Jump to content

and another aartemis problem

lisaepco

By lisaepco
in Resolved Malware Removal Logs

 Share

Recommended Posts

lisaepco

lisaepco

Posted
Posted

Unable to run dds file. It says "DDS is not meant to run in Compatibility Mode".  So I can't post the log files as requested in the "what do I do now" post. Don't know why it would be running in compatibility mode, maybe windows 8 issue? Ill look into that more or maybe someone here will have a quick answer.

 

After that ...... my daughters computer is infected. She messed around for a 2-3 hrs before letting me know. I've downloaded and run the free version of malwarebytes and it quarantined several files but the problems is not fixed. Any help is much appreciated.

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Hello lisaepco and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system.  You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Link to post
Share on other sites
lisaepco

lisaepco

Posted
  • Author
Posted

Thanks so much for the help..............here are the logs

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-11-2013
Ran by talon_000 (administrator) on TALON-TOSH on 19-11-2013 09:26:31
Running from C:\Users\talon_000\Desktop
Windows 8.1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\WINDOWS\system32\atiesrxx.exe
(AMD) C:\WINDOWS\system32\atieclxx.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\skydrive.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoResident.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
() C:\Program Files\WindowsApps\Microsoft.HelpAndTips_6.3.9600.20274_x64__8wekyb3d8bbwe\HelpAndTips.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
(Microsoft) C:\Program Files\Toshiba\TOSHIBA Desktop Assist\TosDesktopAssist.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20279_x64__8wekyb3d8bbwe\LiveComm.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [TCrdMain] - C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] - C:\Program Files\Toshiba\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] - C:\Program Files (x86)\Toshiba\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-16] (Synaptics Incorporated)
HKCU\...\Run: [steam] - C:\Program Files (x86)\Steam\Steam.exe [1820584 2013-10-30] (Valve Corporation)
MountPoints2: {55a03806-0ce1-11e3-be78-008cfa42fbef} - "E:\HTC_Sync_Manager_PC.exe" 
MountPoints2: {55a03807-0ce1-11e3-be78-008cfa42fbef} - "F:\TL-Bootstrap.exe" 
HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
HKU\Administrator\...\Run: [AppEx Accelerator UI] - C:\Program Files\AMD Quick Stream\AppexAcceleratorUI.exe [1000288 2012-05-22] (AppEx Networks Corporation)
HKU\Administrator\...\RunOnce: [WAB Migrate] - C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.aartemis.com/web/?type=ds&ts=1384720717&from=tugs&uid=TOSHIBAXMQ01ABD064_23LCF4ROSXX23LCF4ROS&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.aartemis.com/web/?type=ds&ts=1384720717&from=tugs&uid=TOSHIBAXMQ01ABD064_23LCF4ROSXX23LCF4ROS&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://aartemis.com/?type=hp&ts=1384720717&from=tugs&uid=TOSHIBAXMQ01ABD064_23LCF4ROSXX23LCF4ROS
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mystart.toshiba.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.aartemis.com/web/?type=ds&ts=1384720717&from=tugs&uid=TOSHIBAXMQ01ABD064_23LCF4ROSXX23LCF4ROS&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NIS&pvid=20.4.0.40
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.aartemis.com/web/?type=ds&ts=1384720717&from=tugs&uid=TOSHIBAXMQ01ABD064_23LCF4ROSXX23LCF4ROS&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://aartemis.com/?type=sc&ts=1384720717&from=tugs&uid=TOSHIBAXMQ01ABD064_23LCF4ROSXX23LCF4ROS
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.aartemis.com/web/?type=ds&ts=1384720717&from=tugs&uid=TOSHIBAXMQ01ABD064_23LCF4ROSXX23LCF4ROS&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.aartemis.com/web/?type=ds&ts=1384720717&from=tugs&uid=TOSHIBAXMQ01ABD064_23LCF4ROSXX23LCF4ROS&q={searchTerms}
SearchScopes: HKLM - {7B12CE43-186E-4E95-8877-8B518C393DE9} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS
SearchScopes: HKLM-x32 - {7B12CE43-186E-4E95-8877-8B518C393DE9} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll ()
CHR Plugin: (Norton Identity Safe) - C:\Users\talon_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.3.4_0\npcoplgn.dll (Symantec Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java Deployment Toolkit 7.0.450.18) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
CHR Plugin: (Java Platform SE 7 U45) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Extension: (Entanglement Web App) - C:\Users\TALON_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\3.4.9_0
CHR Extension: (Google Docs) - C:\Users\TALON_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\TALON_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (Bow Master Japan) - C:\Users\TALON_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\beegfnmknkfjdnajgannnpiipandjpgo\1.1_0
CHR Extension: (YouTube) - C:\Users\TALON_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Extended Protection) - C:\Users\TALON_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0
CHR Extension: (Dino Snap) - C:\Users\TALON_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpfahhfcknbfalnpepckmhgbfiniaod\1.0.0.0_0
CHR Extension: (Google Search) - C:\Users\TALON_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Give Up) - C:\Users\TALON_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\diippoclinjdbklinhchgedilfncehbi\1.0.0_0
CHR Extension: (NoNoSparks Genesis) - C:\Users\TALON_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\emckmlnfmemaompnmnnebnlgmneojmag\2.3.5_0
CHR Extension: (Sparrow) - C:\Users\TALON_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnnbpeligohmfjgcpoalibifoabcjaof\1.1_0
CHR Extension: (Crimson: Steam Pirates) - C:\Users\TALON_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\glfbkgkceahodalogdpenjoekbacjfcj\1.0_0
CHR Extension: (WarLight) - C:\Users\TALON_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiikfoplnkjhoiafgmcobenlfnbphbee\1.0_0
CHR Extension: (Faerie Alchemy HD) - C:\Users\TALON_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\imdilajngppdgdbemeighbingnbmpnpl\1.1.3.7_0
CHR Extension: (Dino Storm) - C:\Users\TALON_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdcelgimengeaokbmmfenpkfbnlkpdhi\2.11_0
CHR Extension: (Sand 2) - C:\Users\TALON_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\klicmgamjpclmbhppmdeamffedflmkcn\1.1_0
CHR Extension: (Google Play) - C:\Users\TALON_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi\3.0_0
CHR Extension: (Norton Identity Protection) - C:\Users\TALON_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.1.0.32_0
CHR Extension: (Snake) - C:\Users\TALON_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlijpphckdfkmcjclnimmbknefojcaol\0.0.3_0
CHR Extension: (Muffin Knight) - C:\Users\TALON_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngcgpajmidlcgbkpjaopbcglkjepkbaa\1.4.5_0
CHR Extension: (Google Wallet) - C:\Users\TALON_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Reflexions - bookmark) - C:\Users\TALON_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nogadgkloelojebogohabcnnbihknaaf\1.0.1_0
CHR Extension: (Gmail) - C:\Users\TALON_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx
 
==================== Services (Whitelisted) =================
 
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
R2 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [214488 2012-08-10] (TOSHIBA CORPORATION)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows ® Win 7 DDK provider)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20131114.001\BHDrvx64.sys [1524824 2013-11-01] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-05] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-11-05] (Symantec Corporation)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20131118.001\IDSvia64.sys [521816 2013-11-05] (Symantec Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-10-08] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20131119.001\ENG64.SYS [126040 2013-11-05] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20131119.001\EX64.SYS [2099288 2013-11-05] (Symantec Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation                           )
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146272 2013-08-22] (Microsoft Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-15] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-20] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-22] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1404000.028\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-11-06] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
R0 THAccel; C:\Windows\System32\DRIVERS\THAccel.sys [131520 2012-08-10] (TOSHIBA CORPORATION)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows ® Win 7 DDK provider)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
S3 IntcAzAudAddService; \SystemRoot\system32\drivers\RTKVHD64.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-11-19 09:26 - 2013-11-19 09:27 - 00017807 _____ C:\Users\talon_000\Desktop\FRST.txt
2013-11-19 09:25 - 2013-11-19 09:25 - 00000000 ____D C:\FRST
2013-11-19 09:24 - 2013-11-19 09:24 - 01957964 _____ (Farbar) C:\Users\talon_000\Desktop\FRST64.exe
2013-11-18 18:04 - 2013-11-18 18:04 - 00688992 _____ (Swearware) C:\Users\talon_000\Desktop\dds.scr
2013-11-18 17:46 - 2013-11-18 17:46 - 00688992 _____ (Swearware) C:\Users\talon_000\Desktop\dds.com
2013-11-18 17:37 - 2013-11-18 17:37 - 00688992 _____ (Swearware) C:\Users\talon_000\Downloads\dds.scr
2013-11-18 16:51 - 2013-11-18 16:51 - 00000000 ____D C:\WINDOWS\LastGood
2013-11-18 16:43 - 2013-11-18 16:43 - 00001132 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-18 16:43 - 2013-11-18 16:43 - 00000000 ____D C:\Users\talon_000\AppData\Roaming\Malwarebytes
2013-11-18 16:43 - 2013-11-18 16:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-18 16:43 - 2013-11-18 16:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-18 16:43 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-11-17 13:40 - 2013-11-17 20:13 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-11-17 13:40 - 2013-11-17 13:42 - 00000000 ____D C:\ProgramData\eSafe
2013-11-16 05:54 - 2013-11-16 05:54 - 00000000 ____D C:\WINDOWS\PCHEALTH
2013-11-16 02:49 - 2013-10-19 01:08 - 23212544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-11-16 02:49 - 2013-10-18 23:37 - 17142784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2013-11-16 02:49 - 2013-10-18 23:24 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2013-11-16 02:49 - 2013-10-18 21:37 - 12995584 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-11-16 02:49 - 2013-10-18 20:56 - 11220992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2013-11-16 02:49 - 2013-10-11 06:04 - 02570240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2013-11-16 02:49 - 2013-10-10 09:23 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2013-11-16 02:49 - 2013-10-07 00:21 - 07399256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2013-11-16 02:49 - 2013-10-06 19:13 - 03532288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2013-11-16 02:49 - 2013-10-05 00:39 - 06639616 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2013-11-16 02:49 - 2013-10-05 00:32 - 05769728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2013-11-16 02:48 - 2013-10-23 04:29 - 00044936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2013-11-16 02:48 - 2013-10-23 04:21 - 00155480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2013-11-16 02:48 - 2013-10-23 04:13 - 00171864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kd_02_8086.dll
2013-11-16 02:48 - 2013-10-22 22:27 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-11-16 02:48 - 2013-10-22 22:09 - 04104704 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2013-11-16 02:48 - 2013-10-22 22:04 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-11-16 02:48 - 2013-10-22 21:55 - 00839680 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2013-11-16 02:48 - 2013-10-22 21:46 - 00700928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2013-11-16 02:48 - 2013-10-22 01:18 - 01287064 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2013-11-16 02:48 - 2013-10-22 00:55 - 02328872 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2013-11-16 02:48 - 2013-10-21 23:03 - 02065448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2013-11-16 02:48 - 2013-10-21 22:15 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2013-11-16 02:48 - 2013-10-21 21:04 - 00618496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2013-11-16 02:48 - 2013-10-21 21:02 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2013-11-16 02:48 - 2013-10-21 20:56 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2013-11-16 02:48 - 2013-10-21 20:44 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2013-11-16 02:48 - 2013-10-21 19:38 - 01362944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2013-11-16 02:48 - 2013-10-21 19:22 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2013-11-16 02:48 - 2013-10-21 19:13 - 01704448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2013-11-16 02:48 - 2013-10-21 19:07 - 02617344 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2013-11-16 02:48 - 2013-10-21 18:53 - 01584128 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2013-11-16 02:48 - 2013-10-21 18:47 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2013-11-16 02:48 - 2013-10-19 02:13 - 01530200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2013-11-16 02:48 - 2013-10-19 01:51 - 00481392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2013-11-16 02:48 - 2013-10-19 00:12 - 00380656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2013-11-16 02:48 - 2013-10-18 23:02 - 02764288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-11-16 02:48 - 2013-10-18 22:37 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2013-11-16 02:48 - 2013-10-18 22:19 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2013-11-16 02:48 - 2013-10-18 22:10 - 05765120 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2013-11-16 02:48 - 2013-10-18 21:52 - 02166272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2013-11-16 02:48 - 2013-10-18 21:48 - 00607744 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2013-11-16 02:48 - 2013-10-18 21:44 - 04240384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2013-11-16 02:48 - 2013-10-18 21:31 - 01993728 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2013-11-16 02:48 - 2013-10-18 21:03 - 00531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2013-11-16 02:48 - 2013-10-18 20:57 - 02143744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2013-11-16 02:48 - 2013-10-18 20:55 - 01926656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2013-11-16 02:48 - 2013-10-18 20:53 - 02332160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-11-16 02:48 - 2013-10-18 20:28 - 01765376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2013-11-16 02:48 - 2013-10-18 20:26 - 01231360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2013-11-16 02:48 - 2013-10-18 20:23 - 01394176 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-11-16 02:48 - 2013-10-18 20:14 - 00888832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2013-11-16 02:48 - 2013-10-18 20:09 - 01818112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2013-11-16 02:48 - 2013-10-18 20:02 - 01156608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2013-11-16 02:48 - 2013-10-17 08:42 - 01399176 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2013-11-16 02:48 - 2013-10-17 08:42 - 01373872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2013-11-16 02:48 - 2013-10-17 07:04 - 01204968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2013-11-16 02:48 - 2013-10-16 02:34 - 00518656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2013-11-16 02:48 - 2013-10-16 02:33 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2013-11-16 02:48 - 2013-10-12 20:06 - 00258904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdyboost.sys
2013-11-16 02:48 - 2013-10-12 19:43 - 00708616 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
2013-11-16 02:48 - 2013-10-11 08:11 - 01843712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2013-11-16 02:48 - 2013-10-11 07:22 - 01816576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll
2013-11-16 02:48 - 2013-10-11 06:24 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2013-11-16 02:48 - 2013-10-11 06:03 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2013-11-16 02:48 - 2013-10-10 09:44 - 00031064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll
2013-11-16 02:48 - 2013-10-10 09:26 - 00317616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2013-11-16 02:48 - 2013-10-10 09:26 - 00104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2013-11-16 02:48 - 2013-10-10 07:53 - 00235960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2013-11-16 02:48 - 2013-10-10 07:53 - 00088272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2013-11-16 02:48 - 2013-10-10 04:53 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2013-11-16 02:48 - 2013-10-10 04:38 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2013-11-16 02:48 - 2013-10-10 04:21 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2013-11-16 02:48 - 2013-10-10 03:40 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2013-11-16 02:48 - 2013-10-10 03:19 - 00922624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2013-11-16 02:48 - 2013-10-08 22:40 - 00385528 _____ C:\WINDOWS\system32\ApnDatabase.xml
2013-11-16 02:48 - 2013-10-08 04:07 - 00039768 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2013-11-16 02:48 - 2013-10-08 03:28 - 00523096 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2013-11-16 02:48 - 2013-10-08 03:13 - 02551640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2013-11-16 02:48 - 2013-10-07 23:46 - 00113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\shsetup.dll
2013-11-16 02:48 - 2013-10-07 22:58 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shsetup.dll
2013-11-16 02:48 - 2013-10-07 22:50 - 00656384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2013-11-16 02:48 - 2013-10-07 22:48 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2013-11-16 02:48 - 2013-10-07 22:15 - 00492544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2013-11-16 02:48 - 2013-10-07 22:09 - 01160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2013-11-16 02:48 - 2013-10-07 21:50 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2013-11-16 02:48 - 2013-10-07 21:50 - 00762368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2013-11-16 02:48 - 2013-10-07 00:21 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2013-11-16 02:48 - 2013-10-05 08:25 - 00371032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2013-11-16 02:48 - 2013-10-05 08:25 - 00057176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2013-11-16 02:48 - 2013-10-05 07:21 - 00699840 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2013-11-16 02:48 - 2013-10-05 05:05 - 00578952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
2013-11-16 02:48 - 2013-10-05 04:01 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2013-11-16 02:48 - 2013-10-05 02:36 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2013-11-16 02:48 - 2013-10-05 02:18 - 01011712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2013-11-16 02:48 - 2013-10-05 02:07 - 00830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2013-11-16 02:48 - 2013-10-05 01:56 - 01147904 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2013-11-16 02:48 - 2013-10-05 01:55 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\miutils.dll
2013-11-16 02:48 - 2013-10-05 01:40 - 00795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2013-11-16 02:48 - 2013-10-05 01:24 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\miutils.dll
2013-11-16 02:48 - 2013-10-05 01:21 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2013-11-16 02:48 - 2013-10-05 01:15 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcsvDevice.dll
2013-11-16 02:48 - 2013-10-05 00:43 - 00578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2013-11-16 02:48 - 2013-10-05 00:35 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2013-11-16 02:48 - 2013-10-04 01:10 - 00533504 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2013-11-16 02:48 - 2013-09-18 22:04 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2013-11-16 02:48 - 2013-09-17 02:06 - 01067080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2013-11-16 02:48 - 2013-09-17 02:06 - 00465960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2013-11-16 02:48 - 2013-09-17 00:01 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2013-11-16 02:48 - 2013-09-16 23:31 - 00883184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2013-11-16 02:48 - 2013-09-16 23:31 - 00326024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2013-11-16 02:48 - 2013-09-16 21:37 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2013-11-16 02:48 - 2013-09-14 07:07 - 02134120 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2013-11-16 02:48 - 2013-09-14 07:00 - 00391512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsmf.dll
2013-11-16 02:48 - 2013-09-14 05:39 - 01799944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2013-11-16 02:48 - 2013-09-14 05:33 - 00345552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsmf.dll
2013-11-16 02:48 - 2013-09-14 03:05 - 00338944 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2013-11-16 02:48 - 2013-09-14 02:11 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2013-11-16 02:48 - 2013-09-13 01:22 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ftp.exe
2013-11-16 02:48 - 2013-09-13 00:47 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ftp.exe
2013-11-16 02:48 - 2013-09-12 01:45 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll
2013-11-16 02:48 - 2013-09-12 01:08 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll
2013-11-16 02:48 - 2013-09-12 01:08 - 00103424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2013-11-16 02:48 - 2013-09-12 01:02 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll
2013-11-16 02:48 - 2013-09-12 00:44 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll
2013-11-16 02:48 - 2013-09-12 00:37 - 00245248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll
2013-11-16 02:48 - 2013-09-12 00:37 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWfdProvider.dll
2013-11-16 02:48 - 2013-09-12 00:21 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll
2013-11-16 02:48 - 2013-09-12 00:16 - 00335360 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll
2013-11-16 02:48 - 2013-09-12 00:01 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll
2013-11-16 02:48 - 2013-09-11 05:46 - 00325464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2013-11-16 02:48 - 2013-09-09 22:26 - 04599808 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2013-11-16 02:48 - 2013-09-09 21:52 - 00132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\msched.dll
2013-11-16 02:48 - 2013-09-09 21:34 - 03934208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2013-11-16 02:44 - 2013-11-05 13:21 - 21196664 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2013-11-16 02:44 - 2013-11-05 11:51 - 18642504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2013-11-16 02:44 - 2013-11-05 09:20 - 13925888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2013-11-16 02:44 - 2013-11-05 09:11 - 18577408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2013-11-16 02:44 - 2013-11-05 07:30 - 11674112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2013-11-16 02:44 - 2013-11-05 07:29 - 13176320 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2013-11-16 02:42 - 2013-10-10 04:26 - 02801664 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2013-11-16 02:42 - 2013-10-10 04:05 - 01019392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2013-11-16 02:42 - 2013-10-10 03:34 - 01085952 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2013-11-16 02:42 - 2013-10-10 03:27 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2013-11-15 17:07 - 2013-11-15 17:07 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2013-11-15 17:07 - 2013-11-15 17:07 - 00377856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2013-11-15 17:07 - 2013-11-15 17:07 - 00214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2013-11-15 17:07 - 2013-11-15 17:07 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2013-11-15 17:07 - 2013-11-15 17:07 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2013-11-15 17:07 - 2013-11-15 17:07 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2013-11-15 17:07 - 2013-11-15 17:07 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2013-11-15 17:07 - 2013-11-15 17:07 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2013-11-15 17:07 - 2013-11-15 17:07 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2013-11-15 17:07 - 2013-11-15 17:07 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2013-11-15 17:07 - 2013-11-15 17:07 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2013-11-15 17:07 - 2013-11-15 17:07 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2013-11-15 17:07 - 2013-11-15 17:07 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2013-11-15 17:07 - 2013-11-15 17:07 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2013-11-14 04:29 - 2013-10-12 19:48 - 00136536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2013-11-14 04:29 - 2013-10-12 14:48 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2013-11-14 04:29 - 2013-10-12 14:34 - 01104384 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2013-11-14 04:28 - 2013-10-16 08:58 - 01943536 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2013-11-14 04:28 - 2013-10-16 06:54 - 01581968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2013-11-14 04:28 - 2013-10-05 07:21 - 01341288 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2013-11-14 04:28 - 2013-10-05 01:39 - 01067008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2013-11-13 15:42 - 2013-11-18 14:57 - 00000000 ____D C:\Users\talon_000\AppData\Local\CrashDumps
2013-11-12 10:35 - 2013-11-13 08:24 - 00000000 ___DC C:\WINDOWS\Panther
2013-11-12 10:35 - 2013-11-12 10:35 - 00000000 __SHD C:\Recovery
2013-11-12 10:33 - 2013-11-12 10:33 - 01286552 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2013-11-12 10:33 - 2013-11-12 10:33 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2013-11-12 10:33 - 2013-11-12 10:33 - 00977408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2013-11-12 10:33 - 2013-11-12 10:33 - 00872840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2013-11-12 10:33 - 2013-11-12 10:33 - 00698232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2013-11-12 10:33 - 2013-11-12 10:33 - 00516496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2013-11-12 10:33 - 2013-11-12 10:33 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2013-11-12 10:32 - 2013-11-12 10:33 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2013-11-12 10:32 - 2013-11-12 10:32 - 01765384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2013-11-12 10:32 - 2013-11-12 10:32 - 01018960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2013-11-12 10:32 - 2013-11-12 10:32 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2013-11-12 10:32 - 2013-11-12 10:32 - 00294400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2013-11-12 10:32 - 2013-11-12 10:32 - 00262144 _____ C:\WINDOWS\system32\config\userdiff
2013-11-12 10:32 - 2013-11-12 10:32 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2013-11-12 10:30 - 2013-11-12 10:30 - 00000000 ____D C:\Program Files\Reference Assemblies
2013-11-12 10:30 - 2013-11-12 10:30 - 00000000 ____D C:\Program Files\MSBuild
2013-11-12 10:30 - 2013-11-12 10:30 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2013-11-12 10:30 - 2013-11-12 10:30 - 00000000 ____D C:\Program Files (x86)\MSBuild
2013-11-12 10:29 - 2013-08-02 21:48 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2013-11-12 10:29 - 2013-08-02 21:48 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2013-11-12 10:29 - 2013-08-02 21:48 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2013-11-12 10:29 - 2013-08-02 21:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2013-11-12 10:29 - 2013-08-02 21:41 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-11-12 10:29 - 2013-08-02 21:41 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2013-11-12 10:07 - 2013-11-19 09:23 - 00003950 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4BD4E91F-9C4A-444F-A87E-181835D00DE2}
2013-11-12 10:05 - 2013-11-18 17:35 - 00000000 __RDO C:\Users\talon_000\SkyDrive
2013-11-12 10:05 - 2013-11-12 10:05 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Internet Security
2013-11-12 10:02 - 2013-11-12 10:05 - 00000000 ____D C:\Users\talon_000\AppData\Local\PackageStaging
2013-11-12 10:02 - 2013-11-12 10:02 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2013-11-12 10:01 - 2013-11-17 13:39 - 00001659 _____ C:\Users\talon_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-12 10:00 - 2013-11-12 10:00 - 00000020 ___SH C:\Users\talon_000\ntuser.ini
2013-11-12 09:56 - 2013-11-19 06:28 - 01118032 _____ C:\WINDOWS\WindowsUpdate.log
2013-11-12 09:56 - 2013-11-12 09:56 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2013-11-12 09:45 - 2013-11-12 09:45 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2013-11-12 09:43 - 2013-11-12 10:05 - 00000000 ____D C:\Users\talon_000
2013-11-12 09:43 - 2013-11-12 09:56 - 00032388 _____ C:\WINDOWS\diagwrn.xml
2013-11-12 09:43 - 2013-11-12 09:56 - 00032388 _____ C:\WINDOWS\diagerr.xml
2013-11-12 09:43 - 2013-11-12 09:52 - 00000000 ____D C:\Users\Administrator
2013-11-12 09:43 - 2013-11-12 09:45 - 00000000 ___RD C:\Users\talon_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2013-11-12 09:43 - 2013-11-12 09:44 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2013-11-12 09:43 - 2013-08-22 08:36 - 00000000 ___RD C:\Users\talon_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-11-12 09:43 - 2013-08-22 08:36 - 00000000 ___RD C:\Users\talon_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2013-11-12 09:43 - 2013-08-22 08:36 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-11-12 09:43 - 2013-08-22 08:36 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2013-11-12 09:43 - 2013-08-22 08:36 - 00000000 ____D C:\Users\talon_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-11-12 09:43 - 2013-08-22 08:36 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-11-12 09:38 - 2013-11-12 09:38 - 00000264 _____ C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job
2013-11-12 09:38 - 2013-11-12 09:38 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2013-11-12 09:38 - 2013-11-12 09:38 - 00000000 ____D C:\Program Files\Synaptics
2013-11-12 09:37 - 2013-11-18 15:53 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2013-11-12 09:37 - 2013-11-12 09:37 - 00000000 ____D C:\Program Files\Realtek
2013-11-12 09:37 - 2013-11-12 09:37 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2013-11-12 09:37 - 2013-11-12 09:37 - 00000000 ____D C:\Program Files\AMD
2013-11-12 09:37 - 2013-11-12 09:37 - 00000000 _____ C:\WINDOWS\ativpsrm.bin
2013-11-12 09:00 - 2013-11-12 09:56 - 00006570 _____ C:\WINDOWS\comsetup.log
2013-11-10 18:24 - 2013-11-17 20:53 - 00000000 ____D C:\Users\talon_000\AppData\Roaming\.minecraft
2013-11-10 18:22 - 2013-11-10 18:22 - 00000000 ____D C:\ProgramData\Sun
2013-11-10 18:22 - 2013-11-10 18:22 - 00000000 ____D C:\ProgramData\Oracle
2013-11-10 18:20 - 2013-11-10 18:20 - 00915368 _____ (Oracle Corporation) C:\Users\talon_000\Downloads\chromeinstall-7u45.exe
2013-11-05 19:23 - 2013-11-12 10:00 - 00003234 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2013-11-05 19:23 - 2013-11-06 16:11 - 00177312 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2013-11-05 19:23 - 2013-11-06 16:11 - 00007631 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2013-11-05 19:23 - 2013-11-05 19:23 - 00000000 ____D C:\Program Files\Symantec
2013-11-05 19:23 - 2013-11-05 19:23 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-11-05 19:22 - 2013-11-10 09:43 - 00000000 ____D C:\WINDOWS\system32\Drivers\NISx64
2013-11-05 19:22 - 2013-11-05 19:22 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security
2013-11-05 18:53 - 2013-11-12 09:49 - 00000000 ____D C:\Users\talon_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2013-11-05 18:53 - 2013-11-05 19:21 - 00001285 _____ C:\Users\talon_000\Desktop\Norton Installation Files.lnk
2013-11-04 16:01 - 2013-11-04 16:01 - 00000222 _____ C:\Users\talon_000\Desktop\Scribblenauts Unlimited.url
2013-11-04 15:44 - 2013-11-16 05:53 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-11-04 15:44 - 2013-11-16 05:52 - 82896128 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-11-04 15:06 - 2013-05-03 21:51 - 00014848 ____N (Microsoft) C:\WINDOWS\system32\rars.rs
2013-11-04 15:06 - 2013-05-03 21:10 - 00014848 ____N (Microsoft) C:\WINDOWS\SysWOW64\rars.rs
2013-11-04 09:20 - 2013-11-04 09:20 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2013-11-04 08:51 - 2013-11-04 08:51 - 00000000 ____D C:\Users\talon_000\AppData\Local\Adobe
2013-11-03 19:38 - 2013-11-03 19:38 - 00000219 _____ C:\Users\talon_000\Desktop\Portal 2.url
2013-11-03 19:30 - 2013-11-03 19:30 - 00000000 ____D C:\Users\talon_000\AppData\Roaming\3909
2013-11-03 19:29 - 2013-11-03 19:29 - 00000222 _____ C:\Users\talon_000\Desktop\Papers, Please.url
2013-11-03 18:30 - 2013-11-03 18:30 - 00000190 _____ C:\Users\talon_000\Desktop\Gunpoint.url
2013-11-03 18:25 - 2013-11-05 08:58 - 00000976 _____ C:\Users\talon_000\Desktop\EXCEL - Shortcut.lnk
2013-11-03 18:23 - 2013-11-05 08:58 - 00000988 _____ C:\Users\talon_000\Desktop\WINWORD - Shortcut.lnk
2013-11-03 18:20 - 2013-11-03 18:20 - 00000376 _____ C:\WINDOWS\ODBC.INI
2013-11-03 18:19 - 2013-11-03 18:19 - 00000000 ____D C:\Program Files (x86)\Microsoft ActiveSync
2013-11-03 18:17 - 2013-11-03 18:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-11-03 17:23 - 2013-11-03 17:23 - 00010226 _____ C:\Users\talon_000\Desktop\GHScrabble - Shortcut.lnk
2013-11-03 17:23 - 2013-11-03 17:23 - 00008395 _____ C:\Users\talon_000\Desktop\MinecraftSP - Shortcut.lnk
2013-11-03 17:22 - 2013-11-03 17:22 - 00010317 _____ C:\Users\talon_000\Desktop\Insaniquarium - Shortcut.lnk
2013-11-03 17:02 - 2013-11-12 10:05 - 00000000 ___RD C:\Users\talon_000\SkyDrive.old
2013-11-03 16:55 - 2013-11-03 16:55 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2013-11-03 16:48 - 2013-11-03 16:48 - 00000000 ____D C:\ProgramData\Synaptics
2013-11-03 16:35 - 2013-11-03 16:35 - 00000000 ____D C:\Users\talon_000\AppData\Roaming\Macromedia
2013-11-03 15:54 - 2013-11-18 16:53 - 00000000 ____D C:\Program Files (x86)\Steam
2013-11-03 15:54 - 2013-11-03 15:54 - 00000928 _____ C:\Users\Public\Desktop\Steam.lnk
2013-11-03 15:50 - 2013-11-03 15:50 - 00001439 _____ C:\Users\talon_000\Desktop\Game - Shortcut.lnk
2013-11-03 15:49 - 2013-11-18 18:34 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2516891730-76361526-1540942176-1001
2013-11-03 15:45 - 2013-11-03 15:45 - 00000000 ____D C:\Users\talon_000\AppData\Roaming\ATI
2013-11-03 15:45 - 2013-11-03 15:45 - 00000000 ____D C:\Users\talon_000\AppData\Local\ATI
2013-11-03 15:43 - 2013-11-19 08:54 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-03 15:43 - 2013-11-18 16:53 - 00002408 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-11-03 15:43 - 2013-11-18 16:53 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-03 15:43 - 2013-11-03 15:48 - 00003898 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2013-11-03 15:43 - 2013-11-03 15:48 - 00003662 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2013-11-03 15:43 - 2013-11-03 15:43 - 00000000 ____D C:\Users\talon_000\AppData\Local\Google
2013-11-03 15:43 - 2013-11-03 15:43 - 00000000 ____D C:\Program Files (x86)\Google
2013-11-03 15:42 - 2013-11-03 15:42 - 00000000 ____D C:\Users\talon_000\AppData\Local\Apps\2.0
2013-11-03 15:40 - 2013-11-03 15:40 - 00000000 ____D C:\Users\talon_000\AppData\Local\TOSHIBA
2013-11-03 15:39 - 2013-11-03 15:39 - 00011124 _____ C:\Users\talon_000\Desktop\Removed Apps.html
2013-11-03 15:37 - 2013-11-18 08:36 - 00000000 ___RD C:\Users\talon_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-03 15:37 - 2013-11-18 08:36 - 00000000 ___RD C:\Users\talon_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-11-03 15:36 - 2013-11-04 08:51 - 00000000 ____D C:\Users\talon_000\AppData\Roaming\Adobe
2013-11-03 15:36 - 2013-11-03 15:36 - 00000000 ____D C:\Users\talon_000\AppData\Roaming\WinBatch
2013-11-03 15:35 - 2013-11-03 15:35 - 00000000 ____D C:\Users\talon_000\AppData\Local\VirtualStore
2013-11-03 15:16 - 2013-11-03 15:16 - 00000013 __RSH C:\WINDOWS\system32\Drivers\fbd.sys
2013-11-03 14:47 - 2013-11-03 14:48 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Anti-Theft
2013-11-03 14:45 - 2013-11-12 09:15 - 01172293 _____ C:\WINDOWS\WindowsUpdate (1).log
2013-11-03 14:45 - 2013-11-03 14:45 - 00001998 _____ C:\Users\Administrator\AppData\Local\Application.xml
2013-11-03 14:17 - 2013-11-04 09:26 - 00000000 ___HD C:\$SysReset
2013-10-30 14:24 - 2013-10-30 14:24 - 00000000 ____D C:\Users\talon_000\.phet
 
==================== One Month Modified Files and Folders =======
 
2013-11-19 09:27 - 2013-11-19 09:26 - 00017807 _____ C:\Users\talon_000\Desktop\FRST.txt
2013-11-19 09:25 - 2013-11-19 09:25 - 00000000 ____D C:\FRST
2013-11-19 09:24 - 2013-11-19 09:24 - 01957964 _____ (Farbar) C:\Users\talon_000\Desktop\FRST64.exe
2013-11-19 09:23 - 2013-11-12 10:07 - 00003950 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4BD4E91F-9C4A-444F-A87E-181835D00DE2}
2013-11-19 09:02 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\sru
2013-11-19 08:54 - 2013-11-03 15:43 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-19 06:28 - 2013-11-12 09:56 - 01118032 _____ C:\WINDOWS\WindowsUpdate.log
2013-11-18 19:43 - 2013-09-29 21:04 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-11-18 19:41 - 2013-08-22 07:46 - 00326148 _____ C:\WINDOWS\setupact.log
2013-11-18 18:34 - 2013-11-03 15:49 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2516891730-76361526-1540942176-1001
2013-11-18 18:04 - 2013-11-18 18:04 - 00688992 _____ (Swearware) C:\Users\talon_000\Desktop\dds.scr
2013-11-18 17:46 - 2013-11-18 17:46 - 00688992 _____ (Swearware) C:\Users\talon_000\Desktop\dds.com
2013-11-18 17:37 - 2013-11-18 17:37 - 00688992 _____ (Swearware) C:\Users\talon_000\Downloads\dds.scr
2013-11-18 17:35 - 2013-11-12 10:05 - 00000000 __RDO C:\Users\talon_000\SkyDrive
2013-11-18 16:53 - 2013-11-03 15:54 - 00000000 ____D C:\Program Files (x86)\Steam
2013-11-18 16:53 - 2013-11-03 15:43 - 00002408 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-11-18 16:53 - 2013-11-03 15:43 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-18 16:51 - 2013-11-18 16:51 - 00000000 ____D C:\WINDOWS\LastGood
2013-11-18 16:51 - 2013-09-29 20:55 - 00007670 _____ C:\WINDOWS\PFRO.log
2013-11-18 16:51 - 2013-08-22 07:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-11-18 16:43 - 2013-11-18 16:43 - 00001132 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-18 16:43 - 2013-11-18 16:43 - 00000000 ____D C:\Users\talon_000\AppData\Roaming\Malwarebytes
2013-11-18 16:43 - 2013-11-18 16:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-18 16:43 - 2013-11-18 16:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-18 15:53 - 2013-11-12 09:37 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2013-11-18 15:39 - 2013-08-22 06:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2013-11-18 14:57 - 2013-11-13 15:42 - 00000000 ____D C:\Users\talon_000\AppData\Local\CrashDumps
2013-11-18 13:50 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\rescache
2013-11-18 08:36 - 2013-11-03 15:37 - 00000000 ___RD C:\Users\talon_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-18 08:36 - 2013-11-03 15:37 - 00000000 ___RD C:\Users\talon_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-11-18 08:29 - 2013-08-22 07:44 - 00421688 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-11-18 08:29 - 2012-07-26 01:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2013-11-18 08:27 - 2013-08-22 08:36 - 00000000 ___RD C:\WINDOWS\ToastData
2013-11-18 08:27 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\WinStore
2013-11-18 08:27 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\migwiz
2013-11-18 08:27 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2013-11-17 21:44 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2013-11-17 20:53 - 2013-11-10 18:24 - 00000000 ____D C:\Users\talon_000\AppData\Roaming\.minecraft
2013-11-17 20:13 - 2013-11-17 13:40 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-11-17 13:42 - 2013-11-17 13:40 - 00000000 ____D C:\ProgramData\eSafe
2013-11-17 13:40 - 2013-08-07 14:11 - 00001617 _____ C:\Users\talon_000\Desktop\Launch Internet Explorer Browser.lnk
2013-11-17 13:39 - 2013-11-12 10:01 - 00001659 _____ C:\Users\talon_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-16 05:56 - 2012-07-25 22:26 - 00000188 _____ C:\WINDOWS\win.ini
2013-11-16 05:54 - 2013-11-16 05:54 - 00000000 ____D C:\WINDOWS\PCHEALTH
2013-11-16 05:53 - 2013-11-04 15:44 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-11-16 05:52 - 2013-11-04 15:44 - 82896128 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-11-15 17:08 - 2013-08-10 15:46 - 00193536 ___SH C:\Users\talon_000\Desktop\Thumbs.db
2013-11-15 17:07 - 2013-11-15 17:07 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2013-11-15 17:07 - 2013-11-15 17:07 - 00377856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2013-11-15 17:07 - 2013-11-15 17:07 - 00214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2013-11-15 17:07 - 2013-11-15 17:07 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2013-11-15 17:07 - 2013-11-15 17:07 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2013-11-15 17:07 - 2013-11-15 17:07 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2013-11-15 17:07 - 2013-11-15 17:07 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2013-11-15 17:07 - 2013-11-15 17:07 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2013-11-15 17:07 - 2013-11-15 17:07 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2013-11-15 17:07 - 2013-11-15 17:07 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2013-11-15 17:07 - 2013-11-15 17:07 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2013-11-15 17:07 - 2013-11-15 17:07 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2013-11-15 17:07 - 2013-11-15 17:07 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2013-11-15 17:07 - 2013-11-15 17:07 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2013-11-13 18:59 - 2013-08-07 14:05 - 00000000 ____D C:\Users\talon_000\AppData\Local\Packages
2013-11-13 08:24 - 2013-11-12 10:35 - 00000000 ___DC C:\WINDOWS\Panther
2013-11-12 10:57 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\restore
2013-11-12 10:35 - 2013-11-12 10:35 - 00000000 __SHD C:\Recovery
2013-11-12 10:34 - 2013-08-22 08:36 - 00262144 _____ C:\WINDOWS\system32\config\BCD-Template
2013-11-12 10:33 - 2013-11-12 10:33 - 01286552 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2013-11-12 10:33 - 2013-11-12 10:33 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2013-11-12 10:33 - 2013-11-12 10:33 - 00977408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2013-11-12 10:33 - 2013-11-12 10:33 - 00872840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2013-11-12 10:33 - 2013-11-12 10:33 - 00698232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2013-11-12 10:33 - 2013-11-12 10:33 - 00516496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2013-11-12 10:33 - 2013-11-12 10:33 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2013-11-12 10:33 - 2013-11-12 10:32 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2013-11-12 10:33 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\Camera
2013-11-12 10:32 - 2013-11-12 10:32 - 01765384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2013-11-12 10:32 - 2013-11-12 10:32 - 01018960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2013-11-12 10:32 - 2013-11-12 10:32 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2013-11-12 10:32 - 2013-11-12 10:32 - 00294400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2013-11-12 10:32 - 2013-11-12 10:32 - 00262144 _____ C:\WINDOWS\system32\config\userdiff
2013-11-12 10:32 - 2013-11-12 10:32 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2013-11-12 10:30 - 2013-11-12 10:30 - 00000000 ____D C:\Program Files\Reference Assemblies
2013-11-12 10:30 - 2013-11-12 10:30 - 00000000 ____D C:\Program Files\MSBuild
2013-11-12 10:30 - 2013-11-12 10:30 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2013-11-12 10:30 - 2013-11-12 10:30 - 00000000 ____D C:\Program Files (x86)\MSBuild
2013-11-12 10:05 - 2013-11-12 10:05 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Internet Security
2013-11-12 10:05 - 2013-11-12 10:02 - 00000000 ____D C:\Users\talon_000\AppData\Local\PackageStaging
2013-11-12 10:05 - 2013-11-12 09:43 - 00000000 ____D C:\Users\talon_000
2013-11-12 10:05 - 2013-11-03 17:02 - 00000000 ___RD C:\Users\talon_000\SkyDrive.old
2013-11-12 10:02 - 2013-11-12 10:02 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2013-11-12 10:00 - 2013-11-12 10:00 - 00000020 ___SH C:\Users\talon_000\ntuser.ini
2013-11-12 10:00 - 2013-11-05 19:23 - 00003234 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2013-11-12 09:56 - 2013-11-12 09:56 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2013-11-12 09:56 - 2013-11-12 09:43 - 00032388 _____ C:\WINDOWS\diagwrn.xml
2013-11-12 09:56 - 2013-11-12 09:43 - 00032388 _____ C:\WINDOWS\diagerr.xml
2013-11-12 09:56 - 2013-11-12 09:00 - 00006570 _____ C:\WINDOWS\comsetup.log
2013-11-12 09:56 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\Registration
2013-11-12 09:53 - 2013-08-22 08:36 - 00000000 __RSD C:\WINDOWS\Media
2013-11-12 09:53 - 2013-08-22 08:36 - 00000000 __RHD C:\Users\Public\Libraries
2013-11-12 09:52 - 2013-11-12 09:43 - 00000000 ____D C:\Users\Administrator
2013-11-12 09:49 - 2013-11-05 18:53 - 00000000 ____D C:\Users\talon_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2013-11-12 09:49 - 2013-09-29 20:48 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2013-11-12 09:49 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\zh-HK
2013-11-12 09:49 - 2013-08-22 06:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2013-11-12 09:49 - 2013-08-22 06:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2013-11-12 09:49 - 2013-03-17 23:22 - 00000000 ____D C:\WINDOWS\system32\tr
2013-11-12 09:49 - 2013-03-17 23:22 - 00000000 ____D C:\WINDOWS\system32\sv
2013-11-12 09:49 - 2013-03-17 23:22 - 00000000 ____D C:\WINDOWS\system32\sk
2013-11-12 09:49 - 2013-03-17 23:22 - 00000000 ____D C:\WINDOWS\system32\ru
2013-11-12 09:49 - 2013-03-17 23:22 - 00000000 ____D C:\WINDOWS\system32\pl
2013-11-12 09:49 - 2013-03-17 23:22 - 00000000 ____D C:\WINDOWS\system32\no
2013-11-12 09:49 - 2013-03-17 23:22 - 00000000 ____D C:\WINDOWS\system32\nl
2013-11-12 09:49 - 2013-03-17 23:22 - 00000000 ____D C:\WINDOWS\system32\it
2013-11-12 09:49 - 2013-03-17 23:22 - 00000000 ____D C:\WINDOWS\system32\hu
2013-11-12 09:49 - 2013-03-17 23:22 - 00000000 ____D C:\WINDOWS\system32\fr
2013-11-12 09:49 - 2013-03-17 23:22 - 00000000 ____D C:\WINDOWS\system32\fi
2013-11-12 09:49 - 2013-03-17 23:22 - 00000000 ____D C:\WINDOWS\system32\es
2013-11-12 09:49 - 2013-03-17 23:22 - 00000000 ____D C:\WINDOWS\system32\el
2013-11-12 09:49 - 2013-03-17 23:22 - 00000000 ____D C:\WINDOWS\system32\de
2013-11-12 09:49 - 2013-03-17 23:22 - 00000000 ____D C:\WINDOWS\system32\da
2013-11-12 09:49 - 2013-03-17 23:22 - 00000000 ____D C:\WINDOWS\system32\cs
2013-11-12 09:49 - 2013-03-17 23:16 - 00000000 ____D C:\WINDOWS\SysWOW64\Atheros_L1e
2013-11-12 09:49 - 2012-11-14 22:58 - 00000000 ____D C:\WINDOWS\en
2013-11-12 09:47 - 2013-09-29 20:48 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2013-11-12 09:47 - 2013-09-29 20:48 - 00000000 ____D C:\WINDOWS\system32\WCN
2013-11-12 09:47 - 2013-08-22 08:37 - 00004893 _____ C:\WINDOWS\DtcInstall.log
2013-11-12 09:47 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2013-11-12 09:47 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2013-11-12 09:47 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2013-11-12 09:47 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\spool
2013-11-12 09:47 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\MUI
2013-11-12 09:47 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\IME
2013-11-12 09:47 - 2013-08-22 06:36 - 00000000 ____D C:\WINDOWS\SysWOW64\SMI
2013-11-12 09:47 - 2013-08-22 06:36 - 00000000 ____D C:\WINDOWS\system32\oobe
2013-11-12 09:47 - 2013-03-17 23:16 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2013-11-12 09:47 - 2012-07-25 22:37 - 00000000 ____D C:\Users\Default.migrated
2013-11-12 09:46 - 2013-09-29 20:51 - 00000000 ____D C:\WINDOWS\ShellNew
2013-11-12 09:46 - 2013-08-22 08:43 - 00000000 ____D C:\WINDOWS\DigitalLocker
2013-11-12 09:46 - 2013-08-22 08:36 - 00000000 __SHD C:\Program Files\Windows Sidebar
2013-11-12 09:46 - 2013-08-22 08:36 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2013-11-12 09:46 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\Help
2013-11-12 09:46 - 2013-08-22 08:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-11-12 09:46 - 2012-11-14 21:40 - 00000000 ____D C:\ProgramData\PRICache
2013-11-12 09:45 - 2013-11-12 09:45 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2013-11-12 09:45 - 2013-11-12 09:43 - 00000000 ___RD C:\Users\talon_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2013-11-12 09:45 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\Recovery
2013-11-12 09:44 - 2013-11-12 09:43 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2013-11-12 09:44 - 2012-11-14 21:40 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-12 09:44 - 2012-11-14 21:40 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-11-12 09:44 - 2012-11-14 21:40 - 00000000 ____D C:\Users\Administrator\AppData\Local\Packages
2013-11-12 09:38 - 2013-11-12 09:38 - 00000264 _____ C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job
2013-11-12 09:38 - 2013-11-12 09:38 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2013-11-12 09:38 - 2013-11-12 09:38 - 00000000 ____D C:\Program Files\Synaptics
2013-11-12 09:37 - 2013-11-12 09:37 - 00000000 ____D C:\Program Files\Realtek
2013-11-12 09:37 - 2013-11-12 09:37 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2013-11-12 09:37 - 2013-11-12 09:37 - 00000000 ____D C:\Program Files\AMD
2013-11-12 09:37 - 2013-11-12 09:37 - 00000000 _____ C:\WINDOWS\ativpsrm.bin
2013-11-12 09:36 - 2013-08-22 06:36 - 00000000 __RHD C:\Users\Default
2013-11-12 09:15 - 2013-11-03 14:45 - 01172293 _____ C:\WINDOWS\WindowsUpdate (1).log
2013-11-12 08:46 - 2012-07-26 01:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2013-11-10 18:22 - 2013-11-10 18:22 - 00000000 ____D C:\ProgramData\Sun
2013-11-10 18:22 - 2013-11-10 18:22 - 00000000 ____D C:\ProgramData\Oracle
2013-11-10 18:20 - 2013-11-10 18:20 - 00915368 _____ (Oracle Corporation) C:\Users\talon_000\Downloads\chromeinstall-7u45.exe
2013-11-10 09:43 - 2013-11-05 19:22 - 00000000 ____D C:\WINDOWS\system32\Drivers\NISx64
2013-11-06 16:11 - 2013-11-05 19:23 - 00177312 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2013-11-06 16:11 - 2013-11-05 19:23 - 00007631 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2013-11-05 19:29 - 2012-11-14 22:27 - 00000000 ____D C:\ProgramData\Norton
2013-11-05 19:23 - 2013-11-05 19:23 - 00000000 ____D C:\Program Files\Symantec
2013-11-05 19:23 - 2013-11-05 19:23 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-11-05 19:22 - 2013-11-05 19:22 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security
2013-11-05 19:21 - 2013-11-05 18:53 - 00001285 _____ C:\Users\talon_000\Desktop\Norton Installation Files.lnk
2013-11-05 16:31 - 2013-08-22 08:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2013-11-05 16:31 - 2013-08-22 08:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-05 13:21 - 2013-11-16 02:44 - 21196664 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2013-11-05 11:51 - 2013-11-16 02:44 - 18642504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2013-11-05 09:20 - 2013-11-16 02:44 - 13925888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2013-11-05 09:11 - 2013-11-16 02:44 - 18577408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2013-11-05 08:58 - 2013-11-03 18:25 - 00000976 _____ C:\Users\talon_000\Desktop\EXCEL - Shortcut.lnk
2013-11-05 08:58 - 2013-11-03 18:23 - 00000988 _____ C:\Users\talon_000\Desktop\WINWORD - Shortcut.lnk
2013-11-05 07:30 - 2013-11-16 02:44 - 11674112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2013-11-05 07:29 - 2013-11-16 02:44 - 13176320 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2013-11-04 16:01 - 2013-11-04 16:01 - 00000222 _____ C:\Users\talon_000\Desktop\Scribblenauts Unlimited.url
2013-11-04 09:26 - 2013-11-03 14:17 - 00000000 ___HD C:\$SysReset
2013-11-04 09:20 - 2013-11-04 09:20 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2013-11-04 08:56 - 2012-11-14 22:25 - 00000000 ____D C:\ProgramData\Adobe
2013-11-04 08:51 - 2013-11-04 08:51 - 00000000 ____D C:\Users\talon_000\AppData\Local\Adobe
2013-11-04 08:51 - 2013-11-03 15:36 - 00000000 ____D C:\Users\talon_000\AppData\Roaming\Adobe
2013-11-03 19:38 - 2013-11-03 19:38 - 00000219 _____ C:\Users\talon_000\Desktop\Portal 2.url
2013-11-03 19:30 - 2013-11-03 19:30 - 00000000 ____D C:\Users\talon_000\AppData\Roaming\3909
2013-11-03 19:29 - 2013-11-03 19:29 - 00000222 _____ C:\Users\talon_000\Desktop\Papers, Please.url
2013-11-03 18:30 - 2013-11-03 18:30 - 00000190 _____ C:\Users\talon_000\Desktop\Gunpoint.url
2013-11-03 18:20 - 2013-11-03 18:20 - 00000376 _____ C:\WINDOWS\ODBC.INI
2013-11-03 18:19 - 2013-11-03 18:19 - 00000000 ____D C:\Program Files (x86)\Microsoft ActiveSync
2013-11-03 18:19 - 2013-11-03 18:17 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-11-03 17:23 - 2013-11-03 17:23 - 00010226 _____ C:\Users\talon_000\Desktop\GHScrabble - Shortcut.lnk
2013-11-03 17:23 - 2013-11-03 17:23 - 00008395 _____ C:\Users\talon_000\Desktop\MinecraftSP - Shortcut.lnk
2013-11-03 17:22 - 2013-11-03 17:22 - 00010317 _____ C:\Users\talon_000\Desktop\Insaniquarium - Shortcut.lnk
2013-11-03 16:55 - 2013-11-03 16:55 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2013-11-03 16:55 - 2012-11-14 22:30 - 00000000 ____D C:\Program Files (x86)\Toshiba
2013-11-03 16:48 - 2013-11-03 16:48 - 00000000 ____D C:\ProgramData\Synaptics
2013-11-03 16:35 - 2013-11-03 16:35 - 00000000 ____D C:\Users\talon_000\AppData\Roaming\Macromedia
2013-11-03 15:58 - 2012-11-14 22:35 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2013-11-03 15:57 - 2012-11-14 22:35 - 00000000 ____D C:\ProgramData\WildTangent
2013-11-03 15:54 - 2013-11-03 15:54 - 00000928 _____ C:\Users\Public\Desktop\Steam.lnk
2013-11-03 15:50 - 2013-11-03 15:50 - 00001439 _____ C:\Users\talon_000\Desktop\Game - Shortcut.lnk
2013-11-03 15:50 - 2013-08-14 07:30 - 00000000 ____D C:\Users\talon_000\Downloads\PokemonFusionGeneration
2013-11-03 15:48 - 2013-11-03 15:43 - 00003898 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2013-11-03 15:48 - 2013-11-03 15:43 - 00003662 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2013-11-03 15:45 - 2013-11-03 15:45 - 00000000 ____D C:\Users\talon_000\AppData\Roaming\ATI
2013-11-03 15:45 - 2013-11-03 15:45 - 00000000 ____D C:\Users\talon_000\AppData\Local\ATI
2013-11-03 15:43 - 2013-11-03 15:43 - 00000000 ____D C:\Users\talon_000\AppData\Local\Google
2013-11-03 15:43 - 2013-11-03 15:43 - 00000000 ____D C:\Program Files (x86)\Google
2013-11-03 15:42 - 2013-11-03 15:42 - 00000000 ____D C:\Users\talon_000\AppData\Local\Apps\2.0
2013-11-03 15:40 - 2013-11-03 15:40 - 00000000 ____D C:\Users\talon_000\AppData\Local\TOSHIBA
2013-11-03 15:39 - 2013-11-03 15:39 - 00011124 _____ C:\Users\talon_000\Desktop\Removed Apps.html
2013-11-03 15:37 - 2012-11-14 22:32 - 00000000 ____D C:\ProgramData\Toshiba
2013-11-03 15:36 - 2013-11-03 15:36 - 00000000 ____D C:\Users\talon_000\AppData\Roaming\WinBatch
2013-11-03 15:35 - 2013-11-03 15:35 - 00000000 ____D C:\Users\talon_000\AppData\Local\VirtualStore
2013-11-03 15:16 - 2013-11-03 15:16 - 00000013 __RSH C:\WINDOWS\system32\Drivers\fbd.sys
2013-11-03 14:48 - 2013-11-03 14:47 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Anti-Theft
2013-11-03 14:45 - 2013-11-03 14:45 - 00001998 _____ C:\Users\Administrator\AppData\Local\Application.xml
2013-10-30 14:24 - 2013-10-30 14:24 - 00000000 ____D C:\Users\talon_000\.phet
2013-10-28 08:51 - 2013-08-29 19:48 - 00000000 ____D C:\Users\talon_000\Documents\Connexus
2013-10-23 04:29 - 2013-11-16 02:48 - 00044936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2013-10-23 04:21 - 2013-11-16 02:48 - 00155480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2013-10-23 04:13 - 2013-11-16 02:48 - 00171864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kd_02_8086.dll
2013-10-22 22:27 - 2013-11-16 02:48 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-10-22 22:09 - 2013-11-16 02:48 - 04104704 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2013-10-22 22:04 - 2013-11-16 02:48 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-10-22 21:55 - 2013-11-16 02:48 - 00839680 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2013-10-22 21:46 - 2013-11-16 02:48 - 00700928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2013-10-22 01:18 - 2013-11-16 02:48 - 01287064 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2013-10-22 00:55 - 2013-11-16 02:48 - 02328872 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2013-10-21 23:03 - 2013-11-16 02:48 - 02065448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2013-10-21 22:15 - 2013-11-16 02:48 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2013-10-21 21:04 - 2013-11-16 02:48 - 00618496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2013-10-21 21:02 - 2013-11-16 02:48 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2013-10-21 20:56 - 2013-11-16 02:48 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2013-10-21 20:44 - 2013-11-16 02:48 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2013-10-21 19:38 - 2013-11-16 02:48 - 01362944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2013-10-21 19:22 - 2013-11-16 02:48 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2013-10-21 19:13 - 2013-11-16 02:48 - 01704448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2013-10-21 19:07 - 2013-11-16 02:48 - 02617344 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2013-10-21 18:53 - 2013-11-16 02:48 - 01584128 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2013-10-21 18:47 - 2013-11-16 02:48 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
 
Some content of TEMP:
====================
C:\Users\talon_000\AppData\Local\Temp\BackupSetup.exe
C:\Users\talon_000\AppData\Local\Temp\i4jdel0.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe
[2013-11-16 02:48] - [2013-10-22 00:55] - 2328872 ____A (Microsoft Corporation) 63DC38C3E4564B2405D562855643ABA2
 
C:\Windows\SysWOW64\explorer.exe
[2013-11-16 02:48] - [2013-10-21 23:03] - 2065448 ____A (Microsoft Corporation) 1A0BC9598E4A58FC84570FFF5A108E58
 
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll
[2013-11-16 02:48] - [2013-10-21 19:38] - 1362944 ____A (Microsoft Corporation) C72456BFFE941714CF05B0AA0BEE5B45
 
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-11-12 09:36
 
==================== End Of Log ============================
 
Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Open Notepad (Start => All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open Notepad and select Paste). Save it on the same directory as FRST.exe and save it as fixlist.txt

 

C:\Users\talon_000\AppData\Local\Temp\i4jdel0.exe

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.

The tool will make a log (Fixlog.txt) please post it to your reply.

Reboot Normally.

Link to post
Share on other sites
lisaepco

lisaepco

Posted
  • Author
Posted

Ran the frst64 and rebooted. Browser still opens to hijacked portal page. Here is the log.

 

 Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-11-2013

Ran by talon_000 at 2013-11-20 09:31:36 Run:1
Running from C:\Users\talon_000\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
C:\Users\talon_000\AppData\Local\Temp\i4jdel0.exe
 
*****************
 
C:\Users\talon_000\AppData\Local\Temp\i4jdel0.exe => Moved successfully.
 
==== End of Fixlog ====
Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
  • Please copy/paste the contents or attach that log file to your next reply.
  • If needed the file can be located here: C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

My mistake. Sorry!

Step 1

Please download Malwarebytes Anti-Rootkit from here

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt
Step 2

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    image000q.png

  • Put a checkmark beside loaded modules.

    2012081514h0118.png

  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.

    2012081517h0349.png

  • Click the Start Scan button.

    19695967.jpg

  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    67776163.jpg

  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.

    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    62117367.jpg

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  • In your next reply, post the following log files:
    • Malwarebytes' Anti-Rootkit log
    • TDSSKiller log
Link to post
Share on other sites
lisaepco

lisaepco

Posted
  • Author
Posted
mbar ran and found no malware......running second step now.

 

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1007

www.malwarebytes.org

 

Database version: v2013.11.20.10

 

Windows 8 x64 NTFS

Internet Explorer 11.0.9600.16438

talon_000 :: TALON-TOSH [administrator]

 

11/20/2013 11:02:36 AM

mbar-log-2013-11-20 (11-02-36).txt

 

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken

Scan options disabled: 

Objects scanned: 245253

Time elapsed: 8 minute(s), 51 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

Physical Sectors Detected: 0

(No malicious items detected)

 

(end)

 


---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.07.0.1007

 

© Malwarebytes Corporation 2011-2012

 

OS version: 6.2.9200 Windows 8 x64

 

Account is Administrative

 

Internet Explorer version: 11.0.9600.16438

 

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 2.695000 GHz

Memory total: 5870194688, free: 3799007232

 

Downloaded database version: v2013.11.20.10

Downloaded database version: v2013.10.11.02

Initializing...

======================

------------ Kernel report ------------

     11/20/2013 11:02:29

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kd.dll

\SystemRoot\system32\mcupdate_AuthenticAMD.dll

\SystemRoot\System32\drivers\werkernel.sys

\SystemRoot\System32\drivers\CLFS.SYS

\SystemRoot\System32\drivers\tm.sys

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\BOOTVID.dll

\SystemRoot\system32\CI.dll

\SystemRoot\System32\drivers\msrpc.sys

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\System32\Drivers\acpiex.sys

\SystemRoot\System32\Drivers\WppRecorder.sys

\SystemRoot\System32\drivers\ACPI.sys

\SystemRoot\System32\drivers\WMILIB.SYS

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\msisadrv.sys

\SystemRoot\System32\drivers\pci.sys

\SystemRoot\System32\drivers\vdrvroot.sys

\SystemRoot\system32\drivers\pdc.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\System32\drivers\spaceport.sys

\SystemRoot\System32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\System32\drivers\storahci.sys

\SystemRoot\System32\drivers\storport.sys

\SystemRoot\System32\drivers\EhStorClass.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\NISx64\1404000.028\SYMDS64.SYS

\SystemRoot\System32\drivers\fileinfo.sys

\SystemRoot\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\DRIVERS\wfplwfs.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\System32\drivers\volsnap.sys

\SystemRoot\System32\drivers\tos_sps64.sys

\SystemRoot\system32\DRIVERS\THAccel.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\intelpep.sys

\SystemRoot\System32\drivers\disk.sys

\SystemRoot\System32\drivers\CLASSPNP.SYS

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\drivers\cdrom.sys

\SystemRoot\system32\drivers\NISx64\1404000.028\ccSetx64.sys

\SystemRoot\system32\drivers\NISx64\1404000.028\Ironx64.SYS

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\BasicRender.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\System32\drivers\BasicDisplay.sys

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS

\??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS

\SystemRoot\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\System32\drivers\npsvctrig.sys

\SystemRoot\System32\drivers\mssmbios.sys

\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20131119.001\IDSvia64.sys

\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

\SystemRoot\System32\Drivers\dfsc.sys

\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20131114.001\BHDrvx64.sys

\SystemRoot\system32\DRIVERS\ahcache.sys

\SystemRoot\System32\drivers\CompositeBus.sys

\SystemRoot\system32\DRIVERS\kdnic.sys

\SystemRoot\System32\drivers\umbus.sys

\SystemRoot\System32\drivers\amdppm.sys

\SystemRoot\system32\DRIVERS\atikmpag.sys

\SystemRoot\system32\DRIVERS\atikmdag.sys

\SystemRoot\System32\drivers\HDAudBus.sys

\SystemRoot\system32\DRIVERS\L1C63x64.sys

\SystemRoot\system32\DRIVERS\rtwlane.sys

\SystemRoot\System32\drivers\vwifibus.sys

\SystemRoot\System32\drivers\USBXHCI.SYS

\SystemRoot\System32\drivers\ucx01000.sys

\SystemRoot\system32\DRIVERS\tdcmdpst.sys

\SystemRoot\System32\drivers\usbohci.sys

\SystemRoot\System32\drivers\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbfilter.sys

\SystemRoot\System32\drivers\usbehci.sys

\SystemRoot\System32\drivers\i8042prt.sys

\SystemRoot\system32\DRIVERS\SynTP.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\System32\drivers\kbdclass.sys

\SystemRoot\System32\drivers\mouclass.sys

\SystemRoot\System32\drivers\CmBatt.sys

\SystemRoot\System32\drivers\BATTC.SYS

\SystemRoot\System32\drivers\sdbus.sys

\SystemRoot\System32\drivers\wmiacpi.sys

\SystemRoot\System32\Drivers\fastfat.SYS

\SystemRoot\System32\drivers\FwLnk.sys

\SystemRoot\System32\drivers\TVALZ_O.SYS

\SystemRoot\system32\DRIVERS\TVALZFL.sys

\SystemRoot\System32\drivers\NdisVirtualBus.sys

\SystemRoot\System32\drivers\swenum.sys

\SystemRoot\System32\drivers\ks.sys

\SystemRoot\System32\drivers\rdpbus.sys

\SystemRoot\System32\drivers\usbhub.sys

\SystemRoot\system32\drivers\AtihdW86.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\System32\drivers\UsbHub3.sys

\SystemRoot\system32\drivers\HdAudio.sys

\SystemRoot\System32\drivers\Thotkey.sys

\SystemRoot\System32\drivers\mshidkmdf.sys

\SystemRoot\System32\drivers\HIDCLASS.SYS

\SystemRoot\System32\drivers\HIDPARSE.SYS

\SystemRoot\System32\Drivers\dump_diskdump.sys

\SystemRoot\System32\Drivers\dump_storahci.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\System32\Drivers\RtsUVStor.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\usbccgp.sys

\SystemRoot\System32\Drivers\usbvideo.sys

\SystemRoot\System32\drivers\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\system32\drivers\luafv.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\DRIVERS\vwifimp.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\drivers\Ndu.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\System32\drivers\WSDPrint.sys

\SystemRoot\System32\drivers\umpass.sys

\SystemRoot\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS

\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20131119.001\EX64.SYS

\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20131119.001\ENG64.SYS

\SystemRoot\System32\drivers\condrv.sys

\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys

\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xffffe0000154a060

Upper Device Driver Name: \Driver\disk\

Lower Device Name: \Device\00000029\

Lower Device Object: 0xffffe00001471060

Lower Device Driver Name: \Driver\storahci\

<<<2>>>

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xffffe0000154a060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\

--------- Disk Stack ------

DevicePointer: 0xffffe0000154ab20, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xffffe0000154a060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\

DevicePointer: 0xffffe0000154dbb0, DeviceName: Unknown, DriverName: \Driver\THAccel\

DevicePointer: 0xffffe00001471060, DeviceName: \Device\00000029\, DriverName: \Driver\storahci\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Read File: File "C:\Windows\System32\drivers\1394ohci.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\1394ohci.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\acpi.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\acpi.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\acpipagr.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\acpipagr.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\acpipmi.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\acpipmi.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\acpitime.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\acpitime.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\AGP440.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\AGP440.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\amdk8.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\amdk8.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\amdppm.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\amdppm.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\atapi.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\atapi.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\ataport.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\ataport.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\BasicRender.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\BasicRender.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\battc.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\battc.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\BtaMPM.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\BtaMPM.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\bthhfenum.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\bthhfenum.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\BthhfHid.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\BthhfHid.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\bthmodem.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\bthmodem.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\cdrom.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\cdrom.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\circlass.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\circlass.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\CmBatt.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\CmBatt.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\CompositeBus.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\CompositeBus.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\disk.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\disk.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\drmk.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\drmk.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\drmkaud.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\drmkaud.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\dumpsd.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\dumpsd.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\errdev.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\errdev.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\fdc.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\fdc.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\flpydisk.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\flpydisk.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\fxppm.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\fxppm.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\HdAudio.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\HdAudio.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\hidbatt.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\hidbatt.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\hidbth.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\hidbth.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\hidclass.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\hidclass.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\hidi2c.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\hidi2c.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\hidparse.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\hidparse.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\hidusb.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\hidusb.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\i8042prt.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\i8042prt.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\intelpep.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\intelpep.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\intelppm.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\intelppm.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\isapnp.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\isapnp.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\kbdclass.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\kbdclass.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\kbdhid.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\kbdhid.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\kdnic.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\kdnic.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\monitor.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\monitor.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\mouclass.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\mouclass.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\mouhid.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\mouhid.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\msgpiowin32.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\msgpiowin32.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\msisadrv.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\msisadrv.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\msiscsi.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\msiscsi.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\BasicDisplay.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\BasicDisplay.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\hdaudbus.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\hdaudbus.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\terminpt.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\terminpt.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\npsvctrig.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\npsvctrig.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\parport.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\parport.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\pci.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\pci.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\pciide.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\pciide.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\pciidex.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\pciidex.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\pcmcia.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\pcmcia.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\portcls.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\portcls.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\processr.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\processr.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\rdpbus.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\rdpbus.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\sbp2port.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\sbp2port.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\stornvme.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\stornvme.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\swenum.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\swenum.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\umpass.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\umpass.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\usbccgp.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbccgp.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\usbcir.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbcir.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\usbd.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbd.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\usbehci.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbehci.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\usbhub.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbhub.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\USBHUB3.SYS" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\USBHUB3.SYS" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\usbohci.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbohci.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\usbport.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbport.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\usbprint.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbprint.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\USBSTOR.SYS" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\USBSTOR.SYS" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\usbuhci.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbuhci.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\usbvideo.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbvideo.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\USBXHCI.SYS" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\USBXHCI.SYS" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\vdrvroot.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\vdrvroot.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\vhdmp.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\vhdmp.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\volmgr.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\volmgr.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\volsnap.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\volsnap.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\vwifibus.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\vwifibus.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\wacompen.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\wacompen.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\winusb.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\winusb.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\wmiacpi.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\wmiacpi.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\WSDPrint.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\WSDPrint.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\sdbus.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\sdbus.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\sdstor.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\sdstor.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\serenum.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\serenum.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\serial.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\serial.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\sermouse.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\sermouse.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\sfloppy.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\sfloppy.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\spaceport.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\spaceport.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\mssmbios.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\mssmbios.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\MTConfig.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\MTConfig.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\tpm.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\tpm.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\TsUsbGD.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\TsUsbGD.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\uaspstor.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\uaspstor.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\UCX01000.SYS" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\UCX01000.SYS" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\uefi.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\uefi.sys" is compressed (flags = 1)

Read File: File "C:\Windows\System32\drivers\umbus.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\SYSTEM32\drivers\umbus.sys" is compressed (flags = 1)

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

This drive is a GPT Drive.

MBR Signature: 55AA

Disk Signature: 0

 

GPT Protective MBR Partition information:

 

    Partition 0 type is EFI-GPT (0xee)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 1  Numsec = 4294967295

 

    Partition 1 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

    Partition 2 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

    Partition 3 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

GPT Partition information:

 

    GPT Header Signature 4546492050415254

    GPT Header Revision 65536 Size 92 CRC 2239355100

    GPT Header CurrentLba = 1 BackupLba 1250263727

    GPT Header FirstUsableLba 34  LastUsableLba 1250263694

    GPT Header Guid 3df11331-f622-45d9-aa6e-11e4b49e2617

    GPT Header Contains 128 partition entries starting at LBA 2

    GPT Header Partition entry size = 128

 

    Backup GPT header Signature 4546492050415254

    Backup GPT header Revision 65536 Size 92 CRC 2239355100

    Backup GPT header CurrentLba = 1250263727 BackupLba 1

    Backup GPT header FirstUsableLba 34  LastUsableLba 1250263694

    Backup GPT header Guid 3df11331-f622-45d9-aa6e-11e4b49e2617

    Backup GPT header Contains 128 partition entries starting at LBA 1250263695

    Backup GPT header Partition entry size = 128

 

    Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac

    Partition ID 8e917c5e-40b0-11e2-88a4-99bcbb13602d

    FirstLBA 2048  Last LBA 923647

    Attributes 1

    Partition Name                 Basic data partition

 

    Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b

    Partition ID 8e917c64-40b0-11e2-88a4-99bcbb13602d

    FirstLBA 923648  Last LBA 1456127

    Attributes 0

    Partition Name                 Basic data partition

 

    GPT Partition 1 is bootable

    Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae

    Partition ID 8e917c66-40b0-11e2-88a4-99bcbb13602d

    FirstLBA 1456128  Last LBA 1718271

    Attributes 0

    Partition Name                 Basic data partition

 

    Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7

    Partition ID 8e917c6e-40b0-11e2-88a4-99bcbb13602d

    FirstLBA 1718272  Last LBA 1227741183

    Attributes 0

    Partition Name                 Basic data partition

 

    Partition 4 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac

    Partition ID 428ad235-8a40-484d-b031-28c4f6e5e92c

    FirstLBA 1227741184  Last LBA 1228457983

    Attributes 1

    Partition Name                                     

 

    Partition 5 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac

    Partition ID 6bf04d9e-657a-478b-97c-a68e11964e76

    FirstLBA 1228457984  Last LBA 1250263039

    Attributes 1

    Partition Name                 Basic data partition

 

Disk Size: 640135028736 bytes

Sector size: 512 bytes

 

Done!

Scan finished

=======================================

 

 

Removal queue found; removal started

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...

Removal finished

 

Link to post
Share on other sites
lisaepco

lisaepco

Posted
  • Author
Posted

tdsskiler...........no threats found. 

 

My husband wanted to try and fix this and tells me he ran an adware cleaner program. I did not know that till we talked just now. I assume that is why there is no malware found. I wish he had waited as I trust this forum and had already been getting help. Not sure how to proceed now. Please advise and I apologize for the lack of communication on our part, 

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Let's check:

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Link to post
Share on other sites
lisaepco

lisaepco

Posted
  • Author
Posted
If this looks okay I only have one more question. Would the processional version of Malwarebytes have stopped this? 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.0.8 (11.05.2013:1)

OS: Windows 8.1 x64

Ran by talon_000 on Thu 11/21/2013 at 20:06:13.04

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Thu 11/21/2013 at 20:11:12.18

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Looks fine. Yes, the PRO version can stop them.

Step 1

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Step 2

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Uninstall
  • Confirm with Yes

Step 3

Please manually delete FRST and Malwarebytes' Anti-Rootkit .

Step 4

Some malware preventions:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing! :)

Link to post
Share on other sites
  • 3 weeks later...
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.