Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Hijack


  • This topic is locked This topic is locked
27 replies to this topic

#1 FangByte

FangByte

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 03 October 2012 - 11:31 AM

Hello, Recently my browsers have been acting up more specficly Internet Explorer and Firefox (Maybe chrome but I have yet to to check it do to mass amount of tabs). I downloaded a program called ConverterLite, which I thought was safe, because it was the first thing i found for a converter in a AD on google and also the top search. After downloading I used Internet Explorer and noticed my Google searches were being hijacked, I deleated ConverterLite (But there might be another program installed by it, it was suppose to help orphans, homeless or something I don't remember.) after Deleating ConverterLite I restored it to an older point before I installed the program but that only made it that the hijacking only made changing addresses slower for a certain time, then everything would run normally. I did a a Full Scan with Nortan and Malwarebytes, and checked my Taskmanager, Norton Found nothing, Nothing strange was in my Taskmanager I checked pretty much all the programs, But Malwarebytes found a few files I'm not sure are actually virsues but might be infected and quarntined them. One file named caocyhen.dll would be blocked after restarting my computer or randomly during the day by Malwarebytes, it would quarntine it, but it would just keep popping back out, so i used File Assassin to remove it, it was in a Game Demo folder, saying it was an Itunes Helper which really makes no sense. then my RunDll showed an error saying it could not find it, so i fixed that registry error. but now the hijacking is getting worse, it no longers takes over my searches, but will make another Browser window pop-up, and still slows down my browser, so i used Combofix, but that only fixed a few things.

DDS:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.6.2
Run by Brandon at 11:39:29 on 2012-10-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6135.3088 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ASUS.SYS\config\DVMExportService.exe
C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Windows\system32\lxdecoms.exe
C:\Data\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWlan.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Lexmark 4800 Series\lxdemon.exe
C:\Program Files (x86)\Lexmark 4800 Series\lxdeamon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Data\Malwarebytes' Anti-Malware\mbam.exe
C:\Data\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Data\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.msn.com
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
BHO: CorePluginIEBHO Class: {13fa2453-9287-4f18-8554-976d7c02f4ee} - C:\Perfect World Entertainment\CORE Client\Plugins\CorePluginIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\IPS\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coIEPlg.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Akamai NetSession Interface] "C:\Users\Brandon\AppData\Local\Akamai\netsession_win.exe"
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
mRun: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GAMERS~1.LNK - C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: En&queue current page with BID - file://C:\Data\Bulk Image Downloader\iemenu\iebidqueue.htm
IE: Enqueue link tar&get with BID - file://C:\Data\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
IE: Open &link target with BID - file://C:\Data\Bulk Image Downloader\iemenu\iebidlink.htm
IE: Open current page with BI&D - file://C:\Data\Bulk Image Downloader\iemenu\iebid.htm
IE: Open current page with BID Link Explorer - file://C:\Data\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.31.0.cab
DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} - hxxps://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.27.2.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15116/CTPID.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{17E8219D-EBF0-4E52-85E2-4F6DCF7EF2AD} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{17E8219D-EBF0-4E52-85E2-4F6DCF7EF2AD}\36F6478656273747F6E656 : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: CorePluginIEBHO Class: {13FA2453-9287-4F18-8554-976D7C02F4EE} - C:\Perfect World Entertainment\CORE Client\Plugins\CorePluginIE.dll
BHO-X64: CorePluginIEBHO - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coIEPlg.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
mRun-x64: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\scxeqvga.default\
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc -
.
============= SERVICES / DRIVERS ===============
.
P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-7-11 8704]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0502020.003\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0502020.003\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0502020.003\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0502020.003\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120928.001\BHDrvx64.sys [2012-10-1 1385120]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121002.001\IDSviA64.sys [2012-10-3 513184]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0502020.003\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0502020.003\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2010-9-2 90112]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 DvmMDES;DeviceVM Meta Data Export Service;C:\ASUS.SYS\config\DVMExportService.exe [2009-2-18 294912]
R2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-8-27 1253376]
R2 lxde_device;lxde_device;C:\Windows\system32\lxdecoms.exe -service --> C:\Windows\system32\lxdecoms.exe -service [?]
R2 MBAMScheduler;MBAMScheduler;C:\Data\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-26 399432]
R2 MBAMService;MBAMService;C:\Data\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-26 676936]
R2 MSSQL$BWDATOOLSET;SQL Server (BWDATOOLSET);C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccsvchst.exe [2012-7-16 130008]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R2 Realtek11nSU;Realtek11nSU;C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [2011-5-16 36864]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-10 138912]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8192su.sys --> C:\Windows\system32\DRIVERS\RTL8192su.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 lxdeCATSCustConnectService;lxdeCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\lxdeserv.exe [2007-5-29 33712]
S2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-2-22 86016]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-29 250288]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-3-9 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-3-9 79360]
S3 Desura Install Service;Desura Install Service;C:\Program Files (x86)\Common Files\Desura\desura_service.exe [2011-12-27 131912]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-8-7 3276800]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-3-20 1431888]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-29 114144]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PsSdk41;PsSdk41;\??\C:\Windows\system32\Drivers\pssdk41.sys --> C:\Windows\system32\Drivers\pssdk41.sys [?]
S3 pwdrvio;pwdrvio;\??\C:\Windows\system32\pwdrvio.sys --> C:\Windows\system32\pwdrvio.sys [?]
S3 pwdspio;pwdspio;\??\C:\Windows\system32\pwdspio.sys --> C:\Windows\system32\pwdspio.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-10-03 15:37:28 98816 ----a-w- C:\Windows\sed.exe
2012-10-03 15:37:28 518144 ----a-w- C:\Windows\SWREG.exe
2012-10-03 15:37:28 256000 ----a-w- C:\Windows\PEV.exe
2012-10-03 15:37:28 208896 ----a-w- C:\Windows\MBR.exe
2012-10-03 15:17:18 -------- d-----w- C:\Users\Brandon\AppData\Local\{4B3ECAFB-AE53-4438-A269-5428BD844523}
2012-10-02 16:44:09 972192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F1DE7167-E0D2-4228-B712-58B0CAD866A6}\gapaengine.dll
2012-10-02 16:44:06 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1ED8E471-CABC-48DB-8D3E-6BE2C7168614}\mpengine.dll
2012-10-02 16:41:21 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-10-02 16:41:17 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-10-02 16:22:51 -------- d-----w- C:\Users\Brandon\AppData\Local\{5FE7D644-09A6-4085-B7C5-448661542FF7}
2012-10-01 16:16:49 -------- d-----w- C:\Users\Brandon\AppData\Local\{2BC93B65-B3FA-4C71-82D2-5E8D3EB3E85A}
2012-09-30 15:37:13 -------- d-----w- C:\Users\Brandon\AppData\Local\{2DA9C663-0D23-4FC7-9D75-59313B6F0D98}
2012-09-29 14:44:01 -------- d-----w- C:\Users\Brandon\AppData\Local\{6E88697D-9E08-450B-B8C9-361DC67CE2EA}
2012-09-28 15:57:37 -------- d-----w- C:\Users\Brandon\AppData\Local\{2197A611-80BA-4A87-AB0A-0E1AB0D07C83}
2012-09-27 16:06:22 -------- d-----w- C:\Users\Brandon\AppData\Local\{BED89652-84B3-4097-B348-3ABFC46304D0}
2012-09-27 00:43:37 -------- d-----w- C:\Users\Brandon\AppData\Roaming\Malwarebytes
2012-09-27 00:43:18 -------- d-----w- C:\ProgramData\Malwarebytes
2012-09-27 00:43:17 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-26 16:36:33 -------- d-----w- C:\Users\Brandon\AppData\Local\{71C2502E-3B68-4E78-B045-0DABA824748F}
2012-09-25 22:57:02 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-09-25 22:49:24 -------- d-----w- C:\Users\Brandon\AppData\Local\{45EDFBB3-5160-4302-9D11-17E2CFA4F6D4}
2012-09-25 15:27:08 -------- d-----w- C:\Users\Brandon\AppData\Local\{B599559A-FC03-42B6-A183-3C9A41106EF6}
2012-09-24 14:00:01 -------- d-----w- C:\Users\Brandon\AppData\Local\{86587E7B-0BE9-4D00-8136-A0AC6D0311E0}
2012-09-24 01:34:18 -------- d-----w- C:\Users\Brandon\AppData\Local\{6EFEB90A-C5CD-4B9E-AB25-4791244E4808}
2012-09-22 13:59:02 -------- d-----w- C:\Users\Brandon\AppData\Local\{7F934874-B25B-4526-A946-3470638FA056}
2012-09-21 14:51:58 -------- d-----w- C:\Users\Brandon\AppData\Local\{FDCCE760-F80B-4AA7-B9AF-D2BDB7B9C7F1}
2012-09-20 15:23:30 -------- d-----w- C:\Users\Brandon\AppData\Local\{D26255C3-A32B-464B-A883-C414FF5F75BF}
2012-09-19 14:39:32 -------- d-----w- C:\Users\Brandon\AppData\Local\{7E0B615F-271A-49FF-95AF-CF42D1EDB5FF}
2012-09-18 14:28:31 -------- d-----w- C:\Users\Brandon\AppData\Local\{8A4AD2CF-9303-41B5-B939-33225735D46A}
2012-09-17 14:41:08 -------- d-----w- C:\Users\Brandon\AppData\Local\{3B6E0E96-2D63-40AA-979F-F8676B6DE36E}
2012-09-16 16:08:53 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-09-16 15:29:17 -------- d-----w- C:\Users\Brandon\AppData\Local\{CE08C683-8D47-4777-BC25-48432D0E82CA}
2012-09-15 18:34:44 -------- d-----w- C:\Users\Brandon\AppData\Local\{FB01A2BF-EDDA-466D-8C21-95F610303AEC}
2012-09-14 17:11:58 -------- d-----w- C:\Users\Brandon\AppData\Local\{C1E3D638-5DBD-457C-9A5E-0A4319103819}
2012-09-13 16:29:02 -------- d-----w- C:\Users\Brandon\AppData\Local\{FF1FA700-2E76-4E32-9AE4-5A659337BF68}
2012-09-12 16:14:56 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-09-12 16:14:56 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2012-09-12 16:14:54 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-09-12 16:14:54 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-12 16:14:51 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-09-12 16:14:50 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-09-12 16:14:50 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-09-12 16:07:38 -------- d-----w- C:\Users\Brandon\AppData\Local\{D15ABC26-59BE-4EDB-9477-D2C6DB47E700}
2012-09-11 15:40:31 -------- d-----w- C:\Users\Brandon\AppData\Local\{DF16BF8B-AF7E-4549-965C-12F9332F7991}
2012-09-10 14:55:03 -------- d-----w- C:\Users\Brandon\AppData\Local\{40C6B177-AC30-4805-9246-8BBE4D79B04C}
2012-09-09 16:51:37 -------- d-----w- C:\Users\Brandon\AppData\Local\{50428F55-8A82-4644-8A8D-1F4D13C2A4BD}
2012-09-08 11:37:15 -------- d-----w- C:\Users\Brandon\AppData\Local\{66CCC9AC-C85C-4243-9137-8518B61F09A4}
2012-09-07 15:59:09 -------- d-----w- C:\Users\Brandon\AppData\Local\{CE017A08-20B8-4916-B72C-6059B356E62E}
2012-09-06 16:45:45 -------- d-----w- C:\Users\Brandon\AppData\Local\{B0BED24C-9526-4B4E-9B4E-7DFF1CDD3C16}
2012-09-05 16:33:32 -------- d-----w- C:\Users\Brandon\AppData\Local\{F52FC5F8-5DB2-4520-9AA3-7B9377386B05}
2012-09-04 15:47:39 -------- d-----w- C:\Users\Brandon\AppData\Local\{7E809D06-5779-47CA-80C4-0100667F9546}
.
==================== Find3M ====================
.
2012-09-20 19:12:38 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-20 19:12:38 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-11 22:05:30 121416 ----a-w- C:\Windows\System32\drivers\MijXfilt.sys
2012-08-31 03:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-08-31 03:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-08-26 18:45:37 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-08-26 18:45:33 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-08-26 18:45:33 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-13 19:32:27 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-08-13 19:32:27 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-08-13 19:31:51 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-07-31 23:11:42 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-07-28 04:09:20 5538984 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-07-28 04:07:44 10278912 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-07-28 03:47:40 187392 ----a-w- C:\Windows\System32\clinfo.exe
2012-07-28 03:47:24 75776 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-07-28 03:47:16 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-07-28 03:47:10 63488 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-07-28 03:47:06 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-07-28 03:46:56 16464896 ----a-w- C:\Windows\System32\amdocl64.dll
2012-07-28 03:46:06 13013504 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-07-28 03:43:12 70144 ----a-w- C:\Windows\System32\coinst_8.982.dll
2012-07-28 03:19:34 24935424 ----a-w- C:\Windows\System32\atio6axx.dll
2012-07-28 02:50:10 20546560 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-07-28 02:15:50 163840 ----a-w- C:\Windows\System32\atiapfxx.exe
2012-07-28 02:15:42 931328 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-07-28 02:13:56 1100288 ----a-w- C:\Windows\System32\aticfx64.dll
2012-07-28 02:10:40 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2012-07-28 02:10:34 534528 ----a-w- C:\Windows\System32\atieclxx.exe
2012-07-28 02:09:44 239616 ----a-w- C:\Windows\System32\atiesrxx.exe
2012-07-28 02:08:20 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2012-07-28 02:08:04 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2012-07-28 02:07:58 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-07-28 02:07:52 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-07-28 02:07:10 6430208 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-07-28 01:51:12 7052288 ----a-w- C:\Windows\System32\atidxx64.dll
2012-07-28 01:41:32 4266496 ----a-w- C:\Windows\System32\atiumd6a.dll
2012-07-28 01:35:10 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2012-07-28 01:35:08 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-07-28 01:35:02 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2012-07-28 01:35:00 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-07-28 01:34:48 16034304 ----a-w- C:\Windows\System32\aticaldd64.dll
2012-07-28 01:32:32 4751872 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-07-28 01:30:10 13605888 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2012-07-28 01:25:52 6676480 ----a-w- C:\Windows\System32\atiumd64.dll
2012-07-28 01:15:32 540160 ----a-w- C:\Windows\System32\atiadlxx.dll
2012-07-28 01:15:22 368640 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-07-28 01:15:12 17920 ----a-w- C:\Windows\System32\atig6pxx.dll
2012-07-28 01:15:08 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-07-28 01:15:08 14848 ----a-w- C:\Windows\System32\atiglpxx.dll
2012-07-28 01:15:04 41984 ----a-w- C:\Windows\System32\atig6txx.dll
2012-07-28 01:14:56 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-07-28 01:14:46 368640 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2012-07-28 01:13:54 129536 ----a-w- C:\Windows\System32\atiuxp64.dll
2012-07-28 01:13:48 109568 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-07-28 01:13:40 103936 ----a-w- C:\Windows\System32\atiu9p64.dll
2012-07-28 01:13:32 83456 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-07-28 01:12:54 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2012-07-28 01:08:42 56320 ----a-w- C:\Windows\System32\atimpc64.dll
2012-07-28 01:08:42 56320 ----a-w- C:\Windows\System32\amdpcom64.dll
2012-07-28 01:08:36 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2012-07-28 01:08:36 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-06 20:07:42 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
.
============= FINISH: 11:40:10.26 ===============


Combofix

ComboFix 12-10-03.03 - Brandon 10/03/2012 10:39:17.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6135.4226 [GMT -5:00]
Running from: c:\users\Brandon\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-09-03 to 2012-10-03 )))))))))))))))))))))))))))))))
.
.
2012-10-03 15:53 . 2012-10-03 15:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-02 16:44 . 2012-10-02 16:43 972192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F1DE7167-E0D2-4228-B712-58B0CAD866A6}\gapaengine.dll
2012-10-02 16:44 . 2012-08-30 05:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1ED8E471-CABC-48DB-8D3E-6BE2C7168614}\mpengine.dll
2012-10-02 16:41 . 2012-10-02 16:41 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-10-02 16:41 . 2012-10-02 16:41 -------- d-----w- c:\program files\Microsoft Security Client
2012-09-27 00:43 . 2012-09-27 00:43 -------- d-----w- c:\users\Brandon\AppData\Roaming\Malwarebytes
2012-09-27 00:43 . 2012-09-27 00:43 -------- d-----w- c:\programdata\Malwarebytes
2012-09-27 00:43 . 2012-09-07 22:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-25 22:57 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-22 21:07 . 2012-09-22 21:08 -------- d-----w- c:\users\Brandon\AppData\Roaming\ImgBurn
2012-09-19 06:27 . 2012-09-19 06:27 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-09-16 16:08 . 2012-09-16 16:08 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-09-12 16:14 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 16:14 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 16:14 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 16:14 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-12 16:14 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 16:14 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 16:14 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-20 19:12 . 2012-03-29 15:46 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-20 19:12 . 2011-05-19 20:31 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-13 06:59 . 2010-05-24 21:32 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-09-11 22:05 . 2012-03-22 23:09 121416 ----a-w- c:\windows\system32\drivers\MijXfilt.sys
2012-08-31 03:03 . 2012-08-31 03:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-31 03:03 . 2012-08-31 03:03 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-26 18:45 . 2012-08-26 18:45 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-08-26 18:45 . 2012-08-26 18:46 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-08-26 18:45 . 2010-09-13 04:31 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-13 19:32 . 2010-09-14 03:14 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-08-13 19:32 . 2010-09-14 03:13 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-08-13 19:31 . 2010-09-14 03:13 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-07-31 23:11 . 2010-09-14 03:13 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-07-28 04:09 . 2012-07-28 04:09 5538984 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-07-28 04:07 . 2012-07-28 04:07 10278912 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-07-28 03:47 . 2012-07-28 03:47 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-07-28 03:47 . 2012-07-28 03:47 75776 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-07-28 03:47 . 2012-07-28 03:47 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-07-28 03:47 . 2012-07-28 03:47 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-07-28 03:47 . 2012-07-28 03:47 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-07-28 03:46 . 2012-07-28 03:46 16464896 ----a-w- c:\windows\system32\amdocl64.dll
2012-07-28 03:46 . 2012-07-28 03:46 13013504 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-07-28 03:43 . 2012-07-28 03:43 70144 ----a-w- c:\windows\system32\coinst_8.982.dll
2012-07-28 03:19 . 2012-07-28 03:19 24935424 ----a-w- c:\windows\system32\atio6axx.dll
2012-07-28 02:50 . 2012-07-28 02:50 20546560 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-07-28 02:15 . 2012-07-28 02:15 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-07-28 02:15 . 2012-07-28 02:15 931328 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-07-28 02:13 . 2012-07-28 02:13 1100288 ----a-w- c:\windows\system32\aticfx64.dll
2012-07-28 02:10 . 2012-07-28 02:10 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-07-28 02:10 . 2012-07-28 02:10 534528 ----a-w- c:\windows\system32\atieclxx.exe
2012-07-28 02:09 . 2012-07-28 02:09 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2012-07-28 02:08 . 2012-07-28 02:08 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-07-28 02:08 . 2012-07-28 02:08 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-07-28 02:07 . 2012-07-28 02:07 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-07-28 02:07 . 2012-07-28 02:07 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-07-28 02:07 . 2012-07-28 02:07 6430208 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-07-28 01:51 . 2012-07-28 01:51 7052288 ----a-w- c:\windows\system32\atidxx64.dll
2012-07-28 01:41 . 2012-07-28 01:41 4266496 ----a-w- c:\windows\system32\atiumd6a.dll
2012-07-28 01:35 . 2012-07-28 01:35 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-07-28 01:35 . 2012-07-28 01:35 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-07-28 01:35 . 2012-07-28 01:35 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-07-28 01:35 . 2012-07-28 01:35 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-07-28 01:34 . 2012-07-28 01:34 16034304 ----a-w- c:\windows\system32\aticaldd64.dll
2012-07-28 01:32 . 2012-07-28 01:32 4751872 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-07-28 01:30 . 2012-07-28 01:30 13605888 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-07-28 01:25 . 2012-07-28 01:25 6676480 ----a-w- c:\windows\system32\atiumd64.dll
2012-07-28 01:15 . 2012-07-28 01:15 540160 ----a-w- c:\windows\system32\atiadlxx.dll
2012-07-28 01:15 . 2012-07-28 01:15 368640 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-07-28 01:15 . 2012-07-28 01:15 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2012-07-28 01:15 . 2012-07-28 01:15 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-07-28 01:15 . 2012-07-28 01:15 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-07-28 01:15 . 2012-07-28 01:15 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-07-28 01:14 . 2012-07-28 01:14 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-07-28 01:14 . 2012-07-28 01:14 368640 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-07-28 01:13 . 2010-07-07 01:15 129536 ----a-w- c:\windows\system32\atiuxp64.dll
2012-07-28 01:13 . 2012-07-28 01:13 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-07-28 01:13 . 2012-07-28 01:13 103936 ----a-w- c:\windows\system32\atiu9p64.dll
2012-07-28 01:13 . 2012-07-28 01:13 83456 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-07-28 01:12 . 2012-07-28 01:12 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-07-28 01:08 . 2012-07-28 01:08 56320 ----a-w- c:\windows\system32\atimpc64.dll
2012-07-28 01:08 . 2012-07-28 01:08 56320 ----a-w- c:\windows\system32\amdpcom64.dll
2012-07-28 01:08 . 2012-07-28 01:08 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-07-28 01:08 . 2012-07-28 01:08 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-07-18 18:15 . 2012-08-15 16:21 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-06 20:07 . 2012-08-16 08:08 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{13FA2453-9287-4F18-8554-976D7C02F4EE}]
2012-01-11 02:43 63368 ----a-w- c:\perfect world entertainment\CORE Client\plugins\CorePluginIE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-08-11 1353080]
"Akamai NetSession Interface"="c:\users\Brandon\AppData\Local\Akamai\netsession_win.exe" [2012-08-10 4440896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2009-06-30 36864]
"VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-03-01 180224]
"P17RunE"="P17RunE.dll" [2008-03-28 14848]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GamersFirst LIVE!.lnk - c:\program files (x86)\GamersFirst\LIVE!\Live.exe [2011-3-2 2845552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 lxdeCATSCustConnectService;lxdeCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdeserv.exe [2007-05-29 33712]
R2 MBAMService;MBAMService;c:\data\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
R2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;c:\program files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-02-23 86016]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-20 250288]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-03-09 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-03-09 79360]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2011-12-27 131912]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\steam\steamapps\common\ava\Binaries\GameGuard\dump_wmimmc.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-03-20 1431888]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2012-09-11 121416]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-16 114144]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PsSdk41;PsSdk41;c:\windows\system32\Drivers\pssdk41.sys [2010-12-15 51776]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2010-08-16 19936]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2010-08-16 13280]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-11-25 694888]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-24 1255736]
R3 X6va003;X6va003;c:\users\Brandon\AppData\Local\Temp\003F9AE.tmp [x]
R3 X6va005;X6va005;c:\users\Brandon\AppData\Local\Temp\0058EB2.tmp [x]
R3 X6va006;X6va006;c:\users\Brandon\AppData\Local\Temp\0067E15.tmp [x]
R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-02 834544]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0502020.003\SYMDS64.SYS [2011-01-27 450680]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0502020.003\SYMEFA64.SYS [2011-03-15 912504]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120928.001\BHDrvx64.sys [2012-08-31 1385120]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121002.001\IDSvia64.sys [2012-09-06 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS [2010-11-16 171128]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS [2011-04-21 386168]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-28 239616]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-08-19 90112]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2009-02-18 294912]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 lxde_device;lxde_device;c:\windows\system32\lxdecoms.exe [2007-05-29 1053104]
S2 MBAMScheduler;MBAMScheduler;c:\data\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S2 MSSQL$BWDATOOLSET;SQL Server (BWDATOOLSET);c:\program files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-11 29293408]
S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe [2011-04-17 130008]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
S2 Realtek11nSU;Realtek11nSU;c:\program files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [2010-04-16 36864]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-07-28 10278912]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-07-28 368640]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-11 138912]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 19:12]
.
2012-10-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2231389576-273949626-629909735-1000Core.job
- c:\users\Brandon\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-25 13:45]
.
2012-10-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2231389576-273949626-629909735-1000UA.job
- c:\users\Brandon\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-25 13:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lxdemon.exe"="c:\program files (x86)\Lexmark 4800 Series\lxdemon.exe" [2010-02-15 455336]
"lxdeamon"="c:\program files (x86)\Lexmark 4800 Series\lxdeamon.exe" [2010-02-15 25256]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
IE: En&queue current page with BID - file://c:\data\Bulk Image Downloader\iemenu\iebidqueue.htm
IE: Enqueue link tar&get with BID - file://c:\data\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
IE: Open &link target with BID - file://c:\data\Bulk Image Downloader\iemenu\iebidlink.htm
IE: Open current page with BI&D - file://c:\data\Bulk Image Downloader\iemenu\iebid.htm
IE: Open current page with BID Link Explorer - file://c:\data\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\scxeqvga.default\
FF - user.js: general.useragent.extra.brc -
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
AddRemove-0E1FCADF-7BF7-4AAF-B244-845BE4B51B5C_is1 - c:\data\RTE Capture\unins000.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Adventure Maker v4.4.0_is1 - c:\data\Adventure Maker v4.4.0\unins000.exe
AddRemove-BattlEye for OA - c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowheadExpansion\BattlEye\UnInstallBE.exe
AddRemove-PoE:2 - c:\program files (x86)\steam\steamapps\common\battlefield 2\mods\poe2\uninstall.exe
AddRemove-{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB} - c:\program files (x86)\Common Files\BioWare\Uninstall Mass Effect 2.exe
AddRemove-{9E4F0E65-209E-4713-8BE2-7F8802BB3987}_is1 - c:\data\War Inc Battlezone\unins000.exe
AddRemove-World in Conflict MW Mod 2.0 Open Beta R8 - c:\users\Public\Documents\World in Conflict\Mods\MW Mod 2.0 Open Beta Uninstall
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\5.2.2.3\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va003]
"ImagePath"="\??\c:\users\Brandon\AppData\Local\Temp\003F9AE.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Brandon\AppData\Local\Temp\0058EB2.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va006]
"ImagePath"="\??\c:\users\Brandon\AppData\Local\Temp\0067E15.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2231389576-273949626-629909735-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2231389576-273949626-629909735-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-2231389576-273949626-629909735-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:1e,ca,ec,41,45,d7,0d,6a,8a,09,40,4e,e0,90,bc,22,8c,98,47,a4,e8,d4,3e,
06,cc,7f,2e,8d,d6,76,77,49,91,5e,11,be,ca,a3,17,ce,68,db,83,3b,cf,c5,d5,b1,\
"??"=hex:e2,e3,69,ea,1b,a0,36,b1,7d,8f,6a,56,07,c3,96,b8
.
[HKEY_USERS\S-1-5-21-2231389576-273949626-629909735-1000\Software\SecuROM\License information*]
"datasecu"=hex:50,73,e2,49,8a,da,ce,c4,5d,a0,1e,6d,f2,42,2a,c6,68,03,3d,71,18,
d6,5b,6e,a6,f2,6b,4f,b6,78,03,64,85,64,2f,34,d9,7c,4c,68,90,99,96,ce,5a,83,\
"rkeysecu"=hex:25,6e,26,75,92,ce,4f,64,cb,53,79,fc,02,ed,22,d1
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-03 10:57:53
ComboFix-quarantined-files.txt 2012-10-03 15:57
.
Pre-Run: 86,963,068,928 bytes free
Post-Run: 86,434,783,232 bytes free
.
- - End Of File - - 7C04055EEC8CA36461E955EEB5AD6A2A


I'm really don't know what to do I have fixed problams liked this before, but this one just won't go away.
Anyhelp would be appreciated.
Thank You.

Attached Files


Edited by FangByte, 04 October 2012 - 11:10 AM.
Moved from Win 7 to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:22 AM

Posted 03 October 2012 - 03:18 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 FangByte

FangByte
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 04 October 2012 - 10:54 AM

Thank You for Helping me Gringo it's really appericated.
Also recently now when I open a link, Secruity Alert pops up asking if i want to leave the page, after the page I was on finishes loading, It wants to take me to another address one I do not want to go to.


Here are the logs you wanted.

Security Check
Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Microsoft Security Essentials
Norton Security Suite
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.0.1400
Java 7 Update 6
Java version out of Date!
Adobe Flash Player 11.4.402.278
Adobe Reader X (10.1.4)
Mozilla Firefox (15.0.1)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Microsoft Security Essentials MSMpEng.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes Anti-Malware mbam.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````


AdwCleaner

# AdwCleaner v2.003 - Logfile created 10/04/2012 at 10:30:39
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Brandon - BRANDON-PC
# Boot Mode : Normal
# Running from : C:\Users\Brandon\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\boost_interprocess

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKLM\Software\Conduit

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\scxeqvga.default\prefs.js

C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\scxeqvga.default\user.js ... Deleted !

[OK] File is clean.

-\\ Google Chrome v22.0.1229.79

File : C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1686 octets] - [04/10/2012 10:30:39]

########## EOF - C:\AdwCleaner[S1].txt - [1746 octets] ##########



RogueKiller

RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Brandon [Admin rights]
Mode : Scan -- Date : 10/04/2012 10:44:42

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDS721010CLA332 ATA Device +++++
--- User ---
[MBR] e9c53b5ee06e020224d45d0bf26d292a
[BSP] 7bda42e72dee3eb95bb6ed911bd35e06 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

Edited by FangByte, 04 October 2012 - 10:55 AM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:22 AM

Posted 04 October 2012 - 02:21 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 FangByte

FangByte
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 04 October 2012 - 11:54 PM

Here is the recent Combofix Log

ComboFix 12-10-03.03 - Brandon 10/04/2012 23:25:21.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6135.3931 [GMT -5:00]
Running from: c:\users\Brandon\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-09-05 to 2012-10-05 )))))))))))))))))))))))))))))))
.
.
2012-10-05 04:47 . 2012-10-05 04:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-04 01:38 . 2012-08-30 05:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C479FB31-67AC-464E-A88A-2C1B455A8F11}\mpengine.dll
2012-10-02 16:44 . 2012-10-02 16:43 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F1DE7167-E0D2-4228-B712-58B0CAD866A6}\gapaengine.dll
2012-10-02 16:44 . 2012-08-30 05:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-02 16:41 . 2012-10-02 16:41 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-10-02 16:41 . 2012-10-02 16:41 -------- d-----w- c:\program files\Microsoft Security Client
2012-09-27 00:43 . 2012-09-27 00:43 -------- d-----w- c:\users\Brandon\AppData\Roaming\Malwarebytes
2012-09-27 00:43 . 2012-09-27 00:43 -------- d-----w- c:\programdata\Malwarebytes
2012-09-27 00:43 . 2012-09-07 22:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-25 22:57 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-22 21:07 . 2012-09-22 21:08 -------- d-----w- c:\users\Brandon\AppData\Roaming\ImgBurn
2012-09-19 06:27 . 2012-09-19 06:27 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-09-16 16:08 . 2012-09-16 16:08 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-09-12 16:14 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 16:14 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 16:14 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 16:14 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-12 16:14 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 16:14 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 16:14 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-20 19:12 . 2012-03-29 15:46 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-20 19:12 . 2011-05-19 20:31 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-13 06:59 . 2010-05-24 21:32 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-09-11 22:05 . 2012-03-22 23:09 121416 ----a-w- c:\windows\system32\drivers\MijXfilt.sys
2012-08-31 03:03 . 2012-08-31 03:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-31 03:03 . 2012-08-31 03:03 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-26 18:45 . 2012-08-26 18:45 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-08-26 18:45 . 2012-08-26 18:46 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-08-26 18:45 . 2010-09-13 04:31 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-13 19:32 . 2010-09-14 03:14 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-08-13 19:32 . 2010-09-14 03:13 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-08-13 19:31 . 2010-09-14 03:13 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-07-31 23:11 . 2010-09-14 03:13 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-07-28 04:09 . 2012-07-28 04:09 5538984 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-07-28 04:07 . 2012-07-28 04:07 10278912 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-07-28 03:47 . 2012-07-28 03:47 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-07-28 03:47 . 2012-07-28 03:47 75776 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-07-28 03:47 . 2012-07-28 03:47 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-07-28 03:47 . 2012-07-28 03:47 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-07-28 03:47 . 2012-07-28 03:47 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-07-28 03:46 . 2012-07-28 03:46 16464896 ----a-w- c:\windows\system32\amdocl64.dll
2012-07-28 03:46 . 2012-07-28 03:46 13013504 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-07-28 03:43 . 2012-07-28 03:43 70144 ----a-w- c:\windows\system32\coinst_8.982.dll
2012-07-28 03:19 . 2012-07-28 03:19 24935424 ----a-w- c:\windows\system32\atio6axx.dll
2012-07-28 02:50 . 2012-07-28 02:50 20546560 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-07-28 02:15 . 2012-07-28 02:15 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-07-28 02:15 . 2012-07-28 02:15 931328 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-07-28 02:13 . 2012-07-28 02:13 1100288 ----a-w- c:\windows\system32\aticfx64.dll
2012-07-28 02:10 . 2012-07-28 02:10 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-07-28 02:10 . 2012-07-28 02:10 534528 ----a-w- c:\windows\system32\atieclxx.exe
2012-07-28 02:09 . 2012-07-28 02:09 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2012-07-28 02:08 . 2012-07-28 02:08 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-07-28 02:08 . 2012-07-28 02:08 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-07-28 02:07 . 2012-07-28 02:07 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-07-28 02:07 . 2012-07-28 02:07 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-07-28 02:07 . 2012-07-28 02:07 6430208 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-07-28 01:51 . 2012-07-28 01:51 7052288 ----a-w- c:\windows\system32\atidxx64.dll
2012-07-28 01:41 . 2012-07-28 01:41 4266496 ----a-w- c:\windows\system32\atiumd6a.dll
2012-07-28 01:35 . 2012-07-28 01:35 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-07-28 01:35 . 2012-07-28 01:35 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-07-28 01:35 . 2012-07-28 01:35 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-07-28 01:35 . 2012-07-28 01:35 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-07-28 01:34 . 2012-07-28 01:34 16034304 ----a-w- c:\windows\system32\aticaldd64.dll
2012-07-28 01:32 . 2012-07-28 01:32 4751872 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-07-28 01:30 . 2012-07-28 01:30 13605888 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-07-28 01:25 . 2012-07-28 01:25 6676480 ----a-w- c:\windows\system32\atiumd64.dll
2012-07-28 01:15 . 2012-07-28 01:15 540160 ----a-w- c:\windows\system32\atiadlxx.dll
2012-07-28 01:15 . 2012-07-28 01:15 368640 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-07-28 01:15 . 2012-07-28 01:15 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2012-07-28 01:15 . 2012-07-28 01:15 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-07-28 01:15 . 2012-07-28 01:15 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-07-28 01:15 . 2012-07-28 01:15 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-07-28 01:14 . 2012-07-28 01:14 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-07-28 01:14 . 2012-07-28 01:14 368640 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-07-28 01:13 . 2010-07-07 01:15 129536 ----a-w- c:\windows\system32\atiuxp64.dll
2012-07-28 01:13 . 2012-07-28 01:13 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-07-28 01:13 . 2012-07-28 01:13 103936 ----a-w- c:\windows\system32\atiu9p64.dll
2012-07-28 01:13 . 2012-07-28 01:13 83456 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-07-28 01:12 . 2012-07-28 01:12 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-07-28 01:08 . 2012-07-28 01:08 56320 ----a-w- c:\windows\system32\atimpc64.dll
2012-07-28 01:08 . 2012-07-28 01:08 56320 ----a-w- c:\windows\system32\amdpcom64.dll
2012-07-28 01:08 . 2012-07-28 01:08 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-07-28 01:08 . 2012-07-28 01:08 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-07-18 18:15 . 2012-08-15 16:21 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{13FA2453-9287-4F18-8554-976D7C02F4EE}]
2012-01-11 02:43 63368 ----a-w- c:\perfect world entertainment\CORE Client\plugins\CorePluginIE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-08-11 1353080]
"Akamai NetSession Interface"="c:\users\Brandon\AppData\Local\Akamai\netsession_win.exe" [2012-08-10 4440896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2009-06-30 36864]
"VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-03-01 180224]
"P17RunE"="P17RunE.dll" [2008-03-28 14848]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GamersFirst LIVE!.lnk - c:\program files (x86)\GamersFirst\LIVE!\Live.exe [2011-3-2 2845552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 lxdeCATSCustConnectService;lxdeCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdeserv.exe [2007-05-29 33712]
R2 MBAMService;MBAMService;c:\data\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
R2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;c:\program files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-02-23 86016]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-20 250288]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-03-09 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-03-09 79360]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2011-12-27 131912]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\steam\steamapps\common\ava\Binaries\GameGuard\dump_wmimmc.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-03-20 1431888]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2012-09-11 121416]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-16 114144]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PsSdk41;PsSdk41;c:\windows\system32\Drivers\pssdk41.sys [2010-12-15 51776]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2010-08-16 19936]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2010-08-16 13280]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-11-25 694888]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-24 1255736]
R3 X6va003;X6va003;c:\users\Brandon\AppData\Local\Temp\003F9AE.tmp [x]
R3 X6va005;X6va005;c:\users\Brandon\AppData\Local\Temp\0058EB2.tmp [x]
R3 X6va006;X6va006;c:\users\Brandon\AppData\Local\Temp\0067E15.tmp [x]
R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-02 834544]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0502020.003\SYMDS64.SYS [2011-01-27 450680]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0502020.003\SYMEFA64.SYS [2011-03-15 912504]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120928.001\BHDrvx64.sys [2012-08-31 1385120]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121003.001\IDSvia64.sys [2012-09-06 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS [2010-11-16 171128]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS [2011-04-21 386168]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-28 239616]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-08-19 90112]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2009-02-18 294912]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 lxde_device;lxde_device;c:\windows\system32\lxdecoms.exe [2007-05-29 1053104]
S2 MBAMScheduler;MBAMScheduler;c:\data\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S2 MSSQL$BWDATOOLSET;SQL Server (BWDATOOLSET);c:\program files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-11 29293408]
S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe [2011-04-17 130008]
S2 Realtek11nSU;Realtek11nSU;c:\program files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [2010-04-16 36864]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-07-28 10278912]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-07-28 368640]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-11 138912]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 19:12]
.
2012-10-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2231389576-273949626-629909735-1000Core.job
- c:\users\Brandon\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-25 13:45]
.
2012-10-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2231389576-273949626-629909735-1000UA.job
- c:\users\Brandon\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-25 13:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lxdemon.exe"="c:\program files (x86)\Lexmark 4800 Series\lxdemon.exe" [2010-02-15 455336]
"lxdeamon"="c:\program files (x86)\Lexmark 4800 Series\lxdeamon.exe" [2010-02-15 25256]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
IE: En&queue current page with BID - file://c:\data\Bulk Image Downloader\iemenu\iebidqueue.htm
IE: Enqueue link tar&get with BID - file://c:\data\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
IE: Open &link target with BID - file://c:\data\Bulk Image Downloader\iemenu\iebidlink.htm
IE: Open current page with BI&D - file://c:\data\Bulk Image Downloader\iemenu\iebid.htm
IE: Open current page with BID Link Explorer - file://c:\data\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\scxeqvga.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-0E1FCADF-7BF7-4AAF-B244-845BE4B51B5C_is1 - c:\data\RTE Capture\unins000.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Adventure Maker v4.4.0_is1 - c:\data\Adventure Maker v4.4.0\unins000.exe
AddRemove-BattlEye for OA - c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowheadExpansion\BattlEye\UnInstallBE.exe
AddRemove-PoE:2 - c:\program files (x86)\steam\steamapps\common\battlefield 2\mods\poe2\uninstall.exe
AddRemove-{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB} - c:\program files (x86)\Common Files\BioWare\Uninstall Mass Effect 2.exe
AddRemove-{9E4F0E65-209E-4713-8BE2-7F8802BB3987}_is1 - c:\data\War Inc Battlezone\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\5.2.2.3\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va003]
"ImagePath"="\??\c:\users\Brandon\AppData\Local\Temp\003F9AE.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Brandon\AppData\Local\Temp\0058EB2.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va006]
"ImagePath"="\??\c:\users\Brandon\AppData\Local\Temp\0067E15.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2231389576-273949626-629909735-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2231389576-273949626-629909735-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-2231389576-273949626-629909735-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:1e,ca,ec,41,45,d7,0d,6a,8a,09,40,4e,e0,90,bc,22,8c,98,47,a4,e8,d4,3e,
06,cc,7f,2e,8d,d6,76,77,49,91,5e,11,be,ca,a3,17,ce,68,db,83,3b,cf,c5,d5,b1,\
"??"=hex:e2,e3,69,ea,1b,a0,36,b1,7d,8f,6a,56,07,c3,96,b8
.
[HKEY_USERS\S-1-5-21-2231389576-273949626-629909735-1000\Software\SecuROM\License information*]
"datasecu"=hex:50,73,e2,49,8a,da,ce,c4,5d,a0,1e,6d,f2,42,2a,c6,68,03,3d,71,18,
d6,5b,6e,a6,f2,6b,4f,b6,78,03,64,85,64,2f,34,d9,7c,4c,68,90,99,96,ce,5a,83,\
"rkeysecu"=hex:25,6e,26,75,92,ce,4f,64,cb,53,79,fc,02,ed,22,d1
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-04 23:51:02
ComboFix-quarantined-files.txt 2012-10-05 04:51
ComboFix2.txt 2012-10-03 15:57
.
Pre-Run: 101,973,512,192 bytes free
Post-Run: 100,944,478,208 bytes free
.
- - End Of File - - 611A4048E3CB0D90D6E933038BE048AB


I had no problems with Combofix

Nothing has changed IE still takes a tremndious amount of time doing anything, changing pages/addresses, loading videos, etc, and i still get secruity alerts for almost every page saying i'm about to leave a secure connection each time.

Edited by FangByte, 05 October 2012 - 12:00 AM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:22 AM

Posted 04 October 2012 - 11:57 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 FangByte

FangByte
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 05 October 2012 - 11:31 AM

TDSSKiller Log

10:00:19.0053 1192 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
10:00:19.0683 1192 ============================================================
10:00:19.0683 1192 Current date / time: 2012/10/05 10:00:19.0683
10:00:19.0683 1192 SystemInfo:
10:00:19.0683 1192
10:00:19.0683 1192 OS Version: 6.1.7601 ServicePack: 1.0
10:00:19.0683 1192 Product type: Workstation
10:00:19.0683 1192 ComputerName: BRANDON-PC
10:00:19.0683 1192 UserName: Brandon
10:00:19.0683 1192 Windows directory: C:\Windows
10:00:19.0683 1192 System windows directory: C:\Windows
10:00:19.0683 1192 Running under WOW64
10:00:19.0683 1192 Processor architecture: Intel x64
10:00:19.0683 1192 Number of processors: 8
10:00:19.0683 1192 Page size: 0x1000
10:00:19.0683 1192 Boot type: Normal boot
10:00:19.0683 1192 ============================================================
10:00:21.0196 1192 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:00:21.0196 1192 ============================================================
10:00:21.0196 1192 \Device\Harddisk0\DR0:
10:00:21.0196 1192 MBR partitions:
10:00:21.0196 1192 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
10:00:21.0196 1192 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
10:00:21.0196 1192 ============================================================
10:00:21.0227 1192 C: <-> \Device\Harddisk0\DR0\Partition2
10:00:21.0227 1192 ============================================================
10:00:21.0227 1192 Initialize success
10:00:21.0227 1192 ============================================================
10:00:54.0149 5332 ============================================================
10:00:54.0149 5332 Scan started
10:00:54.0149 5332 Mode: Manual;
10:00:54.0149 5332 ============================================================
10:00:56.0685 5332 ================ Scan system memory ========================
10:00:56.0685 5332 System memory - ok
10:00:56.0685 5332 ================ Scan services =============================
10:00:56.0982 5332 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
10:00:56.0982 5332 1394ohci - ok
10:00:57.0029 5332 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
10:00:57.0029 5332 ACPI - ok
10:00:57.0044 5332 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
10:00:57.0060 5332 AcpiPmi - ok
10:00:57.0153 5332 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:00:57.0153 5332 AdobeARMservice - ok
10:00:57.0309 5332 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:00:57.0309 5332 AdobeFlashPlayerUpdateSvc - ok
10:00:57.0356 5332 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
10:00:57.0372 5332 adp94xx - ok
10:00:57.0403 5332 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
10:00:57.0403 5332 adpahci - ok
10:00:57.0403 5332 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
10:00:57.0403 5332 adpu320 - ok
10:00:57.0434 5332 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:00:57.0434 5332 AeLookupSvc - ok
10:00:57.0497 5332 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
10:00:57.0512 5332 AFD - ok
10:00:57.0559 5332 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
10:00:57.0575 5332 agp440 - ok
10:00:57.0731 5332 [ 0923671CF87CD511E46D4668B53F5E76 ] Akamai c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll
10:00:57.0731 5332 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll. md5: 0923671CF87CD511E46D4668B53F5E76
10:00:57.0731 5332 Akamai ( HiddenFile.Multi.Generic ) - warning
10:00:57.0731 5332 Akamai - detected HiddenFile.Multi.Generic (1)
10:00:57.0762 5332 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
10:00:57.0762 5332 ALG - ok
10:00:57.0793 5332 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
10:00:57.0793 5332 aliide - ok
10:00:57.0840 5332 [ B3B263B419FC9E7B1D41E61FDAE45BD9 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
10:00:57.0855 5332 AMD External Events Utility - ok
10:00:57.0871 5332 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
10:00:57.0871 5332 amdide - ok
10:00:57.0887 5332 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
10:00:57.0902 5332 AmdK8 - ok
10:00:58.0074 5332 [ 9A6E9363F7A5E5A06629D9DDC76EE6B5 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
10:00:58.0152 5332 amdkmdag - ok
10:00:58.0199 5332 [ 957A4C13E1981B1701E600EF1E823C68 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
10:00:58.0214 5332 amdkmdap - ok
10:00:58.0230 5332 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
10:00:58.0230 5332 AmdPPM - ok
10:00:58.0277 5332 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
10:00:58.0339 5332 amdsata - ok
10:00:58.0355 5332 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
10:00:58.0386 5332 amdsbs - ok
10:00:58.0417 5332 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
10:00:58.0427 5332 amdxata - ok
10:00:58.0477 5332 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
10:00:58.0487 5332 AppID - ok
10:00:58.0507 5332 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
10:00:58.0567 5332 AppIDSvc - ok
10:00:58.0607 5332 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
10:00:58.0607 5332 Appinfo - ok
10:00:58.0697 5332 [ D8E18021F91AD79CA8491CB5A5DA22D4 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:00:58.0697 5332 Apple Mobile Device - ok
10:00:58.0717 5332 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
10:00:58.0717 5332 arc - ok
10:00:58.0727 5332 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
10:00:58.0727 5332 arcsas - ok
10:00:58.0767 5332 [ A82C01606DC27D05D9D3BFB6BB807E32 ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
10:00:58.0787 5332 AsIO - ok
10:00:58.0917 5332 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
10:00:58.0947 5332 aspnet_state - ok
10:00:58.0977 5332 [ 798A87B2D7AD73B16B7CD968C5D1F18F ] AsSysCtrlService C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
10:00:58.0977 5332 AsSysCtrlService - ok
10:00:59.0007 5332 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:00:59.0007 5332 AsyncMac - ok
10:00:59.0037 5332 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
10:00:59.0037 5332 atapi - ok
10:00:59.0117 5332 [ B0790FF0E25B7A2674296052F2162C1A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
10:00:59.0127 5332 AtiHDAudioService - ok
10:00:59.0177 5332 [ 2D648572BA9A610952FCAFBA1E119C2D ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
10:00:59.0187 5332 AtiHdmiService - ok
10:00:59.0237 5332 [ 64F07381335E37C142F6D176705FFCA6 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
10:00:59.0247 5332 atksgt - ok
10:00:59.0297 5332 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:00:59.0307 5332 AudioEndpointBuilder - ok
10:00:59.0317 5332 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
10:00:59.0317 5332 AudioSrv - ok
10:00:59.0367 5332 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
10:00:59.0367 5332 AxInstSV - ok
10:00:59.0397 5332 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
10:00:59.0417 5332 b06bdrv - ok
10:00:59.0437 5332 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
10:00:59.0437 5332 b57nd60a - ok
10:00:59.0467 5332 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
10:00:59.0477 5332 BDESVC - ok
10:00:59.0507 5332 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
10:00:59.0527 5332 Beep - ok
10:00:59.0617 5332 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
10:00:59.0627 5332 BFE - ok
10:00:59.0857 5332 [ A45BE4E091636F6C86D6E4FC945D5A26 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120928.001\BHDrvx64.sys
10:00:59.0877 5332 BHDrvx64 - ok
10:00:59.0947 5332 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
10:00:59.0967 5332 BITS - ok
10:00:59.0997 5332 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
10:00:59.0997 5332 blbdrive - ok
10:01:00.0107 5332 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:01:00.0107 5332 Bonjour Service - ok
10:01:00.0187 5332 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:01:00.0187 5332 bowser - ok
10:01:00.0207 5332 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:01:00.0207 5332 BrFiltLo - ok
10:01:00.0207 5332 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:01:00.0207 5332 BrFiltUp - ok
10:01:00.0247 5332 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
10:01:00.0247 5332 BridgeMP - ok
10:01:00.0287 5332 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
10:01:00.0297 5332 Browser - ok
10:01:00.0307 5332 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
10:01:00.0317 5332 Brserid - ok
10:01:00.0317 5332 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
10:01:00.0317 5332 BrSerWdm - ok
10:01:00.0317 5332 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
10:01:00.0327 5332 BrUsbMdm - ok
10:01:00.0327 5332 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
10:01:00.0327 5332 BrUsbSer - ok
10:01:00.0367 5332 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
10:01:00.0387 5332 BthEnum - ok
10:01:00.0387 5332 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
10:01:00.0387 5332 BTHMODEM - ok
10:01:00.0437 5332 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
10:01:00.0447 5332 BthPan - ok
10:01:00.0477 5332 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
10:01:00.0507 5332 BTHPORT - ok
10:01:00.0537 5332 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
10:01:00.0597 5332 bthserv - ok
10:01:00.0627 5332 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
10:01:00.0647 5332 BTHUSB - ok
10:01:00.0667 5332 catchme - ok
10:01:00.0697 5332 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:01:00.0697 5332 cdfs - ok
10:01:00.0757 5332 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
10:01:00.0767 5332 cdrom - ok
10:01:00.0817 5332 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
10:01:00.0817 5332 CertPropSvc - ok
10:01:00.0827 5332 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
10:01:00.0837 5332 circlass - ok
10:01:00.0857 5332 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
10:01:00.0857 5332 CLFS - ok
10:01:00.0907 5332 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:01:00.0927 5332 clr_optimization_v2.0.50727_32 - ok
10:01:00.0957 5332 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:01:00.0977 5332 clr_optimization_v2.0.50727_64 - ok
10:01:01.0067 5332 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:01:01.0227 5332 clr_optimization_v4.0.30319_32 - ok
10:01:01.0237 5332 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:01:01.0357 5332 clr_optimization_v4.0.30319_64 - ok
10:01:01.0387 5332 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
10:01:01.0387 5332 CmBatt - ok
10:01:01.0427 5332 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:01:01.0427 5332 cmdide - ok
10:01:01.0467 5332 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
10:01:01.0477 5332 CNG - ok
10:01:01.0497 5332 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
10:01:01.0497 5332 Compbatt - ok
10:01:01.0507 5332 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
10:01:01.0527 5332 CompositeBus - ok
10:01:01.0557 5332 COMSysApp - ok
10:01:01.0567 5332 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
10:01:01.0577 5332 crcdisk - ok
10:01:01.0647 5332 [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
10:01:01.0657 5332 Creative ALchemy AL6 Licensing Service - ok
10:01:01.0677 5332 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
10:01:01.0677 5332 Creative Audio Engine Licensing Service - ok
10:01:01.0727 5332 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:01:01.0727 5332 CryptSvc - ok
10:01:01.0757 5332 [ 69CDBA2B9C397E349A04FA70DD9170A2 ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
10:01:01.0757 5332 CTAudSvcService - ok
10:01:01.0837 5332 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
10:01:01.0847 5332 cvhsvc - ok
10:01:01.0897 5332 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
10:01:01.0907 5332 DcomLaunch - ok
10:01:01.0927 5332 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
10:01:01.0967 5332 defragsvc - ok
10:01:02.0027 5332 [ 2B9A817DC1BDAD9CE5495099B6A7136A ] Desura Install Service C:\Program Files (x86)\Common Files\Desura\desura_service.exe
10:01:02.0027 5332 Desura Install Service - ok
10:01:02.0077 5332 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:01:02.0087 5332 DfsC - ok
10:01:02.0117 5332 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
10:01:02.0117 5332 Dhcp - ok
10:01:02.0137 5332 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
10:01:02.0137 5332 discache - ok
10:01:02.0167 5332 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
10:01:02.0167 5332 Disk - ok
10:01:02.0217 5332 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:01:02.0217 5332 Dnscache - ok
10:01:02.0257 5332 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
10:01:02.0257 5332 dot3svc - ok
10:01:02.0297 5332 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
10:01:02.0307 5332 DPS - ok
10:01:02.0317 5332 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:01:02.0327 5332 drmkaud - ok
10:01:02.0577 5332 dump_wmimmc - ok
10:01:02.0657 5332 [ 355E50803A28AF282A87FAA2612B95CE ] DvmMDES C:\ASUS.SYS\config\DVMExportService.exe
10:01:02.0657 5332 DvmMDES - ok
10:01:02.0717 5332 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:01:02.0727 5332 DXGKrnl - ok
10:01:02.0757 5332 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
10:01:02.0767 5332 EapHost - ok
10:01:02.0817 5332 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
10:01:02.0847 5332 ebdrv - ok
10:01:02.0907 5332 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
10:01:02.0937 5332 eeCtrl - ok
10:01:02.0967 5332 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
10:01:02.0967 5332 EFS - ok
10:01:03.0047 5332 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:01:03.0047 5332 ehRecvr - ok
10:01:03.0067 5332 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
10:01:03.0067 5332 ehSched - ok
10:01:03.0097 5332 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
10:01:03.0107 5332 elxstor - ok
10:01:03.0147 5332 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
10:01:03.0167 5332 EraserUtilRebootDrv - ok
10:01:03.0197 5332 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
10:01:03.0197 5332 ErrDev - ok
10:01:03.0227 5332 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
10:01:03.0237 5332 EventSystem - ok
10:01:03.0247 5332 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
10:01:03.0247 5332 exfat - ok
10:01:03.0317 5332 Fabs - ok
10:01:03.0337 5332 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:01:03.0337 5332 fastfat - ok
10:01:03.0397 5332 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
10:01:03.0407 5332 Fax - ok
10:01:03.0407 5332 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
10:01:03.0407 5332 fdc - ok
10:01:03.0417 5332 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
10:01:03.0427 5332 fdPHost - ok
10:01:03.0447 5332 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
10:01:03.0447 5332 FDResPub - ok
10:01:03.0457 5332 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:01:03.0457 5332 FileInfo - ok
10:01:03.0467 5332 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:01:03.0487 5332 Filetrace - ok
10:01:03.0547 5332 [ FFF1130F7C9FA01D093A1EDFC5CCE8FC ] FirebirdServerMAGIXInstance C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
10:01:03.0577 5332 FirebirdServerMAGIXInstance - ok
10:01:03.0657 5332 [ 5CEE6CD43AE5844C49300EA0B1E557EE ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
10:01:03.0677 5332 FLEXnet Licensing Service 64 - ok
10:01:03.0697 5332 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
10:01:03.0697 5332 flpydisk - ok
10:01:03.0757 5332 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:01:03.0757 5332 FltMgr - ok
10:01:03.0817 5332 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
10:01:03.0827 5332 FontCache - ok
10:01:03.0887 5332 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:01:03.0887 5332 FontCache3.0.0.0 - ok
10:01:03.0907 5332 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
10:01:03.0907 5332 FsDepends - ok
10:01:03.0957 5332 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
10:01:03.0977 5332 fssfltr - ok
10:01:04.0057 5332 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
10:01:04.0077 5332 fsssvc - ok
10:01:04.0117 5332 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:01:04.0117 5332 Fs_Rec - ok
10:01:04.0187 5332 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
10:01:04.0187 5332 fvevol - ok
10:01:04.0217 5332 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
10:01:04.0217 5332 gagp30kx - ok
10:01:04.0247 5332 [ AF4DEE5531395DEE72B35B36C9671FD0 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:01:04.0277 5332 GEARAspiWDM - ok
10:01:04.0327 5332 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
10:01:04.0337 5332 gpsvc - ok
10:01:04.0347 5332 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
10:01:04.0347 5332 hcw85cir - ok
10:01:04.0397 5332 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:01:04.0397 5332 HdAudAddService - ok
10:01:04.0423 5332 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
10:01:04.0423 5332 HDAudBus - ok
10:01:04.0438 5332 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
10:01:04.0454 5332 HidBatt - ok
10:01:04.0469 5332 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
10:01:04.0485 5332 HidBth - ok
10:01:04.0485 5332 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
10:01:04.0485 5332 HidIr - ok
10:01:04.0501 5332 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
10:01:04.0501 5332 hidserv - ok
10:01:04.0563 5332 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
10:01:04.0579 5332 HidUsb - ok
10:01:04.0672 5332 [ 8D1F00F4254C3EF428B715484940427C ] HiPatchService C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
10:01:04.0688 5332 HiPatchService - ok
10:01:04.0719 5332 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
10:01:04.0719 5332 hkmsvc - ok
10:01:04.0750 5332 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:01:04.0766 5332 HomeGroupListener - ok
10:01:04.0813 5332 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:01:04.0828 5332 HomeGroupProvider - ok
10:01:04.0875 5332 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
10:01:04.0875 5332 HpSAMD - ok
10:01:04.0953 5332 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:01:04.0969 5332 HTTP - ok
10:01:05.0000 5332 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
10:01:05.0000 5332 hwpolicy - ok
10:01:05.0062 5332 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
10:01:05.0062 5332 i8042prt - ok
10:01:05.0093 5332 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
10:01:05.0109 5332 iaStorV - ok
10:01:05.0187 5332 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:01:05.0187 5332 idsvc - ok
10:01:05.0421 5332 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121004.001\IDSvia64.sys
10:01:05.0421 5332 IDSVia64 - ok
10:01:05.0452 5332 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
10:01:05.0468 5332 iirsp - ok
10:01:05.0515 5332 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
10:01:05.0530 5332 IKEEXT - ok
10:01:05.0577 5332 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
10:01:05.0577 5332 intelide - ok
10:01:05.0608 5332 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:01:05.0608 5332 intelppm - ok
10:01:05.0624 5332 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:01:05.0639 5332 IPBusEnum - ok
10:01:05.0671 5332 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:01:05.0671 5332 IpFilterDriver - ok
10:01:05.0702 5332 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:01:05.0717 5332 iphlpsvc - ok
10:01:05.0733 5332 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
10:01:05.0733 5332 IPMIDRV - ok
10:01:05.0749 5332 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
10:01:05.0764 5332 IPNAT - ok
10:01:05.0842 5332 [ 3C0D4B3E80FC4854CA325DD123CC4DED ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
10:01:05.0858 5332 iPod Service - ok
10:01:05.0873 5332 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:01:05.0873 5332 IRENUM - ok
10:01:05.0920 5332 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:01:05.0920 5332 isapnp - ok
10:01:05.0936 5332 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
10:01:05.0951 5332 iScsiPrt - ok
10:01:05.0967 5332 [ AEF3A925CAC519CC6A9A48E9BDCA1AE3 ] JRAID C:\Windows\system32\DRIVERS\jraid.sys
10:01:05.0983 5332 JRAID - ok
10:01:06.0014 5332 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
10:01:06.0014 5332 kbdclass - ok
10:01:06.0014 5332 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
10:01:06.0014 5332 kbdhid - ok
10:01:06.0029 5332 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
10:01:06.0029 5332 KeyIso - ok
10:01:06.0076 5332 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:01:06.0076 5332 KSecDD - ok
10:01:06.0107 5332 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
10:01:06.0123 5332 KSecPkg - ok
10:01:06.0139 5332 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
10:01:06.0139 5332 ksthunk - ok
10:01:06.0170 5332 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
10:01:06.0185 5332 KtmRm - ok
10:01:06.0232 5332 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
10:01:06.0248 5332 LanmanServer - ok
10:01:06.0279 5332 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:01:06.0279 5332 LanmanWorkstation - ok
10:01:06.0341 5332 [ 83BA097ACAAD0B00505634A62D90F93A ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
10:01:06.0404 5332 lirsgt - ok
10:01:06.0419 5332 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:01:06.0419 5332 lltdio - ok
10:01:06.0451 5332 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:01:06.0466 5332 lltdsvc - ok
10:01:06.0482 5332 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:01:06.0482 5332 lmhosts - ok
10:01:06.0497 5332 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
10:01:06.0497 5332 LSI_FC - ok
10:01:06.0513 5332 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
10:01:06.0513 5332 LSI_SAS - ok
10:01:06.0513 5332 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:01:06.0544 5332 LSI_SAS2 - ok
10:01:06.0544 5332 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:01:06.0560 5332 LSI_SCSI - ok
10:01:06.0560 5332 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
10:01:06.0560 5332 luafv - ok
10:01:06.0653 5332 [ D6E998F77727B58A0FB34777FF5942C4 ] lxdeCATSCustConnectService C:\Windows\system32\spool\DRIVERS\x64\3\\lxdeserv.exe
10:01:06.0669 5332 lxdeCATSCustConnectService - ok
10:01:06.0685 5332 lxde_device - ok
10:01:06.0747 5332 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
10:01:06.0763 5332 MBAMProtector - ok
10:01:06.0841 5332 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Data\Malwarebytes' Anti-Malware\mbamscheduler.exe
10:01:06.0841 5332 MBAMScheduler - ok
10:01:06.0872 5332 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Data\Malwarebytes' Anti-Malware\mbamservice.exe
10:01:06.0872 5332 MBAMService - ok
10:01:06.0903 5332 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:01:06.0919 5332 Mcx2Svc - ok
10:01:06.0934 5332 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
10:01:06.0950 5332 megasas - ok
10:01:06.0950 5332 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
10:01:06.0950 5332 MegaSR - ok
10:01:07.0262 5332 [ 0AF89452A8CE3928168F4E5B2208C68B ] mi-raysat_3dsmax2012_64 C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
10:01:07.0262 5332 mi-raysat_3dsmax2012_64 - ok
10:01:07.0277 5332 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
10:01:07.0277 5332 MMCSS - ok
10:01:07.0277 5332 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
10:01:07.0277 5332 Modem - ok
10:01:07.0293 5332 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:01:07.0309 5332 monitor - ok
10:01:07.0355 5332 [ C030F9E822A057C1A7A9BB4EA3E8877E ] MotioninJoyXFilter C:\Windows\system32\DRIVERS\MijXfilt.sys
10:01:07.0355 5332 MotioninJoyXFilter - ok
10:01:07.0371 5332 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:01:07.0371 5332 mouclass - ok
10:01:07.0387 5332 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:01:07.0402 5332 mouhid - ok
10:01:07.0459 5332 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
10:01:07.0469 5332 mountmgr - ok
10:01:07.0539 5332 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:01:07.0539 5332 MozillaMaintenance - ok
10:01:07.0619 5332 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
10:01:07.0619 5332 MpFilter - ok
10:01:07.0659 5332 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
10:01:07.0659 5332 mpio - ok
10:01:07.0689 5332 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:01:07.0699 5332 mpsdrv - ok
10:01:07.0749 5332 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
10:01:07.0759 5332 MpsSvc - ok
10:01:07.0789 5332 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:01:07.0799 5332 MRxDAV - ok
10:01:07.0829 5332 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:01:07.0849 5332 mrxsmb - ok
10:01:07.0889 5332 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:01:07.0909 5332 mrxsmb10 - ok
10:01:07.0919 5332 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:01:07.0929 5332 mrxsmb20 - ok
10:01:07.0939 5332 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
10:01:07.0949 5332 msahci - ok
10:01:07.0969 5332 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:01:07.0989 5332 msdsm - ok
10:01:07.0999 5332 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
10:01:08.0009 5332 MSDTC - ok
10:01:08.0029 5332 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:01:08.0029 5332 Msfs - ok
10:01:08.0059 5332 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
10:01:08.0059 5332 mshidkmdf - ok
10:01:08.0099 5332 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:01:08.0099 5332 msisadrv - ok
10:01:08.0119 5332 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:01:08.0149 5332 MSiSCSI - ok
10:01:08.0149 5332 msiserver - ok
10:01:08.0189 5332 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:01:08.0199 5332 MSKSSRV - ok
10:01:08.0269 5332 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
10:01:08.0279 5332 MsMpSvc - ok
10:01:08.0279 5332 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:01:08.0279 5332 MSPCLOCK - ok
10:01:08.0279 5332 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:01:08.0299 5332 MSPQM - ok
10:01:08.0359 5332 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:01:08.0359 5332 MsRPC - ok
10:01:08.0369 5332 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
10:01:08.0379 5332 mssmbios - ok
10:01:08.0489 5332 MSSQL$BWDATOOLSET - ok
10:01:08.0519 5332 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
10:01:08.0549 5332 MSSQLServerADHelper - ok
10:01:08.0609 5332 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:01:08.0609 5332 MSTEE - ok
10:01:08.0609 5332 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
10:01:08.0619 5332 MTConfig - ok
10:01:08.0639 5332 [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
10:01:08.0639 5332 MTsensor - ok
10:01:08.0649 5332 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
10:01:08.0649 5332 Mup - ok
10:01:08.0719 5332 [ E78A365CC3E0FBFC018A33DCE01909F8 ] N360 C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
10:01:08.0719 5332 N360 - ok
10:01:08.0769 5332 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
10:01:08.0779 5332 napagent - ok
10:01:08.0809 5332 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:01:08.0829 5332 NativeWifiP - ok
10:01:08.0949 5332 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121004.032\ENG64.SYS
10:01:08.0959 5332 NAVENG - ok
10:01:09.0009 5332 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121004.032\EX64.SYS
10:01:09.0029 5332 NAVEX15 - ok
10:01:09.0099 5332 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
10:01:09.0109 5332 NDIS - ok
10:01:09.0139 5332 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
10:01:09.0139 5332 NdisCap - ok
10:01:09.0159 5332 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:01:09.0159 5332 NdisTapi - ok
10:01:09.0199 5332 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:01:09.0209 5332 Ndisuio - ok
10:01:09.0239 5332 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:01:09.0249 5332 NdisWan - ok
10:01:09.0289 5332 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:01:09.0299 5332 NDProxy - ok
10:01:09.0319 5332 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:01:09.0319 5332 NetBIOS - ok
10:01:09.0359 5332 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
10:01:09.0369 5332 NetBT - ok
10:01:09.0389 5332 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
10:01:09.0389 5332 Netlogon - ok
10:01:09.0409 5332 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
10:01:09.0419 5332 Netman - ok
10:01:09.0509 5332 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:01:09.0519 5332 NetMsmqActivator - ok
10:01:09.0519 5332 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:01:09.0529 5332 NetPipeActivator - ok
10:01:09.0549 5332 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
10:01:09.0559 5332 netprofm - ok
10:01:09.0559 5332 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:01:09.0559 5332 NetTcpActivator - ok
10:01:09.0569 5332 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:01:09.0569 5332 NetTcpPortSharing - ok
10:01:09.0589 5332 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
10:01:09.0599 5332 nfrd960 - ok
10:01:09.0639 5332 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
10:01:09.0639 5332 NisDrv - ok
10:01:09.0689 5332 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
10:01:09.0699 5332 NisSrv - ok
10:01:09.0749 5332 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
10:01:09.0749 5332 NlaSvc - ok
10:01:09.0759 5332 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:01:09.0769 5332 Npfs - ok
10:01:09.0789 5332 npggsvc - ok
10:01:09.0789 5332 NPPTNT2 - ok
10:01:09.0809 5332 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
10:01:09.0809 5332 nsi - ok
10:01:09.0819 5332 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:01:09.0819 5332 nsiproxy - ok
10:01:09.0879 5332 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:01:09.0899 5332 Ntfs - ok
10:01:09.0909 5332 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
10:01:09.0909 5332 Null - ok
10:01:09.0929 5332 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
10:01:09.0939 5332 NVENETFD - ok
10:01:10.0109 5332 [ DD81FBC57AB9134CDDC5CE90880BFD80 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:01:10.0209 5332 nvlddmkm - ok
10:01:10.0269 5332 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:01:10.0279 5332 nvraid - ok
10:01:10.0329 5332 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:01:10.0349 5332 nvstor - ok
10:01:10.0389 5332 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:01:10.0389 5332 nv_agp - ok
10:01:10.0409 5332 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
10:01:10.0419 5332 ohci1394 - ok
10:01:10.0489 5332 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:01:10.0509 5332 ose - ok
10:01:10.0659 5332 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:01:10.0729 5332 osppsvc - ok
10:01:10.0769 5332 [ 634347ADEBC790B8F07654A3EA8034FD ] P17 C:\Windows\system32\drivers\P17.sys
10:01:10.0779 5332 P17 - ok
10:01:10.0809 5332 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
10:01:10.0819 5332 p2pimsvc - ok
10:01:10.0839 5332 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
10:01:10.0849 5332 p2psvc - ok
10:01:10.0869 5332 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
10:01:10.0879 5332 Parport - ok
10:01:10.0909 5332 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:01:10.0909 5332 partmgr - ok
10:01:10.0929 5332 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
10:01:10.0939 5332 PcaSvc - ok
10:01:10.0979 5332 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
10:01:10.0979 5332 pci - ok
10:01:10.0989 5332 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
10:01:10.0989 5332 pciide - ok
10:01:10.0999 5332 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
10:01:11.0009 5332 pcmcia - ok
10:01:11.0019 5332 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
10:01:11.0019 5332 pcw - ok
10:01:11.0029 5332 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:01:11.0039 5332 PEAUTH - ok
10:01:11.0109 5332 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
10:01:11.0109 5332 PerfHost - ok
10:01:11.0169 5332 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
10:01:11.0199 5332 pla - ok
10:01:11.0239 5332 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:01:11.0249 5332 PlugPlay - ok
10:01:11.0269 5332 PnkBstrA - ok
10:01:11.0289 5332 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
10:01:11.0299 5332 PNRPAutoReg - ok
10:01:11.0309 5332 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
10:01:11.0319 5332 PNRPsvc - ok
10:01:11.0359 5332 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:01:11.0369 5332 PolicyAgent - ok
10:01:11.0389 5332 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
10:01:11.0399 5332 Power - ok
10:01:11.0449 5332 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:01:11.0449 5332 PptpMiniport - ok
10:01:11.0469 5332 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
10:01:11.0469 5332 Processor - ok
10:01:11.0519 5332 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
10:01:11.0519 5332 ProfSvc - ok
10:01:11.0549 5332 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:01:11.0549 5332 ProtectedStorage - ok
10:01:11.0599 5332 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
10:01:11.0609 5332 Psched - ok
10:01:11.0669 5332 [ 86154F3A156FA2A5429C2940C69F426F ] PsSdk41 C:\Windows\system32\Drivers\pssdk41.sys
10:01:11.0679 5332 PsSdk41 - ok
10:01:11.0719 5332 [ 3D895D9E93D39E113184A3B0FD49AC77 ] pwdrvio C:\Windows\system32\pwdrvio.sys
10:01:11.0719 5332 pwdrvio - ok
10:01:11.0729 5332 [ 2F7F3D3BDB65CAFCE52F3E1D52CAB937 ] pwdspio C:\Windows\system32\pwdspio.sys
10:01:11.0739 5332 pwdspio - ok
10:01:11.0759 5332 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
10:01:11.0779 5332 ql2300 - ok
10:01:11.0789 5332 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
10:01:11.0799 5332 ql40xx - ok
10:01:11.0819 5332 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
10:01:11.0829 5332 QWAVE - ok
10:01:11.0839 5332 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:01:11.0839 5332 QWAVEdrv - ok
10:01:11.0849 5332 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:01:11.0849 5332 RasAcd - ok
10:01:11.0869 5332 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
10:01:11.0879 5332 RasAgileVpn - ok
10:01:11.0889 5332 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
10:01:11.0889 5332 RasAuto - ok
10:01:11.0929 5332 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:01:11.0939 5332 Rasl2tp - ok
10:01:11.0949 5332 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
10:01:11.0959 5332 RasMan - ok
10:01:11.0969 5332 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:01:11.0979 5332 RasPppoe - ok
10:01:11.0989 5332 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:01:11.0989 5332 RasSstp - ok
10:01:12.0029 5332 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:01:12.0039 5332 rdbss - ok
10:01:12.0049 5332 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
10:01:12.0049 5332 rdpbus - ok
10:01:12.0069 5332 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:01:12.0069 5332 RDPCDD - ok
10:01:12.0089 5332 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:01:12.0089 5332 RDPENCDD - ok
10:01:12.0099 5332 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
10:01:12.0099 5332 RDPREFMP - ok
10:01:12.0159 5332 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:01:12.0189 5332 RDPWD - ok
10:01:12.0399 5332 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
10:01:12.0409 5332 rdyboost - ok
10:01:12.0479 5332 [ EA569D48B2E755AF6D96F03F3335D98A ] Realtek11nSU C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe
10:01:12.0479 5332 Realtek11nSU - ok
10:01:12.0499 5332 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
10:01:12.0499 5332 RemoteAccess - ok
10:01:12.0519 5332 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:01:12.0539 5332 RemoteRegistry - ok
10:01:12.0619 5332 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
10:01:12.0629 5332 RFCOMM - ok
10:01:12.0649 5332 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
10:01:12.0659 5332 RpcEptMapper - ok
10:01:12.0669 5332 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
10:01:12.0669 5332 RpcLocator - ok
10:01:12.0719 5332 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
10:01:12.0729 5332 RpcSs - ok
10:01:12.0749 5332 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:01:12.0759 5332 rspndr - ok
10:01:12.0819 5332 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
10:01:12.0819 5332 RTL8167 - ok
10:01:12.0879 5332 [ B3F36B4B3F192EA87DDC119F3A0B3E45 ] RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys
10:01:12.0899 5332 RTL8192su - ok
10:01:12.0909 5332 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
10:01:12.0909 5332 SamSs - ok
10:01:12.0939 5332 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:01:12.0939 5332 sbp2port - ok
10:01:12.0969 5332 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:01:12.0989 5332 SCardSvr - ok
10:01:13.0019 5332 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
10:01:13.0029 5332 scfilter - ok
10:01:13.0079 5332 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
10:01:13.0099 5332 Schedule - ok
10:01:13.0139 5332 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
10:01:13.0139 5332 SCPolicySvc - ok
10:01:13.0179 5332 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:01:13.0189 5332 SDRSVC - ok
10:01:13.0259 5332 [ 331E7BDE228914574FC9AE6CD520DAFA ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
10:01:13.0269 5332 SeaPort - ok
10:01:13.0289 5332 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:01:13.0299 5332 secdrv - ok
10:01:13.0329 5332 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
10:01:13.0339 5332 seclogon - ok
10:01:13.0349 5332 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
10:01:13.0349 5332 SENS - ok
10:01:13.0359 5332 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
10:01:13.0369 5332 SensrSvc - ok
10:01:13.0379 5332 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
10:01:13.0379 5332 Serenum - ok
10:01:13.0399 5332 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
10:01:13.0399 5332 Serial - ok
10:01:13.0439 5332 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
10:01:13.0439 5332 sermouse - ok
10:01:13.0479 5332 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
10:01:13.0489 5332 SessionEnv - ok
10:01:13.0499 5332 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
10:01:13.0499 5332 sffdisk - ok
10:01:13.0509 5332 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:01:13.0509 5332 sffp_mmc - ok
10:01:13.0519 5332 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
10:01:13.0529 5332 sffp_sd - ok
10:01:13.0559 5332 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
10:01:13.0559 5332 sfloppy - ok
10:01:13.0619 5332 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
10:01:13.0629 5332 Sftfs - ok
10:01:13.0709 5332 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
10:01:13.0719 5332 sftlist - ok
10:01:13.0729 5332 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
10:01:13.0749 5332 Sftplay - ok
10:01:13.0769 5332 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
10:01:13.0779 5332 Sftredir - ok
10:01:13.0819 5332 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
10:01:13.0819 5332 Sftvol - ok
10:01:13.0829 5332 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
10:01:13.0839 5332 sftvsa - ok
10:01:13.0869 5332 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:01:13.0869 5332 SharedAccess - ok
10:01:13.0909 5332 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:01:13.0919 5332 ShellHWDetection - ok
10:01:13.0939 5332 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:01:13.0949 5332 SiSRaid2 - ok
10:01:13.0959 5332 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
10:01:13.0959 5332 SiSRaid4 - ok
10:01:14.0039 5332 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
10:01:14.0039 5332 SkypeUpdate - ok
10:01:14.0049 5332 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:01:14.0059 5332 Smb - ok
10:01:14.0089 5332 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:01:14.0099 5332 SNMPTRAP - ok
10:01:14.0109 5332 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
10:01:14.0119 5332 spldr - ok
10:01:14.0169 5332 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
10:01:14.0179 5332 Spooler - ok
10:01:14.0279 5332 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
10:01:14.0309 5332 sppsvc - ok
10:01:14.0319 5332 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
10:01:14.0329 5332 sppuinotify - ok
10:01:14.0439 5332 [ 602884696850C86434530790B110E8EB ] sptd C:\Windows\system32\Drivers\sptd.sys
10:01:14.0439 5332 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB
10:01:14.0439 5332 sptd ( LockedFile.Multi.Generic ) - warning
10:01:14.0439 5332 sptd - detected LockedFile.Multi.Generic (1)
10:01:14.0533 5332 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
10:01:14.0533 5332 SQLBrowser - ok
10:01:14.0626 5332 [ 3C432A96363097870995E2A3C8B66ABD ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
10:01:14.0626 5332 SQLWriter - ok
10:01:14.0720 5332 [ 90EF30C3867BCDE4579C01A6D6E75A7A ] SRTSP C:\Windows\System32\Drivers\N360x64\0502020.003\SRTSP64.SYS
10:01:14.0751 5332 SRTSP - ok
10:01:14.0767 5332 [ C513E8A5E7978DA49077F5484344EE1B ] SRTSPX C:\Windows\system32\drivers\N360x64\0502020.003\SRTSPX64.SYS
10:01:14.0767 5332 SRTSPX - ok
10:01:14.0813 5332 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
10:01:14.0829 5332 srv - ok
10:01:14.0845 5332 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:01:14.0860 5332 srv2 - ok
10:01:14.0876 5332 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:01:14.0876 5332 srvnet - ok
10:01:14.0907 5332 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:01:14.0907 5332 SSDPSRV - ok
10:01:14.0923 5332 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:01:14.0923 5332 SstpSvc - ok
10:01:14.0954 5332 Steam Client Service - ok
10:01:14.0985 5332 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
10:01:14.0985 5332 stexstor - ok
10:01:15.0047 5332 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
10:01:15.0047 5332 stisvc - ok
10:01:15.0079 5332 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
10:01:15.0079 5332 swenum - ok
10:01:15.0094 5332 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
10:01:15.0110 5332 swprv - ok
10:01:15.0141 5332 [ 6160145C7A87FC7672E8E3B886888176 ] SymDS C:\Windows\system32\drivers\N360x64\0502020.003\SYMDS64.SYS
10:01:15.0141 5332 SymDS - ok
10:01:15.0188 5332 [ 96AEED40D4D3521568B42027687E69E0 ] SymEFA C:\Windows\system32\drivers\N360x64\0502020.003\SYMEFA64.SYS
10:01:15.0188 5332 SymEFA - ok
10:01:15.0250 5332 [ 21A1C2D694C3CF962D31F5E873AB3D6F ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
10:01:15.0250 5332 SymEvent - ok
10:01:15.0266 5332 [ BD0D711D8CBFCAA19CA123306EAF53A5 ] SymIRON C:\Windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS
10:01:15.0281 5332 SymIRON - ok
10:01:15.0313 5332 [ A6ADB3D83023F8DAA0F7B6FDA785D83B ] SymNetS C:\Windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS
10:01:15.0313 5332 SymNetS - ok
10:01:15.0375 5332 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
10:01:15.0391 5332 SysMain - ok
10:01:15.0422 5332 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:01:15.0422 5332 TabletInputService - ok
10:01:15.0437 5332 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
10:01:15.0437 5332 TapiSrv - ok
10:01:15.0469 5332 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
10:01:15.0469 5332 TBS - ok
10:01:15.0531 5332 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:01:15.0562 5332 Tcpip - ok
10:01:15.0593 5332 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
10:01:15.0609 5332 TCPIP6 - ok
10:01:15.0656 5332 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:01:15.0656 5332 tcpipreg - ok
10:01:15.0671 5332 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:01:15.0687 5332 TDPIPE - ok
10:01:15.0734 5332 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:01:15.0749 5332 TDTCP - ok
10:01:15.0796 5332 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:01:15.0796 5332 tdx - ok
10:01:15.0843 5332 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
10:01:15.0843 5332 TermDD - ok
10:01:15.0890 5332 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
10:01:15.0905 5332 TermService - ok
10:01:15.0937 5332 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
10:01:15.0937 5332 Themes - ok
10:01:15.0952 5332 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
10:01:15.0952 5332 THREADORDER - ok
10:01:15.0952 5332 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
10:01:15.0968 5332 TrkWks - ok
10:01:16.0015 5332 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:01:16.0015 5332 TrustedInstaller - ok
10:01:16.0061 5332 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:01:16.0077 5332 tssecsrv - ok
10:01:16.0155 5332 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
10:01:16.0171 5332 TsUsbFlt - ok
10:01:16.0295 5332 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:01:16.0295 5332 tunnel - ok
10:01:16.0358 5332 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
10:01:16.0358 5332 uagp35 - ok
10:01:16.0405 5332 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:01:16.0405 5332 udfs - ok
10:01:16.0436 5332 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:01:16.0451 5332 UI0Detect - ok
10:01:16.0477 5332 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:01:16.0477 5332 uliagpkx - ok
10:01:16.0527 5332 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
10:01:16.0527 5332 umbus - ok
10:01:16.0567 5332 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
10:01:16.0577 5332 UmPass - ok
10:01:16.0597 5332 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
10:01:16.0617 5332 upnphost - ok
10:01:16.0667 5332 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
10:01:16.0677 5332 USBAAPL64 - ok
10:01:16.0707 5332 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:01:16.0717 5332 usbccgp - ok
10:01:16.0747 5332 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:01:16.0747 5332 usbcir - ok
10:01:16.0767 5332 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
10:01:16.0767 5332 usbehci - ok
10:01:16.0817 5332 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:01:16.0837 5332 usbhub - ok
10:01:16.0857 5332 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
10:01:16.0857 5332 usbohci - ok
10:01:16.0857 5332 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
10:01:16.0857 5332 usbprint - ok
10:01:16.0897 5332 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
10:01:16.0917 5332 usbscan - ok
10:01:16.0947 5332 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:01:16.0947 5332 USBSTOR - ok
10:01:16.0977 5332 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
10:01:16.0977 5332 usbuhci - ok
10:01:16.0997 5332 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
10:01:16.0997 5332 UxSms - ok
10:01:17.0007 5332 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
10:01:17.0007 5332 VaultSvc - ok
10:01:17.0047 5332 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
10:01:17.0047 5332 vdrvroot - ok
10:01:17.0097 5332 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
10:01:17.0107 5332 vds - ok
10:01:17.0107 5332 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:01:17.0127 5332 vga - ok
10:01:17.0147 5332 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
10:01:17.0147 5332 VgaSave - ok
10:01:17.0167 5332 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
10:01:17.0167 5332 vhdmp - ok
10:01:17.0187 5332 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
10:01:17.0187 5332 viaide - ok
10:01:17.0207 5332 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:01:17.0207 5332 volmgr - ok
10:01:17.0247 5332 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:01:17.0267 5332 volmgrx - ok
10:01:17.0287 5332 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:01:17.0287 5332 volsnap - ok
10:01:17.0307 5332 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
10:01:17.0307 5332 vsmraid - ok
10:01:17.0367 5332 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
10:01:17.0427 5332 VSS - ok
10:01:17.0477 5332 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
10:01:17.0497 5332 vwifibus - ok
10:01:17.0567 5332 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
10:01:17.0567 5332 vwififlt - ok
10:01:17.0667 5332 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
10:01:17.0667 5332 vwifimp - ok
10:01:17.0747 5332 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
10:01:17.0757 5332 W32Time - ok
10:01:17.0767 5332 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
10:01:17.0767 5332 WacomPen - ok
10:01:17.0807 5332 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
10:01:17.0807 5332 WANARP - ok
10:01:17.0817 5332 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:01:17.0817 5332 Wanarpv6 - ok
10:01:17.0867 5332 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
10:01:17.0887 5332 WatAdminSvc - ok
10:01:17.0957 5332 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
10:01:17.0967 5332 wbengine - ok
10:01:17.0987 5332 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
10:01:17.0987 5332 WbioSrvc - ok
10:01:18.0027 5332 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:01:18.0037 5332 wcncsvc - ok
10:01:18.0057 5332 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:01:18.0057 5332 WcsPlugInService - ok
10:01:18.0077 5332 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
10:01:18.0097 5332 Wd - ok
10:01:18.0127 5332 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:01:18.0137 5332 Wdf01000 - ok
10:01:18.0167 5332 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:01:18.0167 5332 WdiServiceHost - ok
10:01:18.0167 5332 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:01:18.0167 5332 WdiSystemHost - ok
10:01:18.0207 5332 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
10:01:18.0207 5332 WebClient - ok
10:01:18.0247 5332 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:01:18.0277 5332 Wecsvc - ok
10:01:18.0307 5332 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:01:18.0307 5332 wercplsupport - ok
10:01:18.0367 5332 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
10:01:18.0377 5332 WerSvc - ok
10:01:18.0437 5332 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
10:01:18.0437 5332 WfpLwf - ok
10:01:18.0477 5332 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
10:01:18.0477 5332 WIMMount - ok
10:01:18.0517 5332 WinDefend - ok
10:01:18.0527 5332 WinHttpAutoProxySvc - ok
10:01:18.0597 5332 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:01:18.0597 5332 Winmgmt - ok
10:01:18.0667 5332 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
10:01:18.0697 5332 WinRM - ok
10:01:18.0757 5332 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
10:01:18.0777 5332 WinUsb - ok
10:01:18.0817 5332 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
10:01:18.0827 5332 Wlansvc - ok
10:01:18.0857 5332 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
10:01:18.0877 5332 wlcrasvc - ok
10:01:18.0997 5332 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:01:19.0017 5332 wlidsvc - ok
10:01:19.0057 5332 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
10:01:19.0067 5332 WmiAcpi - ok
10:01:19.0087 5332 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:01:19.0087 5332 wmiApSrv - ok
10:01:19.0097 5332 WMPNetworkSvc - ok
10:01:19.0117 5332 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:01:19.0117 5332 WPCSvc - ok
10:01:19.0157 5332 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:01:19.0167 5332 WPDBusEnum - ok
10:01:19.0197 5332 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:01:19.0207 5332 ws2ifsl - ok
10:01:19.0217 5332 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
10:01:19.0217 5332 wscsvc - ok
10:01:19.0227 5332 WSearch - ok
10:01:19.0297 5332 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
10:01:19.0337 5332 wuauserv - ok
10:01:19.0377 5332 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
10:01:19.0377 5332 WudfPf - ok
10:01:19.0407 5332 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:01:19.0407 5332 WUDFRd - ok
10:01:19.0447 5332 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:01:19.0447 5332 wudfsvc - ok
10:01:19.0477 5332 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
10:01:19.0477 5332 WwanSvc - ok
10:01:19.0577 5332 X6va003 - ok
10:01:19.0597 5332 X6va005 - ok
10:01:19.0607 5332 X6va006 - ok
10:01:19.0667 5332 X6va008 - ok
10:01:19.0757 5332 [ 9176C0822FAA649E45121875BE32F5D2 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
10:01:19.0767 5332 xusb21 - ok
10:01:19.0797 5332 ================ Scan global ===============================
10:01:19.0817 5332 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
10:01:19.0857 5332 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
10:01:19.0867 5332 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
10:01:19.0887 5332 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
10:01:19.0897 5332 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
10:01:19.0907 5332 [Global] - ok
10:01:19.0907 5332 ================ Scan MBR ==================================
10:01:19.0917 5332 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:01:20.0087 5332 \Device\Harddisk0\DR0 - ok
10:01:20.0087 5332 ================ Scan VBR ==================================
10:01:20.0097 5332 [ 422774E834D763D3A0DBB9AF964D4828 ] \Device\Harddisk0\DR0\Partition1
10:01:20.0097 5332 \Device\Harddisk0\DR0\Partition1 - ok
10:01:20.0107 5332 [ 71B682ED49011DDC1F9CD68A7414F403 ] \Device\Harddisk0\DR0\Partition2
10:01:20.0107 5332 \Device\Harddisk0\DR0\Partition2 - ok
10:01:20.0107 5332 ============================================================
10:01:20.0107 5332 Scan finished
10:01:20.0107 5332 ============================================================
10:01:20.0117 5728 Detected object count: 2
10:01:20.0117 5728 Actual detected object count: 2
10:01:58.0193 5728 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
10:01:58.0193 5728 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
10:01:58.0193 5728 sptd ( LockedFile.Multi.Generic ) - skipped by user
10:01:58.0193 5728 sptd ( LockedFile.Multi.Generic ) - User select action: Skip


aswMBR Report

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-05 10:03:44
-----------------------------
10:03:44.390 OS Version: Windows x64 6.1.7601 Service Pack 1
10:03:44.390 Number of processors: 8 586 0x1A05
10:03:44.390 ComputerName: BRANDON-PC UserName: Brandon
10:03:46.883 Initialize success
10:05:00.745 AVAST engine defs: 12100501
10:06:07.425 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
10:06:07.425 Disk 0 Vendor: Hitachi_HDS721010CLA332 JP4OA3EA Size: 953869MB BusType: 3
10:06:07.441 Disk 0 MBR read successfully
10:06:07.441 Disk 0 MBR scan
10:06:07.441 Disk 0 Windows 7 default MBR code
10:06:07.472 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
10:06:07.488 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
10:06:07.550 Disk 0 scanning C:\Windows\system32\drivers
10:06:21.869 Service scanning
10:06:49.593 Modules scanning
10:06:49.593 Disk 0 trace - called modules:
10:06:49.633 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa800624f2c0]<<sprm.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
10:06:49.643 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800669c790]
10:06:49.643 3 CLASSPNP.SYS[fffff8800161743f] -> nt!IofCallDriver -> [0xfffffa80063a7520]
10:06:49.653 5 ACPI.sys[fffff8800103a7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8006396060]
10:06:49.663 \Driver\atapi[0xfffffa800637e4b0] -> IRP_MJ_CREATE -> 0xfffffa800624f2c0
10:06:52.383 AVAST engine scan C:\Windows
10:06:57.711 AVAST engine scan C:\Windows\system32
10:10:13.043 AVAST engine scan C:\Windows\system32\drivers
10:10:30.239 AVAST engine scan C:\Users\Brandon
11:21:49.292 AVAST engine scan C:\ProgramData
11:26:59.159 Scan finished successfully
11:29:55.274 Disk 0 MBR has been saved successfully to "C:\Users\Brandon\Desktop\MBR.dat"
11:29:55.274 The log file has been saved successfully to "C:\Users\Brandon\Desktop\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:22 AM

Posted 05 October 2012 - 11:52 AM

Greetings,

first I would like you to go here and click on the fixit button - http://support.microsoft.com/kb/923737


Then I want you to do the following

  • Start Internet Explorer.
  • click on "safety"
  • click on "Delete Browsing History"
  • make sure all boxes are checked
  • click on "Delete"
  • click on "Tools",
  • click "Internet Options".
  • On the "Advanced" tab, click "Reset"
  • put a check mark next to "Delete Personal Settings"
  • click "Reset" to confirm
  • when complete click the "Close" button
  • restart IE


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 FangByte

FangByte
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 05 October 2012 - 02:49 PM

Hello I did what you said, On start up IE is still slightly slower then normal,google still takes a considerable amount of time, and sometimes opening address still take a long time but it's a bit faster then before. but I don't seem to get pop ups everytime I open a link but i'm still making sure. However when i started IE this Addon tried to start up.

Name: @msdxmLC.dll,-1@1033,Radio
Publisher: (Not verified) Microsoft Corporation
Type: Toolbar
Version: 6.4.7.1112
File date:
Date last accessed: Not available
Class ID: {8E718888-423F-11D2-876E-00A0C9082467}
Use count: 0
Block count: 0
File: Msdxm6.ocx
Folder: C:\Windows\SysWOW64

However FireFox is still getting hijacked.

Edited by FangByte, 05 October 2012 - 02:53 PM.


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:22 AM

Posted 05 October 2012 - 03:19 PM

Hello

I want you to reset firefox back to defaults, to do this I need you to do this

  • At the top of the Firefox window, click the "Firefox" button,
  • go over to the "Help" sub-menu
    • (on Windows XP, click the Help menu at the top of the Firefox window) and select "Troubleshooting Information".
  • Click the "Reset Firefox" button in the upper-right corner of the Troubleshooting Information page.
  • click "Reset Firefox" in the confirmation window that opens.
  • Firefox will close and be reset. When it's done. Click "Finish" and Firefox will open.

restart the computer and check firefox for me now

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 FangByte

FangByte
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 05 October 2012 - 04:06 PM

It's seems Firefox is now working properly now.

But this came up in norton
Full Path: c:\users\brandon\desktop\old firefox data\extensions\npretoxstable@stable.heroesandgenerals.com\plugins\npretoxstable.dll
____________________________
____________________________
On computers as of:
10/5/2012 at 3:57:05 PM
Last Used:
10/5/2012 at 3:58:34 PM
Startup Item:
No
Launched:
No
____________________________
____________________________
Few Users
Fewer than 50 users in the Norton Community have used this file.
____________________________
Medium
This file risk is medium.
____________________________
Threat Details
Threat type: Insight Network Threat. There are many indications that this file is untrustworthy and therefore not safe
____________________________
Origin
Downloaded from URL Not Available

Source File:
npretoxstable.dll
____________________________
File Actions
File: c:\users\brandon\desktop\old firefox data\extensions\npretoxstable@stable.heroesandgenerals.com\plugins\npretoxstable.dll
Removed
____________________________
File Thumbprint - SHA:
bdf02809bed4f1a89e7160999107e98abbee6d1d062e50e68f688724760624de
____________________________
File Thumbprint - MD5:
9fd84e4ed2fa3f0ef45525148f1e15da
____________________________


Should i uninstall Combofix now or not now?

Edited by FangByte, 05 October 2012 - 04:18 PM.


#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:22 AM

Posted 05 October 2012 - 08:44 PM

Hello FangByte

We will remove all our tools at the last step

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 FangByte

FangByte
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 06 October 2012 - 09:25 PM

OTL logfile created on: 10/6/2012 10:07:11 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Brandon\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 3.52 Gb Available Physical Memory | 58.80% Memory free
11.98 Gb Paging File | 8.91 Gb Available in Paging File | 74.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 72.14 Gb Free Space | 7.75% Space Free | Partition Type: NTFS

Computer Name: BRANDON-PC | User Name: Brandon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Brandon\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Data\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Data\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Data\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Users\Brandon\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe ()
PRC - C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe (Realtek)
PRC - C:\Program Files (x86)\Lexmark 4800 Series\lxdeamon.exe ()
PRC - C:\Program Files (x86)\Lexmark 4800 Series\lxdemon.exe ()
PRC - C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (ASUSTeK Computer Inc.)
PRC - C:\ASUS.SYS\config\DVMExportService.exe (DeviceVM)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Lexmark 4800 Series\lxdeamon.exe ()
MOD - C:\Program Files (x86)\Lexmark 4800 Series\lxdemon.exe ()
MOD - C:\Program Files (x86)\Lexmark 4800 Series\app4r.monitor.core.dll ()
MOD - C:\Program Files (x86)\Lexmark 4800 Series\app4r.monitor.common.dll ()
MOD - C:\Program Files (x86)\Lexmark 4800 Series\app4r.devmons.mcmdevmon.dll ()
MOD - C:\Windows\SysWOW64\AsIO.dll ()
MOD - C:\Program Files (x86)\ASUS\EPU-6 Engine\pngio.dll ()
MOD - C:\Program Files (x86)\ASUS\EPU-6 Engine\AsusService.dll ()
MOD - C:\Windows\SysWOW64\APOMngr.DLL ()
MOD - C:\Windows\SysWOW64\CmdRtr.DLL ()
MOD - C:\Program Files (x86)\Lexmark 4800 Series\app4r.devmons.mcmdevmon.autoplayutil.dll ()
MOD - C:\Program Files (x86)\Lexmark 4800 Series\lxdescw.dll ()
MOD - C:\Program Files (x86)\Lexmark 4800 Series\lxdedatr.dll ()
MOD - C:\Program Files (x86)\Lexmark 4800 Series\lxdecats.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Flexera Software, Inc.)
SRV:64bit: - (mi-raysat_3dsmax2012_64) -- C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe ()
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (lxde_device) -- C:\Windows\SysNative\lxdecoms.exe ( )
SRV:64bit: - (lxdeCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdeserv.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Data\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Data\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll ()
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (HiPatchService) -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Hi-Rez Studios)
SRV - (Desura Install Service) -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe (Desura Pty Ltd)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (N360) -- C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe (Symantec Corporation)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (MSSQL$BWDATOOLSET) -- C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (Realtek11nSU) -- C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe (Realtek)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (ASUSTeK Computer Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DvmMDES) -- C:\ASUS.SYS\config\DVMExportService.exe (DeviceVM)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (lxde_device) -- C:\Windows\SysWOW64\lxdecoms.exe ( )
SRV - (lxdeCATSCustConnectService) -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxdeserv.exe ()


========== Driver Services (SafeList) ==========

DRV:64bit: - (MotioninJoyXFilter) -- C:\Windows\SysNative\drivers\MijXfilt.sys (MotioninJoy)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symnets.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symefa64.sys (Symantec Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symds64.sys (Symantec Corporation)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (PsSdk41) -- C:\Windows\SysNative\drivers\pssdk41.sys (microOLAP Technologies LTD)
DRV:64bit: - (RTL8192su) -- C:\Windows\SysNative\drivers\rtl8192su.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\N360x64\0502020.003\ironx64.sys (Symantec Corporation)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (pwdrvio) -- C:\Windows\SysNative\pwdrvio.sys ()
DRV:64bit: - (pwdspio) -- C:\Windows\SysNative\pwdspio.sys ()
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (P17) -- C:\Windows\SysNative\drivers\P17.sys (Creative Technology Ltd.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121005.025\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121005.025\eng64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121005.002\IDSviA64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120928.001\BHDrvx64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{050F6D2A-CD2C-4CCF-A95E-9A59CEE646C0}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{52A54A6E-3E27-4A22-A928-6755ADA9CFFC}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-2231389576-273949626-629909735-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKU\S-1-5-21-2231389576-273949626-629909735-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2231389576-273949626-629909735-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKU\S-1-5-21-2231389576-273949626-629909735-1000\..\SearchScopes,DefaultScope = {2A4B7A37-6238-4C73-9F14-505B5D8060B3}
IE - HKU\S-1-5-21-2231389576-273949626-629909735-1000\..\SearchScopes\{2A4B7A37-6238-4C73-9F14-505B5D8060B3}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-2231389576-273949626-629909735-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2231389576-273949626-629909735-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar: C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\Sonar\npesnsonar.dll (ESN AB)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch: C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\npesnlaunch.dll (ESN AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\Windows\system32\npOGPPlugin.dll (OGPlanet)
FF - HKLM\Software\MozillaPlugins\@onlive.com/OlGameDetect,version=1.1.0.60938: C:\Program Files (x86)\OnLive\FirefoxPlugin\npolgdet.dll (OnLive)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@perfectworld.com/npPlayNowPlugin: C:\Perfect World Entertainment\CORE Client\Plugins\npCorePluginFF.dll (Perfect World Entertainment Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Brandon\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Brandon\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/09/25 17:43:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_12_1 [2012/10/06 08:13:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/11/07 02:24:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/16 11:08:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/26 13:46:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/16 11:08:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/26 13:46:14 | 000,000,000 | ---D | M]

[2010/09/09 19:51:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brandon\AppData\Roaming\Mozilla\Extensions
[2012/04/08 12:03:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/02/15 17:08:11 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/09/16 11:08:53 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/08/24 04:31:30 | 000,773,120 | ---- | M] (BitComet) -- C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll
[2012/09/16 11:08:52 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/09/16 11:08:52 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Brandon\AppData\Local\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Brandon\AppData\Local\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Brandon\AppData\Local\Google\Chrome\Application\22.0.1229.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: BitCometAgent (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npBitCometAgent.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: CorePlugin (Enabled) = C:\Perfect World Entertainment\CORE Client\Plugins\npCorePluginFF.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\Sonar\npesnsonar.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\npesnlaunch.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll
CHR - plugin: OnLive Games Service Detector for Firefox (Enabled) = C:\Program Files (x86)\OnLive\FirefoxPlugin\npolgdet.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Brandon\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: OGPlanet Game Plugin (Enabled) = C:\Windows\system32\npOGPPlugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Skype Click to Call = C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: Gmail = C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/10/03 10:54:02 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (@msdxmLC.dll,-1@1033,&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Windows\SysWOW64\Msdxm6.ocx (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2231389576-273949626-629909735-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2231389576-273949626-629909735-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [lxdeamon] C:\Program Files (x86)\Lexmark 4800 Series\lxdeamon.exe ()
O4:64bit: - HKLM..\Run: [lxdemon.exe] C:\Program Files (x86)\Lexmark 4800 Series\lxdemon.exe ()
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [P17RunE] C:\Windows\SysWow64\P17RunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-2231389576-273949626-629909735-1000..\Run: [Akamai NetSession Interface] C:\Users\Brandon\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-2231389576-273949626-629909735-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2231389576-273949626-629909735-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2231389576-273949626-629909735-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-2231389576-273949626-629909735-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2231389576-273949626-629909735-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2231389576-273949626-629909735-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2231389576-273949626-629909735-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.31.0.cab (Battlefield Heroes Updater)
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.27.2.cab (Battlefield Play4Free Updater)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/15116/CTPID.cab (Creative Software AutoUpdate Support Package 1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{17E8219D-EBF0-4E52-85E2-4F6DCF7EF2AD}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\vnd.ms.radio - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\Windows\SysWOW64\Msdxm6.ocx (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/06 10:05:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Brandon\Desktop\OTL.exe
[2012/10/05 15:57:58 | 000,000,000 | ---D | C] -- C:\Users\Brandon\Desktop\Old Firefox Data
[2012/10/05 09:59:00 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Brandon\Desktop\aswMBR.exe
[2012/10/05 09:58:42 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Brandon\Desktop\tdsskiller.exe
[2012/10/05 09:26:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/10/04 23:51:04 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/10/04 10:40:04 | 000,000,000 | ---D | C] -- C:\Users\Brandon\Desktop\RK_Quarantine
[2012/10/03 10:37:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/03 10:37:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/03 10:37:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/03 10:34:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/03 10:34:03 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/10/03 10:17:18 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\{4B3ECAFB-AE53-4438-A269-5428BD844523}
[2012/10/02 22:23:14 | 004,761,955 | R--- | C] (Swearware) -- C:\Users\Brandon\Desktop\ComboFix.exe
[2012/10/02 11:41:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/10/02 11:41:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/10/02 11:22:51 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\{5FE7D644-09A6-4085-B7C5-448661542FF7}
[2012/10/01 11:16:49 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\{2BC93B65-B3FA-4C71-82D2-5E8D3EB3E85A}
[2012/09/30 10:37:13 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\{2DA9C663-0D23-4FC7-9D75-59313B6F0D98}
[2012/09/29 09:44:01 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\{6E88697D-9E08-450B-B8C9-361DC67CE2EA}
[2012/09/28 10:57:37 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\{2197A611-80BA-4A87-AB0A-0E1AB0D07C83}
[2012/09/27 11:06:22 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\{BED89652-84B3-4097-B348-3ABFC46304D0}
[2012/09/26 19:43:37 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\Malwarebytes
[2012/09/26 19:43:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/26 19:43:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/26 19:43:17 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/26 11:36:33 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\{71C2502E-3B68-4E78-B045-0DABA824748F}
[2012/09/25 17:57:02 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2012/09/25 17:49:24 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\{45EDFBB3-5160-4302-9D11-17E2CFA4F6D4}
[2012/09/25 10:27:08 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\{B599559A-FC03-42B6-A183-3C9A41106EF6}
[2012/09/24 09:00:01 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\{86587E7B-0BE9-4D00-8136-A0AC6D0311E0}
[2012/09/23 20:34:18 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\{6EFEB90A-C5CD-4B9E-AB25-4791244E4808}
[2012/09/23 01:01:57 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/09/23 01:01:57 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/09/23 01:01:53 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/09/23 01:01:52 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/09/23 01:01:52 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/09/23 01:01:52 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/09/23 01:01:51 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/09/23 01:01:50 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/09/23 01:01:49 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/09/23 01:01:49 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/09/23 01:01:49 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/09/23 01:01:49 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/09/23 01:01:45 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/09/23 01:01:45 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/09/23 01:01:45 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/09/22 16:07:03 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\ImgBurn
[2012/09/22 15:56:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2012/09/22 08:59:02 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\{7F934874-B25B-4526-A946-3470638FA056}
[2012/09/21 09:51:58 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\{FDCCE760-F80B-4AA7-B9AF-D2BDB7B9C7F1}
[2012/09/20 10:23:30 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\{D26255C3-A32B-464B-A883-C414FF5F75BF}
[2012/09/19 09:39:32 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\{7E0B615F-271A-49FF-95AF-CF42D1EDB5FF}
[2012/09/19 01:27:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/09/19 01:27:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/09/18 09:28:31 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\{8A4AD2CF-9303-41B5-B939-33225735D46A}
[2012/09/17 09:41:08 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\{3B6E0E96-2D63-40AA-979F-F8676B6DE36E}
[2012/09/16 10:29:17 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\{CE08C683-8D47-4777-BC25-48432D0E82CA}
[2012/09/15 13:34:44 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\{FB01A2BF-EDDA-466D-8C21-95F610303AEC}
[2012/09/14 19:05:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012/09/14 12:11:58 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\{C1E3D638-5DBD-457C-9A5E-0A4319103819}
[2012/09/13 11:29:02 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\{FF1FA700-2E76-4E32-9AE4-5A659337BF68}
[2012/09/12 11:14:56 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2012/09/12 11:14:54 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012/09/12 11:14:50 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012/09/12 11:14:50 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012/09/12 11:07:38 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\{D15ABC26-59BE-4EDB-9477-D2C6DB47E700}
[2012/09/11 10:40:31 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\{DF16BF8B-AF7E-4549-965C-12F9332F7991}
[2012/09/10 09:55:03 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\{40C6B177-AC30-4805-9246-8BBE4D79B04C}
[2012/09/09 11:51:37 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\{50428F55-8A82-4644-8A8D-1F4D13C2A4BD}
[2012/09/09 00:29:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dawn of War II - Destroyer 40k
[2012/09/08 06:37:15 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\{66CCC9AC-C85C-4243-9137-8518B61F09A4}
[2012/09/07 10:59:09 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\{CE017A08-20B8-4916-B72C-6059B356E62E}
[2012/09/06 11:45:45 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\{B0BED24C-9526-4B4E-9B4E-7DFF1CDD3C16}
[8 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/06 10:05:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Brandon\Desktop\OTL.exe
[2012/10/06 10:04:09 | 000,000,222 | ---- | M] () -- C:\Users\Brandon\Desktop\XCOM Enemy Unknown.url
[2012/10/06 09:59:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/06 09:53:19 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2012/10/06 09:37:01 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2231389576-273949626-629909735-1000UA.job
[2012/10/06 08:21:59 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/06 08:21:58 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/06 08:10:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/06 08:10:34 | 529,883,135 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/06 00:09:11 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2231389576-273949626-629909735-1000Core.job
[2012/10/05 15:58:55 | 000,002,044 | ---- | M] () -- C:\Users\Brandon\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/10/05 15:56:33 | 000,769,289 | ---- | M] () -- C:\Users\Brandon\Desktop\bookmarks-2012-10-05.json
[2012/10/05 11:29:55 | 000,000,512 | ---- | M] () -- C:\Users\Brandon\Desktop\MBR.dat
[2012/10/05 09:59:39 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Brandon\Desktop\aswMBR.exe
[2012/10/05 09:58:43 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Brandon\Desktop\tdsskiller.exe
[2012/10/03 22:42:38 | 000,513,501 | ---- | M] () -- C:\Users\Brandon\Desktop\adwcleaner.exe
[2012/10/03 16:08:08 | 000,881,724 | ---- | M] () -- C:\Users\Brandon\Desktop\SecurityCheck.exe
[2012/10/03 10:54:02 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/10/03 10:33:53 | 004,761,955 | R--- | M] (Swearware) -- C:\Users\Brandon\Desktop\ComboFix.exe
[2012/10/02 11:41:52 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/09/27 21:46:49 | 000,002,455 | ---- | M] () -- C:\Users\Brandon\Desktop\Google Chrome.lnk
[2012/09/26 19:43:22 | 000,000,807 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/25 17:59:24 | 000,865,876 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/25 17:59:24 | 000,720,496 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/25 17:59:24 | 000,145,566 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/09/22 15:56:12 | 000,001,533 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2012/09/20 14:12:38 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/09/20 14:12:38 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/09/19 01:28:06 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/09/11 17:05:30 | 000,121,416 | ---- | M] (MotioninJoy) -- C:\Windows\SysNative\drivers\MijXfilt.sys
[2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[8 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/06 10:04:09 | 000,000,222 | ---- | C] () -- C:\Users\Brandon\Desktop\XCOM Enemy Unknown.url
[2012/10/05 15:56:32 | 000,769,289 | ---- | C] () -- C:\Users\Brandon\Desktop\bookmarks-2012-10-05.json
[2012/10/05 11:29:55 | 000,000,512 | ---- | C] () -- C:\Users\Brandon\Desktop\MBR.dat
[2012/10/03 22:42:38 | 000,513,501 | ---- | C] () -- C:\Users\Brandon\Desktop\adwcleaner.exe
[2012/10/03 16:08:07 | 000,881,724 | ---- | C] () -- C:\Users\Brandon\Desktop\SecurityCheck.exe
[2012/10/03 10:37:28 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/03 10:37:28 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/03 10:37:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/03 10:37:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/03 10:37:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/10/02 11:41:52 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/10/02 11:41:40 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/09/26 19:43:21 | 000,000,807 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/22 15:56:12 | 000,001,533 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2012/09/22 15:56:11 | 000,001,545 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[2012/09/20 14:12:39 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/19 01:28:02 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/09/09 00:29:11 | 000,001,399 | ---- | C] () -- C:\Users\Public\Desktop\DOW2 - Destroyer40k.lnk
[2012/05/28 18:11:27 | 000,000,249 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2012/05/06 16:42:59 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2012/03/08 23:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/03/08 23:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/02/24 18:22:00 | 000,078,634 | ---- | C] () -- C:\Users\Brandon\AppData\Roaming\icarus-dxdiag.xml
[2012/01/31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011/11/16 18:00:56 | 001,200,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdeserv.dll
[2011/11/16 18:00:56 | 000,950,272 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdeusb1.dll
[2011/11/16 18:00:56 | 000,860,160 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdecomc.dll
[2011/11/16 18:00:56 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdehbn3.dll
[2011/11/16 18:00:56 | 000,647,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdepmui.dll
[2011/11/16 18:00:56 | 000,598,960 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdecoms.exe
[2011/11/16 18:00:56 | 000,565,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdelmpm.dll
[2011/11/16 18:00:56 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxdecomx.dll
[2011/11/16 18:00:56 | 000,365,488 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdecfg.exe
[2011/11/16 18:00:56 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdecomm.dll
[2011/11/16 18:00:56 | 000,356,352 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdeinpa.dll
[2011/11/16 18:00:56 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\lxdeinst.dll
[2011/11/16 18:00:56 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdeiesc.dll
[2011/11/16 18:00:56 | 000,320,432 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdeih.exe
[2011/11/16 18:00:56 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdeprox.dll
[2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/09/08 19:41:44 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011/06/15 23:36:29 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/06/15 10:59:04 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/05/18 19:16:07 | 000,001,940 | ---- | C] () -- C:\Users\Brandon\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/02/06 12:48:19 | 000,044,544 | ---- | C] () -- C:\Windows\SysWow64\Gif89.dll
[2010/12/28 21:33:54 | 000,028,826 | ---- | C] () -- C:\Users\Brandon\AppData\Roaming\OFMissionEditorConfig.xml
[2010/11/27 18:31:15 | 000,859,600 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Files - Unicode (All) ==========
[2011/11/28 22:24:22 | 000,000,055 | ---- | M] ()(C:\Users\Brandon\Desktop\Sound Online ????????? ?The Clear Blue Sky? ?????.url) -- C:\Users\Brandon\Desktop\Sound Online オリジナルアルバム 「The Clear Blue Sky」 特設ページ.url
[2011/11/28 22:24:22 | 000,000,055 | ---- | C] ()(C:\Users\Brandon\Desktop\Sound Online ????????? ?The Clear Blue Sky? ?????.url) -- C:\Users\Brandon\Desktop\Sound Online オリジナルアルバム 「The Clear Blue Sky」 特設ページ.url
[2010/11/07 01:23:20 | 000,000,000 | ---D | M](C:\Users\Brandon\Documents\?? ???) -- C:\Users\Brandon\Documents\넥슨 플러그
[2010/11/07 01:23:20 | 000,000,000 | ---D | C](C:\Users\Brandon\Documents\?? ???) -- C:\Users\Brandon\Documents\넥슨 플러그

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:BEB15613

< End of report >


It's seems after restarting the PC, IE and Firefox are working properly again, no more secruity alert pop ups, or search redirects, so i think it's fixed. I hope what ever caused the problem is no longer on my PC.

Thanks for the help.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:22 AM

Posted 06 October 2012 - 10:05 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - user.js - File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
    FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found
    FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found
    FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-2231389576-273949626-629909735-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\vnd.ms.radio - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:BEB15613  
    
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 FangByte

FangByte
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 06 October 2012 - 10:39 PM

========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2231389576-273949626-629909735-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully.
File Protocol\Handler\skype-ie-addon-data - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\vnd.ms.radio\ deleted successfully.
File Protocol\Handler\vnd.ms.radio - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
ADS C:\ProgramData\TEMP:BEB15613 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Brandon\Desktop\cmd.bat deleted successfully.
C:\Users\Brandon\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Brandon
->Java cache emptied: 2499638 bytes

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 2.00 mb


[EMPTYFLASH]

User: All Users

User: Brandon
->Flash cache emptied: 69049 bytes

User: Default
->Flash cache emptied: 56466 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10062012_223700

OTL didn't ask to restart, but IE and Firefox are still running fine.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users