windows\System32\provthrd.dll - ok
12:28:42.0606 0x1a10  [ 126B75D50756FE204283D418AE1A66DF, 3D12ADDCFD4D7233C787101C848FD1D7A62B6B6386FB2043B3D8F45502950312 ] C:\Windows\SysWOW64\msvcirt.dll
12:28:42.0606 0x1a10  C:\Windows\SysWOW64\msvcirt.dll - ok
12:28:42.0608 0x1a10  [ 2986F2B8E85AF015B9B85756EADDCEAD, FD2C6B508B9F244A00BDE14E56023A4B31DBF31C5CBA5BC66904787541A5A7D1 ] C:\Windows\System32\msvcirt.dll
12:28:42.0608 0x1a10  C:\Windows\System32\msvcirt.dll - ok
12:28:42.0610 0x1a10  [ 07797FC4309ED61D4884467A14A54278, 5910D1FDDD500970315B9D12AC0C987A43801DE63826AB52D1EE76B40717F4C0 ] C:\Program Files (x86)\IObit\Advanced SystemCare 6\OFCommon.dll
12:28:42.0610 0x1a10  C:\Program Files (x86)\IObit\Advanced SystemCare 6\OFCommon.dll - ok
12:28:42.0612 0x1a10  [ 244C6722289F4869068992FD7D8A8832, 8644D0A55C46C3F081F0AB43D253D13E56E77D89336A87108DB8C47D6EDC3A64 ] C:\Windows\SysWOW64\wbem\wbemdisp.dll
12:28:42.0612 0x1a10  C:\Windows\SysWOW64\wbem\wbemdisp.dll - ok
12:28:42.0614 0x1a10  [ 28D30AECE802933FC4BE33CDFA0EAFEC, 72B78CAE741F4AB1012D750465C122E84B0824A976E9BB5AC7CB12849F0BDBCE ] C:\Users\owner\AppData\Roaming\ICQM\ICQ\dll\MRAInplaceViewer.dll
12:28:42.0614 0x1a10  C:\Users\owner\AppData\Roaming\ICQM\ICQ\dll\MRAInplaceViewer.dll - ok
12:28:42.0616 0x1a10  [ 14669811899AAC956A21DB970B3F7EBB, 21814AAEE5504A533B0B12CBD82AB7D2E82E2DF5D9DE915A523EBA14DB569E1E ] C:\Windows\SysWOW64\Macromed\Flash\Flash32_12_0_0_77.ocx
12:28:42.0616 0x1a10  C:\Windows\SysWOW64\Macromed\Flash\Flash32_12_0_0_77.ocx - ok
12:28:42.0618 0x1a10  [ 088CF5B6380FB9002F2A4246F812225D, 3E7205FEBC5B2432EE3655CD71D630A5D5EA609995F43053B1B5EB8917C46453 ] C:\Windows\SysWOW64\asycfilt.dll
12:28:42.0618 0x1a10  C:\Windows\SysWOW64\asycfilt.dll - ok
12:28:42.0619 0x1a10  [ 5FD5341147941E4F648A21C68FA83115, 4E43757B1EC563681595942BBA39749F880428A5CFE6208864887F19C4E9D94A ] C:\Users\owner\AppData\Roaming\ICQM\ICQ\dll\YLUSBTEL.dll
12:28:42.0619 0x1a10  C:\Users\owner\AppData\Roaming\ICQM\ICQ\dll\YLUSBTEL.dll - ok
12:28:42.0621 0x1a10  [ 8B592DF6D9A581A3C66F65212887C706, A094CE461CC43102814DBB133A0D62A0717FBCABEB5CAB9B21568B7966D59C58 ] C:\Users\owner\AppData\Roaming\ICQM\ICQ\dll\MousePhone.dll
12:28:42.0621 0x1a10  C:\Users\owner\AppData\Roaming\ICQM\ICQ\dll\MousePhone.dll - ok
12:28:42.0623 0x1a10  [ AA5F3F417DF0F470D67A7862451EA8E1, 43D131BFD6884E2D8D0317AABAF0564E36937347AB43FECCFC2B1C9D38C8527B ] C:\Windows\SysWOW64\mciqtz32.dll
12:28:42.0623 0x1a10  C:\Windows\SysWOW64\mciqtz32.dll - ok
12:28:42.0625 0x1a10  [ D9B54074496CDF6550512876949CA386, 087D6CBB6C270F37D0AF9440B21F2657C10AD4B2DC77B71637C3E7F6DBEE52BF ] C:\Windows\SysWOW64\DCBassSourceMod.ax
12:28:42.0625 0x1a10  C:\Windows\SysWOW64\DCBassSourceMod.ax - ok
12:28:42.0628 0x1a10  [ 301A5609907605013D7ED94B5B49AAB9, 4B77AE91E8972A22655932937120FA01646116EA83F4AB35784325659F5CD9FB ] C:\Windows\SysWOW64\OptimFROG.dll
12:28:42.0628 0x1a10  C:\Windows\SysWOW64\OptimFROG.dll - ok
12:28:42.0630 0x1a10  [ BDB65DCE335AC29ECCBC2CA7A7AD36B7, 7EC9EE07BFD67150D1BC26158000436B63CA8DBB2623095C049E06091FA374C3 ] C:\Windows\SysWOW64\tak_deco_lib.dll
12:28:42.0630 0x1a10  C:\Windows\SysWOW64\tak_deco_lib.dll - ok
12:28:42.0632 0x1a10  [ 8005750EC63EB5292884AD6183AE2E77, DF9F56C4DA160101567B0526845228EE481EE7D2F98391696FA27FE41F8ACF15 ] C:\Windows\SysWOW64\bass.dll
12:28:42.0632 0x1a10  C:\Windows\SysWOW64\bass.dll - ok
12:28:42.0635 0x1a10  [ A6F5E219342A9F26AB27F81AEA8AAC77, 578D22D5FDB301B9B0794535910C44BE8AD327928BC500C09C9017CC2500D14A ] C:\Windows\SysWOW64\bass_aac.dll
12:28:42.0635 0x1a10  C:\Windows\SysWOW64\bass_aac.dll - ok
12:28:42.0637 0x1a10  [ E5E6EFA3505B93FC0962E9D4EAD609E3, C64EC291D83CB0BB310060C715B15341B88B6D59680341BF8C4A833255654EAA ] C:\Windows\SysWOW64\bass_alac.dll
12:28:42.0637 0x1a10  C:\Windows\SysWOW64\bass_alac.dll - ok
12:28:42.0639 0x1a10  [ 13BEB78A9FCE8106C43C21FB705F9D5D, 22F3A677F891955560760FBF78E59930269057A3DA3F35D7693B39A37D192F95 ] C:\Windows\SysWOW64\bass_ape.dll
12:28:42.0639 0x1a10  C:\Windows\SysWOW64\bass_ape.dll - ok
12:28:42.0640 0x1a10  [ C0C3FA022F605FD04C867CD7B2F5F2A5, 0B80E510B7B6EEE8549AF9F2A7F9316B9E01D63EF95D4F402AC3B21E96BB0D19 ] C:\Windows\SysWOW64\bass_cd.dll
12:28:42.0640 0x1a10  C:\Windows\SysWOW64\bass_cd.dll - ok
12:28:42.0642 0x1a10  [ 50AF8A7D49E83A723ED0F70FB682DCFB, 481B418BFB291276B565EDD4A6E06948038C10CD8C592C2D81FD82348EF39E6A ] C:\Windows\SysWOW64\bass_flac.dll
12:28:42.0642 0x1a10  C:\Windows\SysWOW64\bass_flac.dll - ok
12:28:42.0644 0x1a10  [ 76F123C199319616760B9C0470C7997B, 7D50C934B96463CD1D2B36522C58D4B0A22F21887A6E2E12C0209BA2A2412D9E ] C:\Windows\SysWOW64\bass_mpc.dll
12:28:42.0644 0x1a10  C:\Windows\SysWOW64\bass_mpc.dll - ok
12:28:42.0645 0x1a10  [ B3CC560AC7A5D1D266CB54E9A5A4767E, EDDE733A8D2CA65C8B4865525290E55B703530C954F001E68D1B76B2A54EDCB5 ] C:\Windows\SysWOW64\bass_ofr.dll
12:28:42.0645 0x1a10  C:\Windows\SysWOW64\bass_ofr.dll - ok
12:28:42.0647 0x1a10  [ 39275510E10E8B748583313B2155426E, CC69F4791C2D831343732CCA40878B58CC02855D384547AAD3CCEB954E79AC4F ] C:\Windows\SysWOW64\bass_opus.dll
12:28:42.0647 0x1a10  C:\Windows\SysWOW64\bass_opus.dll - ok
12:28:42.0649 0x1a10  [ EAFC368E75339308AA018663B305E138, D0A35F75255EE3030A68EF65FD8D584D4143B37CD2F2F07EB82090B8759D71D2 ] C:\Windows\SysWOW64\bass_tak.dll
12:28:42.0649 0x1a10  C:\Windows\SysWOW64\bass_tak.dll - ok
12:28:42.0651 0x1a10  [ 4AD2D66E10AAA0FFE4C7A4F46EADBB56, 0A69D4B7571BA9FCC28A2DA8159E5765756418EDDD0648A935F2F31DAE6F89B4 ] C:\Windows\SysWOW64\bass_tta.dll
12:28:42.0651 0x1a10  C:\Windows\SysWOW64\bass_tta.dll - ok
12:28:42.0653 0x1a10  [ 1891D1F435ADCEBFC6D05F3F02BFC35C, 3FE904AC94D1F054FFE4E3B2CA14ECA44266D14FEE9AF1A86F36E72533295218 ] C:\Windows\SysWOW64\bass_wv.dll
12:28:42.0653 0x1a10  C:\Windows\SysWOW64\bass_wv.dll - ok
12:28:42.0654 0x1a10  [ 5BB8C06EB5EA4BA22EE8A678F2D79B25, 019E9274DE2F5BAB16B4632B8A2E93DFC8DF0C08EC4EEA947B337FD29EB2E0CC ] C:\Windows\SysWOW64\devenum.dll
12:28:42.0654 0x1a10  C:\Windows\SysWOW64\devenum.dll - ok
12:28:42.0657 0x1a10  [ 7069AAB8536F29ED7323140973A2894B, 04B7FB6C64BFA3B80549F35CEF36D5DAE5D19A40E42444B3665B6BEFDF98EB5F ] C:\Windows\SysWOW64\msdmo.dll
12:28:42.0657 0x1a10  C:\Windows\SysWOW64\msdmo.dll - ok
12:28:42.0659 0x1a10  [ C9FB8C3D650EF8BD76865EC20A19A5BC, 704FE71DDF8C67D7E954743590761A550E04AF82798517600D1A2D5858DC6A8D ] C:\Windows\SysWOW64\DShowRdpFilter.dll
12:28:42.0659 0x1a10  C:\Windows\SysWOW64\DShowRdpFilter.dll - ok
12:28:42.0662 0x1a10  [ B91BDD5E4B42461DD01A673A082FC4C5, 2236059F12B0E30D1EC10A7FACB4F48F6D210B67392D373499EB225495DFC873 ] C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Filters\ffdshow\ffdshow.ax
12:28:42.0662 0x1a10  C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Filters\ffdshow\ffdshow.ax - ok
12:28:42.0664 0x1a10  [ D2BBC72E0CDF8639C8274EDB395C9103, E999FFC31AC55974D64CBC02871681F623975AF5FF9F98ED7FB355DEF3CE082F ] C:\Windows\SysWOW64\dinput.dll
12:28:42.0664 0x1a10  C:\Windows\SysWOW64\dinput.dll - ok
12:28:42.0666 0x1a10  [ 841E8D8623B1683EB8249B676CA0AD26, 73B931B7E229AB515BC3B2AE6C6E32B07BE744BCA85B362A3C9AF5B1B559936D ] C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Filters\ac3filter.ax
12:28:42.0666 0x1a10  C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Filters\ac3filter.ax - ok
12:28:42.0669 0x1a10  [ 64BA2E5B9678BC574EF17AF88BE5DF9C, 4900DF9612B2D2DF1F4A4888E112ED28A75B2914220483A4FE43BDF6AA88F093 ] C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\AviSynthPlugins\vsfilter.dll
12:28:42.0669 0x1a10  C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\AviSynthPlugins\vsfilter.dll - ok
12:28:42.0670 0x1a10  [ 33B98C6A8D70E6F97CEF11FD778E25C2, 539F9479190450FF9BF78C0210D76EB1A4C3C566A5593D11684BE89915C27E51 ] C:\Windows\SysWOW64\CTOPT352.dll
12:28:42.0670 0x1a10  C:\Windows\SysWOW64\CTOPT352.dll - ok
12:28:42.0672 0x1a10  [ 716A1BC93BA66C3EEC98634B14C47CE9, 69BF1AADED523BE9AA6053DD25C3057967DFEB094AE6080C5E0B5CC3A121B6BD ] C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
12:28:42.0672 0x1a10  C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll - ok
12:28:42.0674 0x1a10  [ 0CF88A48EC6B955F8ED3D7847F2A5503, 315D1C12E071AE219C23A7F4EB02B636D7861734EC5F27544ABF63563B197B9F ] C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
12:28:42.0674 0x1a10  C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe - ok
12:28:42.0676 0x1a10  [ FFFE93851E1DB6B112007AE6077BA2A5, C48FDD42AFD8208463BDFCBB55D6078D1CE5D51F4E68E2E5E152151453969CE8 ] C:\Program Files (x86)\IObit\Surfing Protection\PluginInstall.exe
12:28:42.0676 0x1a10  C:\Program Files (x86)\IObit\Surfing Protection\PluginInstall.exe - ok
12:28:42.0678 0x1a10  [ BD4254B0C5BFB133B032885CDC1F32EE, 6CE78914D897DC885F99C8128B86A687045873D1D6B7DBD8BD71CA53F5013503 ] C:\Program Files (x86)\IObit\Advanced SystemCare 6\vclx120.bpl
12:28:42.0678 0x1a10  C:\Program Files (x86)\IObit\Advanced SystemCare 6\vclx120.bpl - ok
12:28:42.0680 0x1a10  [ CE38536E05E23FE796C11AFFAB6FA842, C513ECE5B70D433C7D97009307C3CCFDD0E5ED77423AD57319EC8390DAEFD0BC ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
12:28:42.0680 0x1a10  C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll - ok
12:28:42.0682 0x1a10  [ 93C2D166F5C3C14B32B15184254049C3, 397879F4974CD03FBEE3DC3EA859F1BE3B9E3269603F053CE17DCBC384B83B34 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
12:28:42.0682 0x1a10  C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll - ok
12:28:42.0684 0x1a10  [ 09A116FB06C5E362EF8938D29CDAB27B, 887B39388C39FF262FBBE3047FA1F5F47EB649AF3D760865AFE614DE64160D33 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
12:28:42.0684 0x1a10  C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll - ok
12:28:42.0686 0x1a10  [ 11F8C6C0DAF1A04FF26293BEFED5680F, 670A7E3164D34CB1C242BAFE7D113F2EFA4CB63F73802AEB39BAFFF393ADF4BB ] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorUtil.dll
12:28:42.0686 0x1a10  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorUtil.dll - ok
12:28:42.0688 0x1a10  [ BE210318FA6DA2A862BD41EA87E8CBE6, 1977C5979A473F06028FE51405F3C752C34ACB7A3BBD95C242ADD171E0E69046 ] C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
12:28:42.0688 0x1a10  C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll - ok
12:28:42.0691 0x1a10  [ 16C7F12EDD508125EBA095D9A43616B4, F1EFFEB21E156398B22855D0A45F8887E173DBECC2608AEA715B464B57107420 ] C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
12:28:42.0691 0x1a10  C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll - ok
12:28:42.0693 0x1a10  [ 0F42F3605AB5C3679765FF1081275EF3, 50BD23EC2590C1083EA33E3D1E3448244A3D8995672DFB4DBC409E20FA9BF2FF ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
12:28:42.0693 0x1a10  C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll - ok
12:28:42.0696 0x1a10  [ 676B3D8716B19DADBAA84E99785E71EC, 0A788344ED020AA7DD876D6A12078A7140DC2D7CC9B25283FACA3D16B4875DC2 ] C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
12:28:42.0696 0x1a10  C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll - ok
12:28:42.0698 0x1a10  [ 7E8C840853FB6EBD5CC16D3C10C7C127, 956C5BCEC75281068DA28ED5B9E9706329B84940464A1CD3F0021ACB1269AB77 ] C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
12:28:42.0698 0x1a10  C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll - ok
12:28:42.0701 0x1a10  [ A0617B5753E31126AD29C03154F4F329, 3BC10C0A54D1D60B0C670D901944D3F115E2EBB406C989409145E7151AA55EFE ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
12:28:42.0701 0x1a10  C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll - ok
12:28:42.0703 0x1a10  [ C1B5307377C98F87E0152C44E9FF8DEE, E4B8CACDD50A9A6457708E3D15DDFA3CF23B444582FD37BA50444B53802FF0C7 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
12:28:42.0703 0x1a10  C:\Windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll - ok
12:28:42.0706 0x1a10  [ 24FCC3CDAE327F632CB8696E1E40F772, 1EA38207DE7DCBB6199708E5043A7D2DB290933BF963910206E2576566442003 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\alink.dll
12:28:42.0706 0x1a10  C:\Windows\Microsoft.NET\Framework\v2.0.50727\alink.dll - ok
12:28:42.0708 0x1a10  [ E955300DF949977878C705EC8681009A, 8DF0532317D5A00DF1A1CED769D1944EA5C29FED35C1038C5C9E5486EDA6CCBC ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
12:28:42.0708 0x1a10  C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll - ok
12:28:42.0711 0x1a10  [ ED797D8DC2C92401985D162E42FFA450, B746362010A101CB5931BC066F0F4D3FC740C02A68C1F37FC3C8E6C87FD7CB1E ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
12:28:42.0711 0x1a10  C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe - ok
12:28:42.0713 0x1a10  [ BD410C50CBA1EC59E4ADECDE9A7F2C83, B0B99D9E5ACFB58E3031E3561BA8C2B74D22B914F9FA7CF2A55135161F5EAA8B ] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IntelVisualDesign.dll
12:28:42.0713 0x1a10  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IntelVisualDesign.dll - ok
12:28:42.0716 0x1a10  [ 7B46A076184B73AEDC1A66A71D9131E8, A3D5BD5C25F38510A7A09124A1876B2C1FA628D890217F015FF99CAEED64DC3B ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
12:28:42.0716 0x1a10  C:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll - ok
12:28:42.0718 0x1a10  [ 5343A19C618BC515CEB1695586C6C137, 2246B4FEAE199408EA66D4A90C1589026F4A5800CE5A28E583B94506A8A73DCE ] C:\Windows\SysWOW64\msvbvm60.dll
12:28:42.0718 0x1a10  C:\Windows\SysWOW64\msvbvm60.dll - ok
12:28:42.0720 0x1a10  [ 00000000000000000000000000000000, 0000000000000000000000000000000000000000000000000000000000000000 ] C:\Program Files (x86)\SRWare Iron\iron.dll
12:28:42.0720 0x1a10  C:\Program Files (x86)\SRWare Iron\iron.dll - ok
12:28:42.0723 0x1a10  [ 5434E18B933E03F274D8DA59FDA4C676, EF080AD7436D544C285D026131AD0FAA0B54D7E2F098D5C6C5920BBF88B3F6A7 ] C:\Program Files (x86)\SRWare Iron\icudt.dll
12:28:42.0723 0x1a10  C:\Program Files (x86)\SRWare Iron\icudt.dll - ok
12:28:42.0725 0x1a10  [ 43C9CF6825CEA58F1815B7C3DBBB385C, C79DB405D588C77E4ACAE3BC26080213BEEB604C0A109AFDF88031FC46B4CBC0 ] C:\Windows\SysWOW64\Wpc.dll
12:28:42.0725 0x1a10  C:\Windows\SysWOW64\Wpc.dll - ok
12:28:42.0727 0x1a10  [ 75895A5668A43F7B8D3CF1F57E937BBE, B8B03338D199C121715411971420575AD09098D9DFF88567D20475E1DEB39842 ] C:\Program Files (x86)\SRWare Iron\d3dcompiler_46.dll
12:28:42.0727 0x1a10  C:\Program Files (x86)\SRWare Iron\d3dcompiler_46.dll - ok
12:28:42.0730 0x1a10  [ E602FBAA6DBB182C101E6AD8FA6D57B7, 08DE8DACE07BDED08AA47E8E7D5F208B4805F993F94D801DAB5B89A71B87C2CA ] C:\Program Files (x86)\SRWare Iron\libGLESv2.dll
12:28:42.0730 0x1a10  C:\Program Files (x86)\SRWare Iron\libGLESv2.dll - ok
12:28:42.0732 0x1a10  [ 46536C336A238CBC37C330ADE7A81F2D, 851532EFF311B90B56923E686B5CB2E2EE4BD1F732A94E3FC8FCBE21D8AFB9F9 ] C:\Program Files (x86)\SRWare Iron\libEGL.dll
12:28:42.0732 0x1a10  C:\Program Files (x86)\SRWare Iron\libEGL.dll - ok
12:28:42.0734 0x1a10  [ BB4558E20A6DD59B673857E168091A9D, 2624B96D78E64E7D235C46CF965FC6B6886A5144508868FFA0371FEF98A2A310 ] C:\Windows\SysWOW64\nvspcap.dll
12:28:42.0734 0x1a10  C:\Windows\SysWOW64\nvspcap.dll - ok
12:28:42.0737 0x1a10  [ 8C12EC8DF2314B7BB2881719F3930E1A, AF65E7AF3C59E1D084DD08A27463E34466A58B5F2E1578EFDB2357BA44CDD73A ] C:\Program Files (x86)\SRWare Iron\ffmpegsumo.dll
12:28:42.0737 0x1a10  C:\Program Files (x86)\SRWare Iron\ffmpegsumo.dll - ok
12:28:42.0739 0x1a10  [ 1F27643C4C626457FCE8F047AE1CD7E1, 68E2367B9AA21C1BDE7FEA566D5F0DBDF1E246CB53E949622F8EDC810AA95956 ] C:\Windows\SysWOW64\dxva2.dll
12:28:42.0739 0x1a10  C:\Windows\SysWOW64\dxva2.dll - ok
12:28:42.0741 0x1a10  [ FDBA1DEC4F9BE4274A00B9B850C63484, 045846267BCB1D9C4931A4871C887D8496E92DF655936DD5D40375E09C950510 ] C:\Windows\SysWOW64\mf.dll
12:28:42.0741 0x1a10  C:\Windows\SysWOW64\mf.dll - ok
12:28:42.0743 0x1a10  [ 600A65F922CCDCBB2D11467914241556, 9AE430D8CB346B43073E78886EF765199497F820D3295683167CD7FEBDDEE316 ] C:\Windows\SysWOW64\msmpeg2vdec.dll
12:28:42.0743 0x1a10  C:\Windows\SysWOW64\msmpeg2vdec.dll - ok
12:28:42.0744 0x1a10  [ 53AF1750FD45DDD705C9B68C7DC58827, A379F7B8289DB02FE336EE09D02C9FED9B407DD173AEECAE98B5551FAB9D1CEB ] C:\Windows\SysWOW64\evr.dll
12:28:42.0744 0x1a10  C:\Windows\SysWOW64\evr.dll - ok
12:28:42.0746 0x1a10  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] C:\Windows\System32\qmgr.dll
12:28:42.0746 0x1a10  C:\Windows\System32\qmgr.dll - ok
12:28:42.0748 0x1a10  [ 29409ED7400CA5BCCC30C0EE5147A60D, FCC41E4308A1648CE810105AACED08295C53E25178D6C40C9DF61E9397C579D6 ] C:\Windows\System32\bitsperf.dll
12:28:42.0748 0x1a10  C:\Windows\System32\bitsperf.dll - ok
12:28:42.0750 0x1a10  [ D9431DCF90B0253773F51FDEFE7FD42F, E53C40CC0EC603CF67305F0AA81389124CF6E709A22DABF13563CBAD15897422 ] C:\Windows\System32\bitsigd.dll
12:28:42.0750 0x1a10  C:\Windows\System32\bitsigd.dll - ok
12:28:42.0752 0x1a10  [ 81FB155132AE12BA18119D5B36A85476, B135C87752B20C98CD5D4B9BE47316F785EC41FD5E391D8609F06EDA29B05BBF ] C:\Windows\System32\msvcr110_clr0400.dll
12:28:42.0752 0x1a10  C:\Windows\System32\msvcr110_clr0400.dll - ok
12:28:42.0754 0x1a10  [ F68CAFF425A9F37E498193BDDC5CC652, 71E89D7A932C71D51957A30052748976D2BC00918D819E3238B120C966E6E8D9 ] C:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
12:28:42.0754 0x1a10  C:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll - ok
12:28:42.0756 0x1a10  [ 272B0D5843365AB3AB26A2AB531D492A, C2EFB15B9CB5C6C25049FFBFFC62B8C286C492CBF8370E992180724D7EE7E43A ] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgr.dll
12:28:42.0756 0x1a10  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgr.dll - ok
12:28:42.0758 0x1a10  [ B9050321A3E9AB987EB2E8C0BA7E091C, 4C7AF42AF2E4054F0784A19E06BDF166CB12C4068F2FCB1EEAB8BAD09A2C44BD ] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
12:28:42.0758 0x1a10  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll - ok
12:28:42.0761 0x1a10  [ 34739CAFB4DFEA7E6C8034E72CA47D2C, 5416F23E3FEFC69025FD93309F92CA32E714738EC8CBAF9DEA7118652F944A76 ] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\ISDI.dll
12:28:42.0761 0x1a10  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\ISDI.dll - ok
12:28:42.0763 0x1a10  [ D34A527493F39AF4491B3E909DC697CA, 7A74DA389FBD10A710C294C2E914DC6F18E05F028F07958A2FA53AC44F0E4B90 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcm90.dll
12:28:42.0763 0x1a10  C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcm90.dll - ok
12:28:42.0766 0x1a10  [ 8CC33F757E817C7C03C6A5F7FDF85F09, C120CA09A37CAD9DD39B59B9C99476B38E666B32A907D68495F9E568DA5CE694 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll
12:28:42.0766 0x1a10  C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll - ok
12:28:42.0768 0x1a10  [ 3C3EF672FA5F7E8642C5E4A9BF436FF5, D449FD36344F166EAC8D3C2E2E11B5AB52EB25D372BE9B8D39CEC8E2112EF2AB ] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorCommon.dll
12:28:42.0768 0x1a10  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorCommon.dll - ok
12:28:42.0771 0x1a10  [ 64EE4663A3876638471F03586474DC13, E940F56893ACC0086CE44BE239AB7869BC11233D84FDDAAAF64FC1BE98110492 ] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
12:28:42.0771 0x1a10  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll - ok
12:28:42.0773 0x1a10  [ D0C751D4D43B16327566FE17F39F461D, 56AB216BC6017E8171CA51DD21AEDAECC56C8BB2DFE83A1A54403A4CC7070B79 ] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\WsmanClient.dll
12:28:42.0773 0x1a10  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\WsmanClient.dll - ok
12:28:42.0775 0x1a10  [ E2430ECA924632371CC085AA4F086E65, 0C5A418B5A2B678335CEC5D0150A89CE1D59F2D686A30AA7CC66209D2F316E56 ] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\Common.dll
12:28:42.0775 0x1a10  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\Common.dll - ok
12:28:42.0777 0x1a10  [ 7B07B798B13DB6C65DFD16FC765F7139, FC4AF97A1D580D6FA0F810BA9174CF57D3ED960E0B5BEBB42E8E7C9810687E24 ] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\GmsCommon.dll
12:28:42.0777 0x1a10  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\GmsCommon.dll - ok
12:28:42.0779 0x1a10  [ 2120A35C9222C972AE75950A234CCB50, 101A95CFA18E8BD3380B26B2434538731F079864092CF968FFBB253C32973C66 ] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\Configurator.dll
12:28:42.0779 0x1a10  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\Configurator.dll - ok
12:28:42.0781 0x1a10  [ 4D3D037C655D35AE8FF6F8A30B11CF90, 3B85A8A6489F35FF758DD7820B24F53509EA0F212868BB0D7E9338EAA3643C3F ] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\EventManager.dll
12:28:42.0781 0x1a10  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\EventManager.dll - ok
12:28:42.0784 0x1a10  [ 04B16F85684A1D3F74E4A07653F6BF14, 11065B347AF9A1D446DE122D8D885083434B3528F8CBBAA6D0CF59C947A1AF69 ] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\StatusEventHandler.dll
12:28:42.0784 0x1a10  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\StatusEventHandler.dll - ok
12:28:42.0786 0x1a10  [ 3B2C118C51D035E29A759A603AA1F404, 2F4B69035B157CC8B392FE613D86895DB5FDE22A6D51688742B46FB23F78D20A ] C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
12:28:42.0786 0x1a10  C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll - ok
12:28:42.0788 0x1a10  [ 81EB0AB79027642E0E9C2643AB07DD2E, EBED2CBAB790854CA9B1B4780AA6B8E40CE20C4FEDF72842513AF52F82445959 ] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorUIHelper.dll
12:28:42.0788 0x1a10  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorUIHelper.dll - ok
12:28:42.0791 0x1a10  [ EB41064BC07017F5694CF16B4DEF6B10, 4A98E8CB2DB0CDCA2CD34598B1051128DC6EE9F3709F33DE52BA84898AA801AA ] C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
12:28:42.0791 0x1a10  C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll - ok
12:28:42.0793 0x1a10  [ 7E2B763CF671ADB558D5F7110889D469, 9B221926165A8C577994D2992B5410BD9699E41BF4B92241624B7C69B5EB8707 ] C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
12:28:42.0793 0x1a10  C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL - ok
12:28:42.0795 0x1a10  [ 7B882AEBC5F6DBEA4E0361C0FC3E36D4, 97E18C7997F1394AC5CCA44AC287603B427AC1D55E3C5336B38E8B375B638635 ] C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
12:28:42.0795 0x1a10  C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL - ok
12:28:42.0797 0x1a10  [ AC987EE8037531807C5D7E6217A23501, 99BA3108449A6093A10673CE1ACE4D2B7A40D52A2B520092CABD2696295DE142 ] C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
12:28:42.0797 0x1a10  C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - ok
12:28:42.0799 0x1a10  [ C9289951167E2022D5F14CA6D63137CE, 57C3BE7DE652601CCF051B810F68DDAD1F1B4EF15E5622595990C6FF12AA2486 ] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
12:28:42.0799 0x1a10  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll - ok
12:28:42.0801 0x1a10  [ 08140CD8387258CA46334869311D361D, 72AD3D3F8FD4C4744776A7F160F8BC7EF7660B0EC96321AC77E461A782B0AE55 ] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
12:28:42.0801 0x1a10  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll - ok
12:28:42.0804 0x1a10  [ 9B10927CFD0F7AD39E40C0E34005B1AD, AD140EDE02313759A1A7BB71E3286D712DA6AFE6335034EAC950824989B46B4B ] C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
12:28:42.0804 0x1a10  C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll - ok
12:28:42.0806 0x1a10  [ A9191AE22A8F1287B5E2DF33E3A57253, 3E6B6416FAF916A730B69529934B9FC6998C3AAAF04F1CF5618C0DC7076FA122 ] C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
12:28:42.0806 0x1a10  C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll - ok
12:28:42.0809 0x1a10  [ 9013599B12923A45C029C34E8D2211AC, 6731425FFA94226BB89FB7B3153BF356049C22048A992F6A3081A4AB893E157F ] C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
12:28:42.0809 0x1a10  C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll - ok
12:28:42.0811 0x1a10  [ 24D891B7524245383A741EBFF293FA95, 22FF7A773A655DF30BE0E76D2918A1DA8941876D192D79201C43C215BA113C29 ] C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
12:28:42.0811 0x1a10  C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll - ok
12:28:42.0814 0x1a10  [ 1C8124B6A03A620EB0CBCA615666D2AE, 2E32564564677FC6BE4F97C54FE712C772D1E0DCDC7374A79D3E2F1AE39D15C5 ] C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
12:28:42.0814 0x1a10  C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll - ok
12:28:42.0816 0x1a10  [ D71FD9D50DEE32075F0D4F93CE2051ED, 963EA61F88DD70EEF19EBB208CA5EDA2BC6AE6C7AF87279CA06879A9A6CCC887 ] C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
12:28:42.0816 0x1a10  C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll - ok
12:28:42.0818 0x1a10  [ 95812430959AE88CDD0301AB3A71913B, 7643A3C2D1EE52870F0742C6EE45267F82C0E30E96474EF7575350122620466B ] C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
12:28:42.0818 0x1a10  C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll - ok
12:28:42.0821 0x1a10  [ 32AE2F1A4CEB3588F50611FD27BFA7E8, 6A514DA06D996DE4D4BF41A0781F1D516E1FBAA9C47DA1B92E83307915C3E7C8 ] C:\Program Files (x86)\IObit\Advanced SystemCare 6\MonitorDisk.exe
12:28:42.0821 0x1a10  C:\Program Files (x86)\IObit\Advanced SystemCare 6\MonitorDisk.exe - ok
12:28:42.0823 0x1a10  [ F175E53C7C3B25A9029A131FB578B155, 474286F3070D37B418FDEC34B27B027618B025FA5EEA9AA6C8546E0CA8B34133 ] C:\Windows\SysWOW64\wscinterop.dll
12:28:42.0823 0x1a10  C:\Windows\SysWOW64\wscinterop.dll - ok
12:28:42.0825 0x1a10  [ 81252AA3B13743020BCF2089A5A0D911, BFFB1A5917EC1EDAF6B58EAFD888575299365D09C734FACF5A7D1843680DDFD8 ] C:\Windows\System32\wscinterop.dll
12:28:42.0826 0x1a10  C:\Windows\System32\wscinterop.dll - ok
12:28:42.0827 0x1a10  [ 7FD5532C142DB6C9CC47AA4DCF71FDEC, 16BBC7ABBEC24B66A4824D8A4FFDB76A488E6F07182103F5292A3033542BF77A ] C:\Windows\SysWOW64\wscui.cpl
12:28:42.0827 0x1a10  C:\Windows\SysWOW64\wscui.cpl - ok
12:28:42.0829 0x1a10  [ DF50DAE4C547285E4997A0C61063B632, 24F1B66CD2C5188609F936E7F4947E29EB120C59731E7028285CE6791F31B580 ] C:\Windows\System32\wscui.cpl
12:28:42.0829 0x1a10  C:\Windows\System32\wscui.cpl - ok
12:28:42.0831 0x1a10  [ F9959237F106F2B2609E61A290C0652E, FCCC12E5AAE1773BF87B1C4BCE71D017DB1A5A7AC189559058EA1ECC72075A82 ] C:\Windows\System32\werconcpl.dll
12:28:42.0831 0x1a10  C:\Windows\System32\werconcpl.dll - ok
12:28:42.0834 0x1a10  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] C:\Windows\System32\wercplsupport.dll
12:28:42.0834 0x1a10  C:\Windows\System32\wercplsupport.dll - ok
12:28:42.0836 0x1a10  [ 57CE9D8350B1DD76EEC596C423C3C0BC, 289BB8EFEB2CA0E6905DD83F3F0156EA7B215221F675F6EA93ABF87DF61C8D3D ] C:\Windows\SysWOW64\hcproviders.dll
12:28:42.0836 0x1a10  C:\Windows\SysWOW64\hcproviders.dll - ok
12:28:42.0838 0x1a10  [ 809AE7D4ACE06BBCF621E5C504BF6FC8, 0BAAB89FB57468F27446947D75CBD6DDFC92D9B8F040144A12656803B2F7BF65 ] C:\Windows\System32\hcproviders.dll
12:28:42.0838 0x1a10  C:\Windows\System32\hcproviders.dll - ok
12:28:42.0840 0x1a10  [ 8CC4638FA7B5B921B9080CF962582C0B, 78BFC97E5C863593CF618D458D894814B0E066F393132B9DC4B173BA06271112 ] C:\Windows\SysWOW64\fontsub.dll
12:28:42.0840 0x1a10  C:\Windows\SysWOW64\fontsub.dll - ok
12:28:42.0842 0x1a10  [ D6BAE9B4B210D71CDDADC224CEFCDB5F, 2D8FB9BB09F021B3AF24F97F496BFC5B5688ABA8727057803D0D27CF630722C2 ] C:\Windows\System32\fontsub.dll
12:28:42.0842 0x1a10  C:\Windows\System32\fontsub.dll - ok
12:28:42.0844 0x1a10  [ EC08F157BE40C5ACD5337ABF5B24C9C5, 542F7A52FBD9B01B50934E1E2EE52FF196B3BA1E6A04D3C9C1FA8F50CDC8D33A ] C:\Users\owner\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
12:28:42.0844 0x1a10  C:\Users\owner\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll - ok
12:28:42.0845 0x1a10  [ 827CB0D6C3F8057EA037FF271F8E9795, 82760DBDDD38D2A31CAAF51D065DF4E7E1D0F0C22733A0AF653776EBF7B79470 ] C:\Windows\SysWOW64\imageres.dll
12:28:42.0846 0x1a10  C:\Windows\SysWOW64\imageres.dll - ok
12:28:42.0847 0x1a10  [ 50AF423CC8915B0010F0A96BF78672E9, 15AF9BFA027A783361C7149E5EDA7E99D6B92DB7ABE8B34532BF3141BC27A74C ] C:\Windows\SysWOW64\prncache.dll
12:28:42.0847 0x1a10  C:\Windows\SysWOW64\prncache.dll - ok
12:28:42.0849 0x1a10  [ 4183C14E7507143B47D0B18F4983BBE2, 83073F26E7756ABA9F14F1916C031B8CE0F79D1CF1C4A0ECF947CC495951CCD0 ] C:\Program Files (x86)\Internet Explorer\ieproxy.dll
12:28:42.0849 0x1a10  C:\Program Files (x86)\Internet Explorer\ieproxy.dll - ok
12:28:42.0851 0x1a10  [ 79849450DCBC06715B1738D0908969FC, 13A1E48D768C9463CECEC001864AAB24585414A0C5923962EE0BFF0077AD7D42 ] C:\Windows\SysWOW64\nvwgf2um.dll
12:28:42.0851 0x1a10  C:\Windows\SysWOW64\nvwgf2um.dll - ok
12:28:42.0852 0x1a10  [ 503AC5E082FC0B277EA0056D0216738C, 20E4FDE17F8C29B58BA4D038A377E43AE323BDF7118B071CAEF4B292F6425FB0 ] C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\cosvcplg.dll
12:28:42.0853 0x1a10  C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\cosvcplg.dll - ok
12:28:42.0854 0x1a10  [ B61D154ECC28883A09BD84C62997D500, 1BC55DB09BA5307288F83DA0C4088015EA5ABD0A581F40736C531EAEF1AEC08D ] C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\ccgevt.dll
12:28:42.0854 0x1a10  C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\ccgevt.dll - ok
12:28:42.0856 0x1a10  [ 0B2DD68E21CDC1A175CF6F027B02A7DA, AE0C4E838454E5F69D3187A5404A2B581A6072597565D56874930713B7DD002F ] C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\coffplgn.dll
12:28:42.0856 0x1a10  C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\coffplgn.dll - ok
12:28:42.0858 0x1a10  [ 0B2DD68E21CDC1A175CF6F027B02A7DA, AE0C4E838454E5F69D3187A5404A2B581A6072597565D56874930713B7DD002F ] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\components\coFFPlgn.dll
12:28:42.0858 0x1a10  C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\components\coFFPlgn.dll - ok
12:28:42.0860 0x1a10  [ CECE6A4BE97FE508A168E73DE4116411, DFC336483239E319C8A7FE723FEAC02F0A2DF0DF9286918C9CA98432E612C1D9 ] C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\ccglog.dll
12:28:42.0860 0x1a10  C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\ccglog.dll - ok
12:28:42.0862 0x1a10  [ 3B72F32F699CC22083A9D9A1349E4D06, 4A0D53EB6574BDF321865560B0F77A30737AAA62A6E92D08A35CCAF4E5F04AB1 ] C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\ccjobmgr.dll
12:28:42.0862 0x1a10  C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\ccjobmgr.dll - ok
12:28:42.0864 0x1a10  [ E7F1F8EC8EC4D9660D40BA6D5D7AD305, B210A9FC4E41D5B7130EF461D93B67347EE11E6EE1024EF1A03A0A630855FD44 ] C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\ccsubeng.dll
12:28:42.0864 0x1a10  C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\ccsubeng.dll - ok
12:28:42.0866 0x1a10  [ AF8EB6D640A83A30EF59802C7AB75CEF, A16ABC9D7FB6CCF426AF39A6E8AECD301DDE7EE92E320EDB17343DCCAD59F332 ] C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\ccemlpxy.dll
12:28:42.0866 0x1a10  C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\ccemlpxy.dll - ok
12:28:42.0867 0x1a10  [ 7FA4F62E9CBE6D975A080810B96E6641, A89D031A6C4D103D95A5062B58949D83494E453B72082F7AC2105E17586BB937 ] C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\iron.dll
12:28:42.0867 0x1a10  C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\iron.dll - ok
12:28:42.0869 0x1a10  [ 33B4E752003ED2D71BF106FEA7351E5F, 72CD3C9F0B56B1C701AE7DE560EBB7BEC919CEDF629AD038DE743B7E5CCCDFA8 ] C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\busvc.dll
12:28:42.0869 0x1a10  C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\busvc.dll - ok
12:28:42.0871 0x1a10  [ 2D50EA04D280F7B657B493CD874DF7E5, C5B213663ED893C991725F27F1DC087304932CE20E6466253A79E03508EEABC4 ] C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\symredir.dll
12:28:42.0871 0x1a10  C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\symredir.dll - ok
12:28:42.0873 0x1a10  [ 1199524937CBC7B27C74A586FFFAB126, 88BCFCD66565EDFC85E9F11B25627F20032C8B9E0688FA5A9D4D41DD0D601B33 ] C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\bucomm.dll
12:28:42.0873 0x1a10  C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\bucomm.dll - ok
12:28:42.0876 0x1a10  [ BBA11FD58A4AE24C893B7DC4D20D29FD, EF0E2CE0394087AB9E8ED2F5B913C049AFC205A8D81269C41D05945F9702DB4A ] C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\bueng.dll
12:28:42.0876 0x1a10  C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\bueng.dll - ok
12:28:42.0878 0x1a10  [ 4FC22FD631A6192B7DEDF3D955E257DB, 73039AA40B3F196F999834021EB016033EAA6C7E342EC40961C621AC9952BD57 ] C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\sndsvc.dll
12:28:42.0878 0x1a10  C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\sndsvc.dll - ok
12:28:42.0880 0x1a10  [ 35C7FB407881A8F7A006863D294567B7, A71C0FA31051C6060E3ACEE765698A92AE773635524AAC94EBC51E4922AF088D ] C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\symrdrsv.dll
12:28:42.0881 0x1a10  C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\symrdrsv.dll - ok
12:28:42.0883 0x1a10  [ F4B80F99F602F45B54135945DD9F2034, 37FE4EFCD1F87ACA7679120E68631EAF6B6B47BE67534AB498112C0E734B0865 ] C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\hncore.dll
12:28:42.0883 0x1a10  C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\hncore.dll - ok
12:28:42.0886 0x1a10  [ 66C7F79EC6FF6AFB95D80AE39C9DD3C1, 223029302FEB555B5FC044A9B1E3B47B93C2C4F685C84515BD71223AF9AD2608 ] C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\symneti.dll
12:28:42.0886 0x1a10  C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\symneti.dll - ok
12:28:42.0888 0x1a10  [ 8FB7BCA69DBF20312A04A6FBD57DE183, 9FBB507E78DEDE1EF24C5D3653A4722C6F754730384E3E6C684FA055A1F7810E ] C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\appmgr32.dll
12:28:42.0888 0x1a10  C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\appmgr32.dll - ok
12:28:42.0890 0x1a10  [ B6D286F64F29010F1DBA9528025A1F54, C9E079B14F639874BF8103B98F3C1E98495298614C0D1D390D9EA818FF763CDF ] C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\avmodule.dll
12:28:42.0890 0x1a10  C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\avmodule.dll - ok
12:28:42.0891 0x1a10  [ CFA4079C8FE3EEEE654F7ED88639E1D0, 7084AC24CCC55B0245ADF8840931771E5528BA4594D700504519D1D8A1269689 ] C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\ncw.dll
12:28:42.0891 0x1a10  C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\ncw.dll - ok
12:28:42.0893 0x1a10  [ D9A60691DACE3909EDDC1383528B7585, 2F860890F2FDDFE768D9A0CAA8809C3786C418A7D3396B9B0C607C0889BC8A02 ] C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\defutdcd.dll
12:28:42.0893 0x1a10  C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\defutdcd.dll - ok
12:28:42.0895 0x1a10  [ C8AE9499875950F9E4B7F14C77F1D374, FAD632BDE28B41426CBD07F224F8C8DFB14E805F13D5471DC42274301A025288 ] C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\bhclient.dll
12:28:42.0895 0x1a10  C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\bhclient.dll - ok
12:28:42.0897 0x1a10  [ C4A64ECFBCB186F4B3F80FA02C456E87, 07CF7398248B3BB3B2631813A423BEA7FC193011927F1E7D10EA490272922F32 ] C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\cltpe.dll
12:28:42.0897 0x1a10  C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\cltpe.dll - ok
12:28:42.0899 0x1a10  [ C1FC29FC7FDC398DB496997A9957C632, CE90261CDBA5E34D609206BDB8B875663B69379A283FC0E794DFA122E20514A0 ] C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\avifc.dll
12:28:42.0899 0x1a10  C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\avifc.dll - ok
12:28:42.0901 0x1a10  [ F5280A839476B25F6BDDB1D5093BCB9F, 7105761F4EF63B113DD204E7CDA488F8CFDE911BB6EB56F430DF9B362D6BE28A ] C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\datastor.dll
12:28:42.0901 0x1a10  C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\datastor.dll - ok
12:28:42.0903 0x1a10  [ 2BF6239F3A4DE7FD507110B50D90F607, AEC6EB190BDFD250A7711E5D85222E5CEC9517872B1BBA0167E0F854F755832E ] C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\avpsvc32.dll
12:28:42.0903 0x1a10  C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\avpsvc32.dll - ok
12:28:42.0905 0x1a10  [ 8C22601379AA425E7A7E4B947EC87F8C, 65ECE0DA8C135A640D942802440BD65EBED44863E400660A925B51D4FD362034 ] C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140328.002\NAVENG32.DLL
12:28:42.0905 0x1a10  C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140328.002\NAVENG32.DLL - ok
12:28:42.0907 0x1a10  [ E7BD7A4ED47E1D887A993825031C19E9, 160791B9DE33FE9959B025EAB5A234C100C42C6C8D7342CF2529486F0495B224 ] C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\sqsvc.dll
12:28:42.0907 0x1a10  C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\sqsvc.dll - ok
12:28:42.0909 0x1a10  [ F718A57D946EAC76EFCB351D74E269F4, 473AE48BACEE64A9582814951B731BDDDEB48D2E9D407ACEAA3F0850B536DABA ] C:\Windows\System32\drivers\N360x64\1502000.026\srtsp64.sys
12:28:42.0909 0x1a10  C:\Windows\System32\drivers\N360x64\1502000.026\srtsp64.sys - ok
12:28:42.0912 0x1a10  [ 33A7F372257ED286D282268B2CC0072F, 6D9509ED58D5273862F289945C8F6BEF58EC945BEB3CC957844168A5BF802FB6 ] C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\qsplugin.dll
12:28:42.0912 0x1a10  C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\qsplugin.dll - ok
12:28:42.0914 0x1a10  [ B983EA416C92E10EC5D81A80EFAB07BE, 5B3429E49B9CF65CCCEABF6C99407AD4927F6F021C0BFC9F4EA90967C4EFB29F ] C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\cltlms.dll
12:28:42.0914 0x1a10  C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\cltlms.dll - ok
12:28:42.0917 0x1a10  [ 302EA314A1AF0D7CEF0A3D0195F79561, 046DBC2D9D028F2D2E8BAE745CA2ADEF42741689BFF743A13B81EA4228DDCDC6 ] C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140328.002\ex64.sys
12:28:42.0917 0x1a10  C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140328.002\ex64.sys - ok
12:28:42.0919 0x1a10  [ DEA8143219627237D4DFB9F0D6228439, 4DD45B5D9D3B997019DC3C14C71C27EB1D61849F42A1F2E8DA29493C7E65E9C1 ] C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\bhsvcplg.dll
12:28:42.0919 0x1a10  C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\bhsvcplg.dll - ok
12:28:42.0921 0x1a10  [ 702E07EC32F96ACDB873E9A5465D4401, 2C6B1C8BA0BF4791AEA064062DCA3678AE4443DF19DB37D6CB55BA6297D8A238 ] C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140328.002\eng64.sys
12:28:42.0921 0x1a10  C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140328.002\eng64.sys - ok
12:28:42.0923 0x1a10  [ BCECBB8E5017C29FAE83643F4CE00B08, 9ECEA563FC3AF9B99CB9E73954A380F181BD398612E6614FD7F81215DBB5CC2E ] C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\tudatapr.dll
12:28:42.0923 0x1a10  C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\tudatapr.dll - ok
12:28:42.0925 0x1a10  [ 214AC7B576405C321BE71AF5A3EE7751, 1FFE0E4B517D5A4C80D4DE582DA0667A7914D81F42EA6DB9E1FEDCD8BFD4499F ] C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\spocclnt.dll
12:28:42.0925 0x1a10  C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\spocclnt.dll - ok
12:28:42.0927 0x1a10  [ 622065F22BE4E4CACE5D552997D15EE6, 86A683121D01278548BF6497BDF4A3F4B33A1A8340D3D5AD0DC5117F9622E5FB ] C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\dscli.dll
12:28:42.0927 0x1a10  C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\dscli.dll - ok
12:28:42.0929 0x1a10  [ C417CA9E626EEA7F4BFBE49BFE464CE7, F4E1E222FD6E4A864136B293AD796B436FD2F67D95951AF69496838259910EAF ] C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140327.001\IDSxpx86.dll
12:28:42.0929 0x1a10  C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140327.001\IDSxpx86.dll - ok
12:28:42.0931 0x1a10  [ 0675639FA9EB7F923FD8DC9BAAC47E28, B91EF07A14846D84C89F2769895E37E076A8A4ED3CCDC2F455E8F8643990C84E ] C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\sqlite.dll
12:28:42.0931 0x1a10  C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\sqlite.dll - ok
12:28:42.0933 0x1a10  [ 5DE93DF4A114D5A7C5837F466CCD65D0, 4946FB01C3D6B6E27DA6480FB527C69F1F4C82D03ED494AEFD9AD4A3D49761A7 ] C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\comm.dll
12:28:42.0933 0x1a10  C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\comm.dll - ok
12:28:42.0935 0x1a10  [ 8549693D5C3B9F58FC9532E295E3C149, A83F4C38C9E536295FEA60CF4369F7565D2AA9BD9D449879CAEC618FAEDD4A4B ] C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\codatapr.dll
12:28:42.0935 0x1a10  C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\codatapr.dll - ok
12:28:42.0937 0x1a10  [ E954BC512E24AC567AD838D5785F1F11, BA6E052774A68840342F866B59002782A0704DA3713FE5B15321362C2AEEFEF2 ] C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\coshdobj.dll
12:28:42.0937 0x1a10  C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\coshdobj.dll - ok
12:28:42.0939 0x1a10  [ 4EDE6D4A445B1AAE675F4518C1A49E5F, 4CBA9B064BDD0FA0F2A4E2B2CD0F448496B22AA56BFD8CB81130BFC550B0F831 ] C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\eventsvc.dll
12:28:42.0939 0x1a10  C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\eventsvc.dll - ok
12:28:42.0941 0x1a10  [ 95C84530F3D14390AA35BA8003AEE764, E9E76BB3B33B51FA6C24D9127B008B6FFEFB52D4236FC64724C6BD5115E246D6 ] C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\budatacl.dll
12:28:42.0941 0x1a10  C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\budatacl.dll - ok
12:28:42.0943 0x1a10  [ 41782D6A60759DA61924C24296AF0B8B, 1DFBCE2A3CA8A4DDFC08FB2336EAD9E765D80CB905EB24ABE081D302E8F7C0E9 ] C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\cltlmj.dll
12:28:42.0943 0x1a10  C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\cltlmj.dll - ok
12:28:42.0946 0x1a10  [ 2CA0BEA6897DC83B1B2FA8B54CD06385, 07A3403F1E2CBFF5FA21853E5A41DC608EB0E0A8E3B19A3E875F1F707EEFB3D7 ] C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\proxyclt.dll
12:28:42.0946 0x1a10  C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\proxyclt.dll - ok
12:28:42.0948 0x1a10  [ 60E2F96920680346A695860C68EAA98A, 8FC07B5CFC29E2ED2F0CB5022B0E7FE1FBFBC2AF10E457CA11B161EE213C7DD8 ] C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\buprov.dll
12:28:42.0948 0x1a10  C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\buprov.dll - ok
12:28:42.0951 0x1a10  [ 4FC36B1BA8C8642EDD310A93D36008B1, 7C09ACEED79BC4214B4C8BC850EE6B1002E2AD53323B033142A5C55B8A82D827 ] C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\gwrks32.dll
12:28:42.0951 0x1a10  C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\gwrks32.dll - ok
12:28:42.0953 0x1a10  [ 00120204D347C4FECE76F18E2A2EE295, B456F6F61FE485FA8855763619D7E1A93521F829EDE8819F14E8DF97619D53E2 ] C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\gearaw32.dll
12:28:42.0953 0x1a10  C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\gearaw32.dll - ok
12:28:42.0956 0x1a10  [ 4E082A237594311E80B26C98EA6843DE, 66B7878AFB1569C8EDE6282A1DC1A91DBE6B80DB3C5B193D69B325BA6F5DE6EA ] C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\ipsplug.dll
12:28:42.0956 0x1a10  C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\ipsplug.dll - ok
12:28:42.0958 0x1a10  [ FB502D2CDF52437AE802B16A5B5E4F9C, 7A2D3E1E7A9C49FC8108FF58DD027CF13C4CD41000749D3941EA03CCAD0C96F3 ] C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140319.001\BHEngine.dll
12:28:42.0958 0x1a10  C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140319.001\BHEngine.dll - ok
12:28:42.0961 0x1a10  [ D6309A654B4CE5B263B13BAF30D770C7, 8E25B9F9196BB8503B19C62A46A1E82FCE162DF9D96E2D10865160F6FA265CF7 ] C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\isdatasv.dll
12:28:42.0961 0x1a10  C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\isdatasv.dll - ok
12:28:42.0963 0x1a10  [ A9DC6A88B245E36F1AE886FA063349AC, 3E1C817CBDFC205C8723C7C193311F8983CCD189697E27964C5390A56E140FEE ] C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\fwcore.dll
12:28:42.0963 0x1a10  C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\fwcore.dll - ok
12:28:42.0966 0x1a10  [ EDECD58281D7F916772CBB33709AE844, 69BF9360677776155133DDBEDD6303A11493509F9278B678E09DD6C531BF0001 ] C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\fwgenplg.dll
12:28:42.0966 0x1a10  C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\fwgenplg.dll - ok
12:28:42.0968 0x1a10  [ E5FF25FEDE1B423343B74FEBB281B919, 554D22DC8FEE2695323364466C0163C0E758F58539191528F97E770C8D8A1DB0 ] C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\idsaux.dll
12:28:42.0968 0x1a10  C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\idsaux.dll - ok
12:28:42.0971 0x1a10  [ A8A51B77CC8371DF54C79EDB3B27C841, 95408F974653AD8998D5CF548500529C7BBF9D6B387319485E8A4405D20E6FFA ] C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\ashelper.dll
12:28:42.0971 0x1a10  C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\ashelper.dll - ok
12:28:42.0973 0x1a10  [ 60C40211B9F80C19865911FAAFB64835, 4B565A66B86C8C9DB868CA31382A2C9812A5E707429F55BF84081CC2DCF06A39 ] C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140327.001\IPSFF25.dll
12:28:42.0973 0x1a10  C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140327.001\IPSFF25.dll - ok
12:28:42.0976 0x1a10  [ 60C40211B9F80C19865911FAAFB64835, 4B565A66B86C8C9DB868CA31382A2C9812A5E707429F55BF84081CC2DCF06A39 ] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF\components\IPSFF25.dll
12:28:42.0976 0x1a10  C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF\components\IPSFF25.dll - ok
12:28:42.0978 0x1a10  [ D6D3F9F1E2BA1E863CE7BFC0E218D51E, 530E512637F82742A0CF9C02C19120DF1E2001B67B016FF4DE1204330C5D7835 ] C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\fwsetup.dll
12:28:42.0978 0x1a10  C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\fwsetup.dll - ok
12:28:42.0981 0x1a10  [ 660910924D6669DC4CCC637E6732B161, C4EF9E4FEFBAF4CF6B7CBBD8A7B5DA84F5F3B9C61607F2D28BB3015D25A5B96B ] C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\asoehook.dll
12:28:42.0981 0x1a10  C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\asoehook.dll - ok
12:28:42.0983 0x1a10  [ 1E1EA38A5051E9570832D1200D409ED2, B8754F9ACB499CB355BBDC1A577B51BF2E9372B6C3491B5A74471BCEFC628327 ] C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140327.001\IPSFF23.dll
12:28:42.0983 0x1a10  C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140327.001\IPSFF23.dll - ok
12:28:42.0984 0x1a10  [ 81204A0DD07F3BAA42C4D57C2B3DDDE1, 93919CF1F1A03836C568ED8866F576EF6C6AD75FD89752C01784C2623B0418D0 ] C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\fwhelper.dll
12:28:42.0984 0x1a10  C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\fwhelper.dll - ok
12:28:42.0986 0x1a10  [ FC3E933636244D9AE6E9BD575BB450B4, 180E1461AF8E26DD646BFF88F7793D34479B1EBAE9CA82A8918B4FDA2586DAC0 ] C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\avpapp32.dll
12:28:42.0986 0x1a10  C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\avpapp32.dll - ok
12:28:42.0988 0x1a10  [ 1E1EA38A5051E9570832D1200D409ED2, B8754F9ACB499CB355BBDC1A577B51BF2E9372B6C3491B5A74471BCEFC628327 ] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF\components\IPSFF23.dll
12:28:42.0988 0x1a10  C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF\components\IPSFF23.dll - ok
12:28:42.0990 0x1a10  [ B7D930C68AB95263AE70AFC73034F379, C5577FECEF7E6B6914FE4B64527937187CCDA8C1E0F4F76A691958E0EF23A028 ] C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140327.001\IPSFF22.dll
12:28:42.0990 0x1a10  C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140327.001\IPSFF22.dll - ok
12:28:42.0992 0x1a10  [ ECF915B2A9317F89C9353E5DF464EF77, A18CCA75F11BD4CE97B6F96FCBC94A81A9B9BAEF8932807C122B2600E071CAD2 ] C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\buuiplg.dll
12:28:42.0992 0x1a10  C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\buuiplg.dll - ok
12:28:42.0994 0x1a10  [ B7D930C68AB95263AE70AFC73034F379, C5577FECEF7E6B6914FE4B64527937187CCDA8C1E0F4F76A691958E0EF23A028 ] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF\components\IPSFF22.dll
12:28:42.0994 0x1a10  C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF\components\IPSFF22.dll - ok
12:28:42.0996 0x1a10  [ 8349333DA1727399697951667BEEE00C, 6778E9B2013457B95F40B8C03EE191190F5EF26F95F7FE5DD6B1734E8498D722 ] C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140327.001\IPSFF16.dll
12:28:42.0996 0x1a10  C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140327.001\IPSFF16.dll - ok
12:28:42.0998 0x1a10  [ 8349333DA1727399697951667BEEE00C, 6778E9B2013457B95F40B8C03EE191190F5EF26F95F7FE5DD6B1734E8498D722 ] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF\components\IPSFF16.dll
12:28:42.0998 0x1a10  C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF\components\IPSFF16.dll - ok
12:28:43.0000 0x1a10  [ 902480AC7F32F90B3DA2520A19171686, 4058A05856B1F8B41B19A0948C6179F0C468520F0669E94726913A9546A432DB ] C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140327.001\IPSFF3.dll
12:28:43.0000 0x1a10  C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140327.001\IPSFF3.dll - ok
12:28:43.0001 0x1a10  [ 902480AC7F32F90B3DA2520A19171686, 4058A05856B1F8B41B19A0948C6179F0C468520F0669E94726913A9546A432DB ] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF\components\IPSFF3.dll
12:28:43.0002 0x1a10  C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF\components\IPSFF3.dll - ok
12:28:43.0003 0x1a10  [ 65B5C4798216FEE58BE79EC137B57855, A63B0D5DC93587D0D1D060C4E33C29A351D0E8323CF55BBC3FF6BC2D6E73FD49 ] C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\ispwd.dll
12:28:43.0003 0x1a10  C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\ispwd.dll - ok
12:28:43.0005 0x1a10  [ 184FA76F310B3494569B6CD6B8659E99, C1F24411D3B58EBB80C52562D5C5248BCA6BFBF46C5FFF5858C09DEA8E413810 ] C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\cltaldis.dll
12:28:43.0005 0x1a10  C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\cltaldis.dll - ok
12:28:43.0007 0x1a10  [ 144B273299D9126E004480A4A404D956, 87E4F2E6BE792352D3943D757E544024DF2D1A2549CB2AD44DCE20ADCFE77062 ] C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\fwsesal.dll
12:28:43.0007 0x1a10  C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\fwsesal.dll - ok
12:28:43.0009 0x1a10  [ 6D821E77703536343C3B9B2D785D10BC, 26E7273C5C71D92C23BD80108438DD3FD5ED151F0FF2FDDB9DFA1935E5CA2576 ] C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\nuex.dll
12:28:43.0009 0x1a10  C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\nuex.dll - ok
12:28:43.0011 0x1a10  [ 71FB7BF600A16ECAE38D39B8C3600B85, 6975496E872252BE21CDE076A09C509AC83EAE9EE89785F8534881AFB4018852 ] C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\coactmgr.dll
12:28:43.0011 0x1a10  C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\coactmgr.dll - ok
12:28:43.0013 0x1a10  [ 15AD47A33FC4D789003A7A19DF4982DC, 6ED09E7F6D6F0AC4DB9225DCA68EDE72326736D4A38751A770D108441122787B ] C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\sdkcmn.dll
12:28:43.0013 0x1a10  C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\sdkcmn.dll - ok
12:28:43.0015 0x1a10  [ CAB177E3A4F6AC21C9CFA613F4271D77, 41D8060442FAE4820D05C7283F2FE194C32F1CF77CBFEB47E03C8D766DED2027 ] C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\uialert.dll
12:28:43.0015 0x1a10  C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\uialert.dll - ok
12:28:43.0018 0x1a10  [ CE826ED361FDA89D365E70A2BC3AB119, 3AB44823E04FBB4C56A45EC2B8228C7F11245E6BA3C982FB60BBED5BDE457859 ] C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\userctxt.dll
12:28:43.0018 0x1a10  C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\userctxt.dll - ok
12:28:43.0020 0x1a10  [ 8B57A1AD493653BB57F281FE75DD175B, 65A54DDCA45CED94F7CF079632F127C247DD9E5E4D2B074593F89621F8CC6C55 ] C:\Windows\SysWOW64\NaturalLanguage6.dll
12:28:43.0020 0x1a10  C:\Windows\SysWOW64\NaturalLanguage6.dll - ok
12:28:43.0023 0x1a10  [ 01E2855FB06C422E721D890AF201C2D7, 9CAA197D5CE95AABFC8C09EA2137E73C7A0EF37CE0459508C663F7B2D758E57F ] C:\Windows\System32\NaturalLanguage6.dll
12:28:43.0023 0x1a10  C:\Windows\System32\NaturalLanguage6.dll - ok
12:28:43.0025 0x1a10  [ 2992932C1AB1D29A1A4A9E8CB8530CBF, 894FB2246F09FAC7E78FA1DC0159E888944AD3F4E66844BCE01A967B789CC82B ] C:\Windows\SysWOW64\NlsData0009.dll
12:28:43.0025 0x1a10  C:\Windows\SysWOW64\NlsData0009.dll - ok
12:28:43.0027 0x1a10  [ 701D9F5F3F21580936638D5C5F86B460, 2F187684F61C72AACF8274EA29B48DAAC6C8377F791843914AABF5DAB3760980 ] C:\Windows\System32\NlsData0009.dll
12:28:43.0027 0x1a10  C:\Windows\System32\NlsData0009.dll - ok
12:28:43.0029 0x1a10  [ C8CB301BF896C7C556BBE963FADF5BB6, 94ABF348C70E4BE391B9344CC730A0A98D6EB042EA1D031840DA3DB74A76849C ] C:\Windows\SysWOW64\NlsLexicons0009.dll
12:28:43.0029 0x1a10  C:\Windows\SysWOW64\NlsLexicons0009.dll - ok
12:28:43.0032 0x1a10  [ 148A733B93A2AC104280495DA09D3CC2, 443E46865090C610B84A82DB23DF8D1F22001FEA8B10F5619A10D25D7FEA29CC ] C:\Windows\System32\NlsLexicons0009.dll
12:28:43.0032 0x1a10  C:\Windows\System32\NlsLexicons0009.dll - ok
12:28:43.0034 0x1a10  [ C12008AF4CA0B436FC29095C44CD1617, 78EB6549057A73B5E73A26D600E538EB206EFB4CE1E7B0733C241D0563065343 ] C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\ccscanw.dll
12:28:43.0034 0x1a10  C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\ccscanw.dll - ok
12:28:43.0037 0x1a10  [ 80ECEA965F9BBDB5508F529EA5C739FE, 95AFD5A2B3D568B4CBBB0F5647EC53E640D65E7BBCE1BCF374D8A216DC081C48 ] C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\ecmldr32.dll
12:28:43.0037 0x1a10  C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\ecmldr32.dll - ok
12:28:43.0039 0x1a10  [ 923684C0CB0AFBD9EDA4FD1D63125D3F, B01C5DB86998FB407E58B6F2ECB9DB3EC67525976E16E6D42BE069E83342C78D ] C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140328.002\ECMSVR32.DLL
12:28:43.0039 0x1a10  C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140328.002\ECMSVR32.DLL - ok
12:28:43.0041 0x1a10  [ 4050B6A101DEC9DCCD54232C532B4025, A4A6DFE38DD159035D28A0B0D792F038CA66385B6B15FE68C10268483AE146FF ] C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140328.002\NAVEX32A.DLL
12:28:43.0041 0x1a10  C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140328.002\NAVEX32A.DLL - ok
12:28:43.0044 0x1a10  [ 8444A7364D6877922049E99BF4B78C5C, 8BA2EEE84D61743CAA6286D59839963C5ED9AB7C857A4B9926EB640BBE43C425 ] C:\Windows\SysWOW64\ELSCore.dll
12:28:43.0044 0x1a10  C:\Windows\SysWOW64\ELSCore.dll - ok
12:28:43.0046 0x1a10  [ 76D86E65FF7D10292886A1F2DB93A911, D83CF27E338FEF4967CE0B1D28FE60CEF986D275781FC013531E54B328C4B9A3 ] C:\Windows\System32\ELSCore.dll
12:28:43.0046 0x1a10  C:\Windows\System32\ELSCore.dll - ok
12:28:43.0048 0x1a10  [ 7B3FD36359DE5D2EE49D213CCAD13427, 1903FAB91028CCE19AF4B88154EBE2B175F3C4535B0FAE8F2DBB5A83E74C7DD1 ] C:\Windows\SysWOW64\elsTrans.dll
12:28:43.0048 0x1a10  C:\Windows\SysWOW64\elsTrans.dll - ok
12:28:43.0050 0x1a10  [ 12929BDE96189F4E968AD035573424F0, 27FBB49F6ED6722A0C43E270E7678EFE9950BD913760DB33D5C10AFAB99417FC ] C:\Windows\System32\elsTrans.dll
12:28:43.0050 0x1a10  C:\Windows\System32\elsTrans.dll - ok
12:28:43.0053 0x1a10  [ 02A2ED8497F437EA200DF3ACED255AFE, 228EF857617715297C31349C9A568E9759D5AA58D5800E9C048AD3F1B9482777 ] C:\Windows\SysWOW64\elslad.dll
12:28:43.0053 0x1a10  C:\Windows\SysWOW64\elslad.dll - ok
12:28:43.0055 0x1a10  [ AEE087CF7423BA44CC2DE03CC565E399, 8C1C59D438C0C28E1B7B078C3EA030F6C4A7CBC3B1306D673B0A2EA0AAB2B953 ] C:\Windows\System32\elslad.dll
12:28:43.0055 0x1a10  C:\Windows\System32\elslad.dll - ok
12:28:43.0057 0x1a10  [ 61B33014F2D2A4F9553F6EF64FB82E31, DA7989DC0FCC4E093AEE83C61A694474D2E7ECE74D51F3BCDA027E157AB0DEAE ] C:\Windows\SysWOW64\NlsData000c.dll
12:28:43.0057 0x1a10  C:\Windows\SysWOW64\NlsData000c.dll - ok
12:28:43.0059 0x1a10  [ 51272A935F4F482A70F2A7D1C3A67AEE, CDA0861FFFE918B74E7C30E6A54D9A8B51665ACC24185D30273F9782407B0C8E ] C:\Windows\System32\NlsData000c.dll
12:28:43.0059 0x1a10  C:\Windows\System32\NlsData000c.dll - ok
12:28:43.0062 0x1a10  [ AC7D0114246661B1E29A0939039157C5, 0679B80D489E0082595818D04AF6B94C23FBC8C1C22FAFE3E54F507DE3BA3F81 ] C:\Windows\SysWOW64\NlsLexicons000c.dll
12:28:43.0062 0x1a10  C:\Windows\SysWOW64\NlsLexicons000c.dll - ok
12:28:43.0064 0x1a10  [ C2142407A2BE3462247500849B3FF8C7, A2C1C5689591871215F1F485B2BB37C5EC2943EBA44501C2486CA4F2186C9C96 ] C:\Windows\System32\NlsLexicons000c.dll
12:28:43.0064 0x1a10  C:\Windows\System32\NlsLexicons000c.dll - ok
12:28:43.0065 0x1a10  [ 14800BD31701A5047AC3145BB1E698AE, 05B4E33B14B9623EE065634708D9C4CDC7226146F9614C4F374E6B097BB35A50 ] C:\Windows\SysWOW64\d2d1.dll
12:28:43.0066 0x1a10  C:\Windows\SysWOW64\d2d1.dll - ok
12:28:43.0067 0x1a10  [ 987323F0247D023AD1AE52195540ECE0, 74DE9609D81C58E5BF11A6EB5E8EEC18F0253834DB64BEF444339640D545F093 ] C:\Windows\SysWOW64\mssvp.dll
12:28:43.0067 0x1a10  C:\Windows\SysWOW64\mssvp.dll - ok
12:28:43.0069 0x1a10  [ E503E15C88B4BBDA3F6345E34FED3E92, 40C09CFBC7AAAE12BCAE32B5047E4A54DFB362434EBD5F54D8A5C8F6DBDA719A ] C:\Windows\System32\mssvp.dll
12:28:43.0069 0x1a10  C:\Windows\System32\mssvp.dll - ok
12:28:43.0071 0x1a10  [ 65B1173C65DA9590CD4229C9148CDBBE, 14836FC83C8877061E949E2F29F3A14AEFC10F26101854C699334F62D70878A6 ] C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\avmail.dll
12:28:43.0071 0x1a10  C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\avmail.dll - ok
12:28:43.0072 0x1a10  [ F23C3A7083A73A05691DD32A17BD1A46, 4D2D19A8BF854481CF3874DE4490159F08EA3D626BAE677C3EBA91D1766AEB4C ] C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\asengine.dll
12:28:43.0073 0x1a10  C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\asengine.dll - ok
12:28:43.0074 0x1a10  [ 81F08948A0F1475894C99D4D19A158A8, 93334DA369BF976E498265E432CAF63D898D378C6B32947DF355366ABE2A0FAC ] C:\Windows\SysWOW64\wshqos.dll
12:28:43.0074 0x1a10  C:\Windows\SysWOW64\wshqos.dll - ok
12:28:43.0076 0x1a10  [ 9ACDF004CCA0156D327EC1770E011146, 911D0392926911F63A6B44F9C59D1F8742B3272A42EB893DE8A94E44D75D6516 ] C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
12:28:43.0076 0x1a10  C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll - ok
12:28:43.0077 0x1a10  [ 52799EAD792B0E9AE7FD4BA5BD18FE5C, BE4838F4DB23D56CF75730DD36451C5F0F2ACA36B8A74844E7675DC5D5AD0C58 ] C:\Windows\SysWOW64\wbem\WMIADAP.exe
12:28:43.0077 0x1a10  C:\Windows\SysWOW64\wbem\WMIADAP.exe - ok
12:28:43.0079 0x1a10  [ 005247E3057BC5D5C3F8C6F886FFC10C, FCB27F89EC36856A4A225744CE5EE3A30CBC8A447868B165D95E8AB2C17F5671 ] C:\Windows\System32\wbem\WMIADAP.exe
12:28:43.0079 0x1a10  C:\Windows\System32\wbem\WMIADAP.exe - ok
12:28:43.0081 0x1a10  [ D6692338B985D4A0CA52B828314D897D, CB0B7C84C1E2782A95489E2F4D2AF4CFDAC02676B76F49FF7D6A7091739EA25D ] C:\Windows\SysWOW64\drprov.dll
12:28:43.0081 0x1a10  C:\Windows\SysWOW64\drprov.dll - ok
12:28:43.0083 0x1a10  [ 5F639198C4137075DA50E61C23963C11, 3D03B3BF62B3469069AD6BE2AAEE152CB6722D36C001B8197FEBC2F3EB9ADBE0 ] C:\Windows\System32\drprov.dll
12:28:43.0083 0x1a10  C:\Windows\System32\drprov.dll - ok
12:28:43.0085 0x1a10  [ D7B7159BC8374E87D8C45A30377A3440, 0B68B6E7C35280D502BF05177ADADE2EE35D4D5307C3D1EE2635879BA06D904D ] C:\Windows\SysWOW64\ntlanman.dll
12:28:43.0085 0x1a10  C:\Windows\SysWOW64\ntlanman.dll - ok
12:28:43.0087 0x1a10  [ BC566D17914B07ABAAB3A5A385CC3300, DCE0A1D26312AA6441FB7122C6EED980AE350D58B2B4B166CB62F983306268E9 ] C:\Windows\System32\ntlanman.dll
12:28:43.0087 0x1a10  C:\Windows\System32\ntlanman.dll - ok
12:28:43.0090 0x1a10  [ 6A1E8DEB746912DF47CF651E138401D7, F0DEEBAB4B1827A502B05F5C18E0A7480C3C8EDDAB306575AC40FD7048827FC4 ] C:\Windows\SysWOW64\StructuredQuery.dll
12:28:43.0090 0x1a10  C:\Windows\SysWOW64\StructuredQuery.dll - ok
12:28:43.0092 0x1a10  [ 4E81439902079C348B61D7FF027FE147, E652C9EC77745504689532B3C394959F9B5BC29E9C008CB9EE09CDA818514FA9 ] C:\Windows\System32\StructuredQuery.dll
12:28:43.0092 0x1a10  C:\Windows\System32\StructuredQuery.dll - ok
12:28:43.0094 0x1a10  [ EAF4712B706936C0B10D3B5319B37E81, 1A356A3AB52DC8A13F41D2B7F26B6B0E23663D7C9DD6DF6E464EF29460EF2602 ] C:\Windows\SysWOW64\davclnt.dll
12:28:43.0094 0x1a10  C:\Windows\SysWOW64\davclnt.dll - ok
12:28:43.0097 0x1a10  [ B32AB94A432289AC2DF77A3DCAD32EED, B1021C78F940E6FA7A8992B2733B593B89DA57325A0A0D13D2767F193A78D90F ] C:\Windows\System32\davclnt.dll
12:28:43.0097 0x1a10  C:\Windows\System32\davclnt.dll - ok
12:28:43.0099 0x1a10  [ 179BECE8D1A4C488DDB7191FF9BE3FB0, F91ABCB67A2AFD471A9B94AA2B9C46AAEF606266DC2276E81A6D0832566162A5 ] C:\Windows\SysWOW64\davhlpr.dll
12:28:43.0099 0x1a10  C:\Windows\SysWOW64\davhlpr.dll - ok
12:28:43.0101 0x1a10  [ 45B24A357C801CE62052FE0CDC8BD4D2, 00602E41B78473825253F6B2557A5C43FBDDCCF713D806929AE7C039FF8F185C ] C:\Windows\System32\davhlpr.dll
12:28:43.0101 0x1a10  C:\Windows\System32\davhlpr.dll - ok
12:28:43.0104 0x1a10  [ C389D4F79503D2DAE2F147C0313969B4, 76C525263408CD836865D120A533E85DC44AF1497D6985908AF5D7A88537059D ] C:\Program Files (x86)\Norton 360\Engine64\21.2.0.38\ccipc.dll
12:28:43.0104 0x1a10  C:\Program Files (x86)\Norton 360\Engine64\21.2.0.38\ccipc.dll - ok
12:28:43.0106 0x1a10  [ 90FE12025FDFE6D27E6AA2D3AA202706, ACB96B35D5A770CE4AF1A673274DCA1EF79391A4F952019ADF419C39408BEEBD ] C:\Program Files (x86)\Norton 360\Engine64\21.2.0.38\bucomm.dll
12:28:43.0106 0x1a10  C:\Program Files (x86)\Norton 360\Engine64\21.2.0.38\bucomm.dll - ok
12:28:43.0109 0x1a10  [ 11478B4DE76A39D222E8FED7A1DBE135, A5AEEE74AF216A900D8DD80F7C9C9BDB0B462885E1E7D4C41662676A5926B941 ] C:\Program Files (x86)\Norton 360\Engine64\21.2.0.38\bueng.dll
12:28:43.0109 0x1a10  C:\Program Files (x86)\Norton 360\Engine64\21.2.0.38\bueng.dll - ok
12:28:43.0111 0x1a10  [ B4815D6371E28050D0ECE998A4768990, DDE7773B14FB9B4C38C8C57EFD438E5ADFADB00057FF38726AEEF9AEA8074DE0 ] C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\qbackup.dll
12:28:43.0111 0x1a10  C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\qbackup.dll - ok
12:28:43.0114 0x1a10  [ 181F69BC9C406B7FB5C0ADE8031630AC, 4625B362246EC092B4162836BBD4A1748BA2698FC49CAD634A01377FC1BDA29C ] C:\Windows\SysWOW64\wpdshext.dll
12:28:43.0114 0x1a10  C:\Windows\SysWOW64\wpdshext.dll - ok
12:28:43.0116 0x1a10  [ 4715F8F8CDBFFF2728BA38B789A1D7C7, 70E6F51636CFF04FCB5AD95968AC4771BEFE2D205DB7E34681F02DBE24C9CF39 ] C:\Windows\System32\wpdshext.dll
12:28:43.0116 0x1a10  C:\Windows\System32\wpdshext.dll - ok
12:28:43.0118 0x1a10  [ 8246DE1E06DD72852EAA4C661C79505E, 2741A05B48C11AA6D86BD459B26B69B4160D622FC9831528776FB49171D1741D ] C:\Program Files (x86)\Speccy\Speccy64.exe
12:28:43.0118 0x1a10  C:\Program Files (x86)\Speccy\Speccy64.exe - ok
12:28:43.0121 0x1a10  [ 6F4788FFB65599DB10D7B527A9619B3A, C75E099D47C4CE9CDEB53830BEF26C73F4A2729739B397D349B9123FB28CBB53 ] C:\Users\owner\Desktop\cleaning\HitmanPro_x64 (2).exe
12:28:43.0121 0x1a10  C:\Users\owner\Desktop\cleaning\HitmanPro_x64 (2).exe - ok
12:28:43.0123 0x1a10  [ 1060D60CCA69A8136A87DBE3C8F4A467, EA246BD5EBA5C593A6D1CB8A300CCA13E575A2E1DF79BCD524B4C84866E4BE8D ] C:\Windows\SysWOW64\EhStorAPI.dll
12:28:43.0123 0x1a10  C:\Windows\SysWOW64\EhStorAPI.dll - ok
12:28:43.0125 0x1a10  [ 03AB2A2E426C2AD400AC8315226347F8, 71B2628163471D3D8C5681CA7BBAFC03C6EAA499707513FDBDEC009F0EB32E77 ] C:\Windows\System32\EhStorAPI.dll
12:28:43.0125 0x1a10  C:\Windows\System32\EhStorAPI.dll - ok
12:28:43.0127 0x1a10  [ F3F8A7C4C3F29C88D170CB6C9A216F42, 0E55C1EC863411C20C95936B1DA52DDB044709101087FFACE9C55BE7AB18AE86 ] C:\Users\owner\Desktop\cleaning\Windows-KB890830-x64-V5.10.exe
12:28:43.0127 0x1a10  C:\Users\owner\Desktop\cleaning\Windows-KB890830-x64-V5.10.exe - ok
12:28:43.0130 0x1a10  [ 178A34E5554DCE485E1262DDF027960C, EB7D10F674EC5563CD5F5CE644FDF99404B1F340BE4AD86F3B460E25597E4C5C ] C:\Users\owner\Desktop\cleaning\tdsskiller.exe
12:28:43.0130 0x1a10  C:\Users\owner\Desktop\cleaning\tdsskiller.exe - ok
12:28:43.0132 0x1a10  [ F76CEBC2661A15BE383EF25EA2EA78F7, 86A2F53D20F8CBDD03CF38D03D11ACBBF7A7495368EB82A63E58904B110DA6C5 ] C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\avscntsk.dll
12:28:43.0132 0x1a10  C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\avscntsk.dll - ok
12:28:43.0134 0x1a10  Waiting for KSN requests completion. In queue: 47
12:28:44.0135 0x1a10  Waiting for KSN requests completion. In queue: 47
12:28:45.0150 0x1a10  AV detected via SS2: Norton 360, C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\WSCStub.exe ( 21.2.0.0 ), 0x51000 ( enabled : updated )
12:28:45.0151 0x1a10  FW detected via SS2: Norton 360, C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\WSCStub.exe ( 21.2.0.0 ), 0x51010 ( enabled )
12:28:45.0151 0x1a10  FW detected via SS2: Privatefirewall, C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\pfgui.exe ( 7.0.30.3 ), 0x50010 ( disabled )
12:28:47.0607 0x1a10  ============================================================
12:28:47.0607 0x1a10  Scan finished
12:28:47.0607 0x1a10  ============================================================
12:28:47.0612 0x19e0  Detected object count: 2
12:28:47.0612 0x19e0  Actual detected object count: 2
12:29:05.0667 0x19e0  EraserUtilRebootDrv ( UnsignedFile.Multi.Generic ) - skipped by user
12:29:05.0667 0x19e0  EraserUtilRebootDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:29:05.0667 0x19e0  hitmanpro37 ( HiddenService.Multi.Generic ) - skipped by user
12:29:05.0667 0x19e0  hitmanpro37 ( HiddenService.Multi.Generic ) - User select action: Skip 
12:29:15.0473 0x1358  Deinitialize success

Had to put it in code since it wouldn't let me upload the third.



#8 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:45 PM

Posted 28 March 2014 - 12:42 PM

Looks like you also have ran ComboFix at some point?  Could you post that log as well?  It should be at C:\ComboFix.txt


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#9 z3n_Force

z3n_Force
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:45 PM

Posted 28 March 2014 - 02:18 PM

Here it is

ComboFix 14-03-19.01 - owner 22/03/2014  11:02:44.8.8 - x64 MINIMAL
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.32713.30856 [GMT -4:00]
Running from: c:\users\owner\Desktop\ComboFix.exe
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
FW: Privatefirewall *Disabled* {16337F50-A853-219F-6DEC-E7BDA0A7E8E7}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2014-02-22 to 2014-03-22  )))))))))))))))))))))))))))))))
.
.
2014-03-22 15:04 . 2014-03-22 15:04	--------	d-----w-	c:\users\Public\AppData\Local\temp
2014-03-22 15:04 . 2014-03-22 15:04	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-03-22 14:26 . 2014-02-24 15:59	9075712	----a-w-	c:\windows\system32\mshtml.dll
2014-03-22 04:44 . 2014-03-22 04:44	--------	d-----w-	c:\users\owner\AppData\Local\Privatefirewall
2014-03-22 04:37 . 2013-09-30 01:24	133152	----a-w-	c:\windows\system32\drivers\pwipf6.sys
2014-03-22 04:37 . 2014-03-22 04:37	--------	d-----w-	c:\programdata\Privacyware
2014-03-22 04:37 . 2014-03-22 04:37	--------	d-----w-	c:\program files (x86)\Privacyware
2014-03-22 04:33 . 2014-03-22 04:34	--------	d-----w-	c:\program files\HitmanPro
2014-03-22 03:18 . 2014-03-22 03:18	--------	d-----w-	c:\users\owner\AppData\Roaming\Opera Software
2014-03-22 03:18 . 2014-03-22 03:18	--------	d-----w-	c:\users\owner\AppData\Local\Opera Software
2014-03-22 03:18 . 2014-03-22 03:18	--------	d-----w-	c:\program files (x86)\Opera
2014-03-21 05:39 . 2014-03-22 14:30	--------	d-----w-	c:\windows\system32\catroot2
2014-03-21 05:35 . 2014-03-22 15:01	--------	d-----w-	c:\windows\system32\wbem\repository
2014-03-21 05:35 . 2014-03-21 05:35	--------	d-----w-	c:\windows\SysWow64\wbem\Performance
2014-03-21 05:30 . 2014-03-21 05:41	181064	----a-w-	c:\windows\PSEXESVC.EXE
2014-03-21 05:29 . 2014-03-21 05:29	--------	d-----w-	C:\RegBackup
2014-03-21 04:55 . 2014-03-21 05:05	--------	d-----w-	C:\TDSSKiller_Quarantine
2014-03-21 04:46 . 2014-03-21 04:46	--------	d-----w-	c:\program files (x86)\Tweaking.com
2014-03-19 08:45 . 2014-03-19 08:55	--------	d-----w-	c:\program files (x86)\Hosts_Anti_Adwares_PUPs
2014-03-19 08:27 . 2014-03-19 08:27	--------	d-----w-	c:\programdata\Kaspersky Lab
2014-03-19 08:11 . 2014-03-19 08:14	309320	----a-w-	c:\windows\SysWow64\drivers\TrufosAlt.sys
2014-03-19 07:45 . 2014-03-19 07:45	--------	d-----w-	c:\program files (x86)\ESET
2014-03-19 05:09 . 2014-03-19 05:09	--------	d-----w-	c:\windows\system32\drivers\N360x64\1502000.026
2014-03-15 13:17 . 2014-03-15 13:17	--------	d-----w-	C:\tmp
2014-03-09 02:01 . 2014-03-09 02:03	--------	d-----w-	c:\programdata\SUPERSetup
2014-03-07 22:52 . 2014-03-07 22:52	--------	d-----w-	c:\users\owner\AppData\Roaming\Winff
2014-03-06 05:15 . 2014-03-06 05:25	--------	d-----w-	c:\program files\WinFF
2014-03-05 00:26 . 2014-03-05 00:52	--------	d-----w-	c:\users\owner\AppData\Roaming\TeamViewer
2014-03-05 00:23 . 2014-03-05 00:23	--------	d-----w-	c:\program files (x86)\TeamViewer
2014-02-27 18:51 . 2014-02-27 19:04	--------	d-----w-	c:\users\owner\AppData\Local\ESL Wire Game Client
2014-02-27 18:51 . 2014-02-27 18:51	--------	d-----w-	c:\program files\EslWire
2014-02-27 18:51 . 2014-02-27 18:51	--------	d-----w-	c:\programdata\ESL Wire
2014-02-27 17:41 . 2014-02-27 17:41	--------	d-----w-	c:\users\owner\AppData\Roaming\OpenVPN Technologies
2014-02-27 17:41 . 2014-02-27 17:41	--------	d-----w-	c:\users\owner\AppData\Local\OpenVPN Technologies
2014-02-27 17:35 . 2014-02-27 17:38	--------	d-----w-	c:\users\owner\AppData\Roaming\PrivateTunnel
2014-02-27 17:35 . 2014-02-27 17:41	--------	d-----w-	c:\program files (x86)\OpenVPN Technologies
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-12 18:55 . 2013-05-25 21:43	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 18:55 . 2013-05-25 21:43	692616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-09 01:47 . 2013-12-31 18:16	91352	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-03-02 18:05 . 2013-05-27 03:43	90015360	----a-w-	c:\windows\system32\MRT.exe
2014-02-14 00:01 . 2014-02-13 13:17	128320	----a-w-	c:\windows\system32\IObitSmartDefragExtension.dll
2014-01-16 14:43 . 2014-01-16 14:43	96168	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-24 15:40 . 2013-05-29 00:12	21184	----a-w-	c:\windows\system32\drivers\SmartDefragDriver.sys
2013-10-23 06:39 . 2013-10-24 18:39	44	----a-w-	c:\program files (x86)\a8ec4c03.tmp
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-08-27 04:42	220632	----a-w-	c:\users\owner\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-08-27 04:42	220632	----a-w-	c:\users\owner\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-08-27 04:42	220632	----a-w-	c:\users\owner\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2014-02-25 1821888]
"Akamai NetSession Interface"="c:\users\owner\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472]
"icq"="c:\users\owner\AppData\Roaming\ICQM\icq.exe" [2014-02-10 33664344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-05-20 291648]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-11-25 25600]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"PCE-AC66 WLAN Control Center"="c:\program files (x86)\ASUS\PCE-AC66 WLAN Card Utilities\WlanMgr.exe" [2012-12-03 9440256]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-10-01 152392]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"HOSTS Anti-Adware_PUPs"="c:\program files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe" [2014-03-19 302961]
"Privatefirewall"="c:\program files (x86)\Privacyware\Privatefirewall 7.0\PFGUI.exe" [2013-12-17 3048480]
.
c:\users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2013-5-28 576000]
Samsung Magician.lnk - c:\program files (x86)\Samsung Magician\Samsung Magician.exe  /AUTOHIDE [2013-12-20 4580256]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-11-28 1338656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
R1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140214.001\BHDrvx64.sys;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140214.001\BHDrvx64.sys [x]
R1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1501000.012\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1501000.012\ccSetx64.sys [x]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\program files\Malwarebytes Anti-Exploit\MBAE.sys;c:\program files\Malwarebytes Anti-Exploit\MBAE.sys [x]
R1 IDSVia64;IDSVia64;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140321.001\IDSvia64.sys;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140321.001\IDSvia64.sys [x]
R1 pwipf6;Privacyware Filter Driver;c:\windows\system32\DRIVERS\pwipf6.sys;c:\windows\SYSNATIVE\DRIVERS\pwipf6.sys [x]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1501000.012\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1501000.012\Ironx64.SYS [x]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1501000.012\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1501000.012\SYMNETS.SYS [x]
R2 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [x]
R2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 EslWireHelper;ESL Wire Helper Service;c:\program files\EslWire\service\WireHelperSvc.exe;c:\program files\EslWire\service\WireHelperSvc.exe [x]
R2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x]
R2 HOSTS Anti-PUPs;HOSTS Anti-PUPs;c:\program files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe;c:\program files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe [x]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\21.1.0.18\N360.exe;c:\program files (x86)\Norton 360\Engine\21.1.0.18\N360.exe [x]
R2 OpenVPNAccessClient;OpenVPN Access Client;c:\program files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe;c:\program files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [x]
R2 PFNet;Privacyware network service;c:\program files (x86)\Privacyware\Privatefirewall 7.0\pfsvc.exe;c:\program files (x86)\Privacyware\Privatefirewall 7.0\pfsvc.exe [x]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
R3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys;c:\windows\SYSNATIVE\DRIVERS\bcmvwl64.sys [x]
R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys;c:\windows\SYSNATIVE\DRIVERS\btwdpan.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS;c:\windows\SYSNATIVE\drivers\CT20XUT.SYS [x]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS;c:\windows\SYSNATIVE\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS;c:\windows\SYSNATIVE\drivers\CTEXFIFX.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS;c:\windows\SYSNATIVE\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS;c:\windows\SYSNATIVE\drivers\CTHWIUT.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS;c:\windows\SYSNATIVE\drivers\CTHWIUT.SYS [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;k:\games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe;k:\games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
R3 GPU-Z;GPU-Z; [x]
R3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys;c:\windows\SYSNATIVE\drivers\ha20x22k.sys [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver;c:\windows\system32\DRIVERS\PcaSp60.sys;c:\windows\SYSNATIVE\DRIVERS\PcaSp60.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTCore64;RTCore64;c:\program files (x86)\EVGA Precision X\RTCore64.sys;c:\program files (x86)\EVGA Precision X\RTCore64.sys [x]
R3 shy;shy; [x]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys;c:\windows\SYSNATIVE\DRIVERS\tapoas.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys;c:\windows\SYSNATIVE\DRIVERS\asahci64.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1501000.012\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1501000.012\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1501000.012\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1501000.012\SYMEFA64.SYS [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-25 18:55]
.
2014-03-22 c:\windows\Tasks\Malwarebytes Anti-Exploit.job
- c:\program files\Malwarebytes Anti-Exploit\mbae-loader.exe [2014-01-17 15:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2014-01-09 05:14	2486592	----a-w-	c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-08-27 04:42	244696	----a-w-	c:\users\owner\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-08-27 04:42	244696	----a-w-	c:\users\owner\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-08-27 04:42	244696	----a-w-	c:\users\owner\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-08-07 6827664]
"Broadcom Wireless Manager UI"="c:\program files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe" [2013-05-09 7144960]
"AsioReg"="CTASIO.DLL" [BU]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-10-18 1063200]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: aeriagames.com
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{1B2669EF-4A6C-4202-A3B5-0CD09F25CCA3}: NameServer = 209.250.128.6,66.163.0.173
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\21.1.0.18\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\21.1.0.18\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\N360x64\1501000.012\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton 360\Engine\21.1.0.18;c:\program files (x86)\Norton 360\Engine64\21.1.0.18"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2014-03-22  11:05:47
ComboFix-quarantined-files.txt  2014-03-22 15:05
ComboFix2.txt  2014-03-22 05:34
ComboFix3.txt  2014-03-22 04:04
ComboFix4.txt  2014-03-21 05:23
.
Pre-Run: 39,581,908,992 bytes free
Post-Run: 39,173,074,944 bytes free
.
- - End Of File - - 618C60FA9A5757A7421297D2B88E6749


Edited by z3n_Force, 28 March 2014 - 02:19 PM.


#10 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:45 PM

Posted 28 March 2014 - 05:41 PM

Please go to: VirusTotal
On the page you'll find a "Choose File" button.
Click on the Choose File button.
In the Choose File to Upload window which opens, copy and paste this into the File Name box.
 
c:\program files (x86)\a8ec4c03.tmp
 
Next, click the Open button.
Then click the "Scan It!" button just below.
This will scan the file. Please be patient.
If you get a message saying File has already been analyzed: click Reanalyze file now
Once scanned, copy and paste the link to the results page in your next reply.
----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#11 z3n_Force

z3n_Force
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:45 PM

Posted 28 March 2014 - 05:53 PM

https://www.virustotal.com/en/file/7a334ae06d974e3df68bac3e72c7758ae3f6ab8f0b07debf63c95015f7d29f95/analysis/1396047069/

 

Just a note- it was created at about the time I had the zero-access infection. Should I try deleting it or leave it alone?



#12 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:45 PM

Posted 28 March 2014 - 05:55 PM

No....I will return as quickly as I can.  :)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#13 z3n_Force

z3n_Force
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:45 PM

Posted 29 March 2014 - 03:25 PM

By the way there's also something called '~WRL0005' on my desktop it's a temperary file but if I believe I already deleted it and it's reappeared...

 

It was also created at about the same time I had the zeroacccess infection. 



#14 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:45 PM

Posted 29 March 2014 - 05:22 PM

Thanks for telling me.....

 

Go to C:\ and attach the following .txt files.....ComboFix2, ComboFix3 and ComboFix4


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#15 z3n_Force

z3n_Force
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:45 PM

Posted 29 March 2014 - 05:52 PM

None except the one I posted are there unfortunately. 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users