Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Continually Spammed by Malwarebytes Anti-Malware


  • This topic is locked This topic is locked
17 replies to this topic

#1 Thanatoid

Thanatoid

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 11 May 2013 - 12:31 PM

I am being spammed by the notification bubble saying Malwarebytes Anti-Malwarebytes has Successfully blocked access to a potentially malicious website 46.249.61.92 (not always same IP, just the one that was on bubble as typing this) Type: outgoing Port: 50697 (once again not always same port), Process: svchost.exe (always same process) I have not found a log to post of all the IP / Ports and they are random.

 

Any help able to be provided would greatly appreciated.

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537  BrowserJavaVersion: 10.21.2
Run by Christopher Moser at 12:15:08 on 2013-05-11
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6143.4445 [GMT -5:00]
.
AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\20.3.1.22\ccSvcHst.exe
C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.3.19\ccSvcHst.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Windows\System32\regsvr32.exe
C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
C:\Windows\SysWOW64\regsvr32.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Logitech\G930\G930.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Users\Christopher Moser\AppData\Local\Apps\2.0\EZCTDMXM.R2M\V91K38NY.1J3\curs..tion_9e9e83ddf3ed3ead_0005.0001_35ab96b41397406c\CurseClient.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\20.3.1.22\ccSvcHst.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.3.19\ccSvcHst.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\systeminfo.exe
C:\Windows\system32\find.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: PE_IE_Helper Class: {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files (x86)\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\20.3.1.22\IPS\IPSBHO.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Norton Identity Protection: {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.3.19\CoIEPlg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.3.19\CoIEPlg.dll
TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.3.19\CoIEPlg.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [LogiShrd] regsvr32.exe "C:\Users\Christopher Moser\AppData\Local\LogiShrd\iydivyxk.dll"
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [AprvRemoveLegacyExcelKeys] "C:\Program Files (x86)\ApproveIt\Support\Tools\AprvClean.exe" -k HKCU SOFTWARE\Microsoft\Office\Excel\Addins\OfficeAddIn.OfficeAddIn
mRun: [AprvRemoveLegacyWordKeys] "C:\Program Files (x86)\ApproveIt\Support\Tools\AprvClean.exe" -k HKCU SOFTWARE\Microsoft\Office\Word\Addins\OfficeAddIn.OfficeAddIn
mRun: [ApproveItForOfficeSetup] "C:\Program Files (x86)\ApproveIt\Support\Tools\ApproveItForOfficeSetup.exe " /1 /p "C:\Program Files (x86)\ApproveIt\"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Logitech G930] C:\Program Files (x86)\Logitech\G930\G930.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun: [SearchProtection] C:\ProgramData\Search Protection\_run.bat
dRun: [Deployment] rundll32 "C:\Users\Christopher Moser\AppData\Local\SCE\Deployment\hkkdourwk.dll",DllRegisterServer
StartupFolder: C:\Users\Christopher Moser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\Users\CHRIST~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ACTIVC~1.LNK - C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\APPROV~1.LNK - C:\Windows\Installer\{4E01B649-0023-4EB5-9263-57DE317C3418}\Icon9557F1BC1.ico
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 209.18.47.61 209.18.47.62 192.168.1.1
TCP: Interfaces\{8AD248D5-80E5-435F-9F08-A961E2C34261} : DHCPNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
AppInit_DLLs=     
SSODL: WebCheck - <orphaned>
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [acevents] "C:\Program Files\ActivIdentity\ActivClient\acevents.exe"
x64-Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Christopher Moser\AppData\Roaming\Mozilla\Firefox\Profiles\qicu5ppi.default\
FF - prefs.js: browser.startup.homepage - www.msn.com
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npmfv.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll
FF - ExtSQL: 2013-04-30 07:02; {F04D2D30-776C-4d02-8627-8E4385ECA58D}; C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.3.3.19\coFFPlgn
FF - ExtSQL: 2013-04-30 07:05; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.1.22\IPSFFPlgn
FF - ExtSQL: !HIDDEN! 2012-08-22 22:33; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2013-3-31 82600]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2013-3-31 42664]
R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-5-10 14456]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NAVx64\1403010.016\SymDS64.sys [2013-4-30 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NAVx64\1403010.016\SymEFA64.sys [2013-4-30 1139800]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.1.22\Definitions\BASHDefs\20130502.001\BHDrvx64.sys [2013-5-7 1390680]
R1 ccSet_NAV;Norton AntiVirus Settings Manager;C:\Windows\System32\drivers\NAVx64\1403010.016\ccSetx64.sys [2013-4-30 168096]
R1 ccSet_NST;Norton Identity Safe Settings Manager;C:\Windows\System32\drivers\NSTx64\7DD03030.013\ccSetx64.sys [2013-4-30 168096]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.1.22\Definitions\IPSDefs\20130510.001\IDSviA64.sys [2013-5-10 513184]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NAVx64\1403010.016\Ironx64.sys [2013-4-30 224416]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NAVx64\1403010.016\symnets.sys [2013-4-30 432800]
R2 ac.sharedstore;ActivIdentity Shared Store Service;C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-6-3 277032]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-4-20 203776]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2010-1-11 155648]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-5-11 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-5-11 701512]
R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\20.3.1.22\ccSvcHst.exe [2013-4-30 144520]
R2 NCO;Norton Identity Safe;C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.3.19\ccSvcHst.exe [2013-4-30 144520]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-9-17 138912]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-8-6 320040]
R3 LADF_CaptureOnly;LADF Capture Filter Driver;C:\Windows\System32\drivers\ladfGSCamd64.sys [2011-4-11 410184]
R3 LADF_RenderOnly;LADF Render Filter Driver;C:\Windows\System32\drivers\ladfGSRamd64.sys [2011-4-11 341832]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
R3 LVUVC64;Logitech Webcam Pro 9000(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-5-11 25928]
R3 S3XXx64;SCR3xx USB SmartCardReader64;C:\Windows\System32\drivers\S3XXx64.sys [2013-4-3 74752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-4-23 19456]
S3 slb;slb;C:\AeriaGames\ScarletBlade\avital\scarlb64.sys [2013-4-28 81880]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-4-23 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-4-23 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-20 1255736]
.
=============== Created Last 30 ================
.
2013-05-11 15:19:16    --------    d-----w-    C:\Program Files (x86)\ESET
2013-05-11 14:41:54    --------    d-----w-    C:\Users\Christopher Moser\AppData\Local\Programs
2013-05-11 14:39:44    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-05-11 14:39:44    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-10 21:38:17    --------    d-----w-    C:\Users\Christopher Moser\AppData\Roaming\LavasoftStatistics
2013-05-10 21:25:08    --------    d-----w-    C:\ProgramData\Downloaded Installations
2013-05-10 21:25:03    --------    d-----w-    C:\Users\Christopher Moser\AppData\Local\adawarebp
2013-05-10 21:25:02    --------    d-----w-    C:\ProgramData\Ad-Aware Browsing Protection
2013-05-10 21:24:56    --------    d-----w-    C:\Program Files (x86)\Toolbar Cleaner
2013-05-10 21:22:01    14456    ----a-w-    C:\Windows\System32\drivers\gfibto.sys
2013-05-09 22:31:09    95648    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-08 23:46:05    --------    d-----w-    C:\Users\Christopher Moser\AppData\Local\Tukui
2013-05-08 23:45:43    --------    d-----w-    C:\Program Files (x86)\Tukui
2013-05-08 02:44:25    --------    d-----w-    C:\Program Files (x86)\Aeria Games
2013-05-08 02:44:16    --------    d-----w-    C:\Users\Christopher Moser\AppData\Roaming\Aeria Games & Entertainment
2013-05-07 14:04:42    --------    d-----w-    C:\Users\Christopher Moser\AppData\Local\LogiShrd
2013-05-05 02:04:16    --------    d-----w-    C:\Users\Christopher Moser\AppData\Local\Sony Online Entertainment
2013-05-05 01:35:13    --------    d-----w-    C:\ProgramData\StarApp
2013-05-05 01:32:55    --------    d-----w-    C:\ProgramData\continnuetosavve
2013-04-30 12:02:41    168096    ----a-r-    C:\Windows\System32\drivers\NSTx64\7DD03030.013\ccSetx64.sys
2013-04-30 12:02:38    --------    d-----w-    C:\Windows\System32\drivers\NSTx64\7DD03030.013
2013-04-30 12:02:38    --------    d-----w-    C:\Windows\System32\drivers\NSTx64
2013-04-30 12:02:38    --------    d-----w-    C:\Program Files (x86)\Norton Identity Safe
2013-04-30 10:56:46    796248    ----a-r-    C:\Windows\System32\drivers\NAVx64\1403010.016\srtsp64.sys
2013-04-30 10:56:46    493656    ----a-r-    C:\Windows\System32\drivers\NAVx64\1403010.016\SymDS64.sys
2013-04-30 10:56:46    432800    ----a-r-    C:\Windows\System32\drivers\NAVx64\1403010.016\symnets.sys
2013-04-30 10:56:46    36952    ----a-r-    C:\Windows\System32\drivers\NAVx64\1403010.016\srtspx64.sys
2013-04-30 10:56:46    23448    ----a-r-    C:\Windows\System32\drivers\NAVx64\1403010.016\SymELAM.sys
2013-04-30 10:56:46    224416    ----a-r-    C:\Windows\System32\drivers\NAVx64\1403010.016\Ironx64.sys
2013-04-30 10:56:46    168096    ----a-r-    C:\Windows\System32\drivers\NAVx64\1403010.016\ccSetx64.sys
2013-04-30 10:56:46    1139800    ----a-r-    C:\Windows\System32\drivers\NAVx64\1403010.016\SymEFA64.sys
2013-04-30 10:56:38    --------    d-----w-    C:\Windows\System32\drivers\NAVx64\1403010.016
2013-04-28 20:15:35    --------    d-----w-    C:\Users\Christopher Moser\AppData\Local\Aeria Games
2013-04-28 20:15:16    --------    d-----w-    C:\ProgramData\Aeria Games
2013-04-28 20:10:50    --------    d-sh--w-    C:\Windows\SysWow64\AI_RecycleBin
2013-04-28 19:47:04    --------    d-----w-    C:\Users\Christopher Moser\AppData\Local\Akamai
2013-04-28 19:47:03    --------    d-----w-    C:\AeriaGames
2013-04-24 00:35:30    3072    ----a-w-    C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui
2013-04-24 00:32:28    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2013-04-24 00:32:28    458712    ----a-w-    C:\Windows\System32\drivers\cng.sys
2013-04-24 00:32:28    340992    ----a-w-    C:\Windows\System32\schannel.dll
2013-04-24 00:32:28    247808    ----a-w-    C:\Windows\SysWow64\schannel.dll
2013-04-24 00:32:28    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2013-04-24 00:32:28    154480    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2013-04-24 00:32:28    1448448    ----a-w-    C:\Windows\System32\lsasrv.dll
2013-04-23 22:38:12    1656680    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
.
==================== Find3M  ====================
.
2013-04-30 10:56:57    177312    ----a-w-    C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2013-04-19 02:58:17    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-19 02:58:17    691592    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-04-11 14:22:56    770384    ----a-w-    C:\Windows\SysWow64\msvcr100.dll
2013-04-11 14:22:56    421200    ----a-w-    C:\Windows\SysWow64\msvcp100.dll
2013-04-03 18:12:06    74752    ----a-w-    C:\Windows\System32\drivers\S3XXx64.sys
2013-03-31 23:32:04    82600    ----a-w-    C:\Windows\System32\drivers\amd_sata.sys
2013-03-31 23:32:04    42664    ----a-w-    C:\Windows\System32\drivers\amd_xata.sys
2013-03-19 06:04:06    5550424    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:46:56    43520    ----a-w-    C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13    3968856    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10    3913560    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50    6656    ----a-w-    C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33    112640    ----a-w-    C:\Windows\System32\smss.exe
2013-03-05 16:14:03    861088    ----a-w-    C:\Windows\SysWow64\npDeployJava1.dll
2013-03-05 16:14:03    782240    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-03-01 03:36:04    3153408    ----a-w-    C:\Windows\System32\win32k.sys
2013-02-12 05:45:24    135168    ----a-w-    C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22    350208    ----a-w-    C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22    308736    ----a-w-    C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22    111104    ----a-w-    C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31    474112    ----a-w-    C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26    2176512    ----a-w-    C:\Windows\apppatch\AcGenral.dll
2013-02-12 04:12:05    19968    ----a-w-    C:\Windows\System32\drivers\usb8023.sys
.
============= FINISH: 12:18:56.69 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:38 AM

Posted 11 May 2013 - 08:23 PM


Hello and welcome.  Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.”  Absence of symptoms does not mean your machine is clean! 
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
icon11.gif   Please download Farbar Recovery Scan Tool and save it to your desktop.
 
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

 

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 


Edited by RPMcMurphy, 11 May 2013 - 08:24 PM.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 Thanatoid

Thanatoid
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 11 May 2013 - 09:14 PM

Thanx for the speedy reply, espcially for a free service and forum. I appreciate the assistance. Here are the logs requested.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-05-2013 01
Ran by Christopher Moser (administrator) on 11-05-2013 21:05:11
Running from C:\Users\Christopher Moser\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(AMD) C:\Windows\system32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\20.3.1.22\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.3.19\ccSvcHst.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Logitech©) C:\Program Files (x86)\Logitech\G930\G930.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Curse) C:\Users\Christopher Moser\AppData\Local\Apps\2.0\EZCTDMXM.R2M\V91K38NY.1J3\curs..tion_9e9e83ddf3ed3ead_0005.0001_35ab96b41397406c\CurseClient.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\20.3.1.22\ccSvcHst.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.3.19\ccSvcHst.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Farbar) C:\Users\Christopher Moser\Desktop\FRST64.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized [6868280 2012-05-21] (Logitech Inc.)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [acevents] "C:\Program Files\ActivIdentity\ActivClient\acevents.exe" [196648 2009-06-03] (ActivIdentity)
HKLM\...\Run: []  [x]
HKLM\...\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe" [483880 2009-06-03] (ActivIdentity)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKCU\...\Run: [LogiShrd] regsvr32.exe "C:\Users\Christopher Moser\AppData\Local\LogiShrd\iydivyxk.dll" [762368 2013-05-07] (CANON INC.)
HKLM-x32\...\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [205336 2011-11-11] (Logitech Inc.)
HKLM-x32\...\Run: [AprvRemoveLegacyExcelKeys] "C:\Program Files (x86)\ApproveIt\Support\Tools\AprvClean.exe" -k HKCU SOFTWARE\Microsoft\Office\Excel\Addins\OfficeAddIn.OfficeAddIn [73728 2010-01-26] (Silanis Technology Inc.)
HKLM-x32\...\Run: [AprvRemoveLegacyWordKeys] "C:\Program Files (x86)\ApproveIt\Support\Tools\AprvClean.exe" -k HKCU SOFTWARE\Microsoft\Office\Word\Addins\OfficeAddIn.OfficeAddIn [73728 2010-01-26] (Silanis Technology Inc.)
HKLM-x32\...\Run: [ApproveItForOfficeSetup] "C:\Program Files (x86)\ApproveIt\Support\Tools\ApproveItForOfficeSetup.exe " /1 /p "C:\Program Files (x86)\ApproveIt\" [x]
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Logitech G930] C:\Program Files (x86)\Logitech\G930\G930.exe [1516888 2011-03-23] (Logitech©)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" [542632 2013-01-31] (Lavasoft)
HKLM-x32\...\Run: [SearchProtection] C:\ProgramData\Search Protection\_run.bat [x]
Startup: C:\ProgramData\Start Menu\Programs\Startup\ActivClient Agent.lnk
ShortcutTarget: ActivClient Agent.lnk -> C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)
Startup: C:\ProgramData\Start Menu\Programs\Startup\ApproveIt StartUp.lnk
ShortcutTarget: ApproveIt StartUp.lnk -> C:\Windows\Installer\{4E01B649-0023-4EB5-9263-57DE317C3418}\Icon9557F1BC1.ico ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Christopher Moser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
Startup: C:\Users\Christopher Moser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtByCtB0DtCtA0C0D0DtAtBzyyD0DtN0D0Tzu0CtBtAtAtN1L2XzutBtFtCtFtCtFtAtCtB&cr=375962120
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtByCtB0DtCtA0C0D0DtAtBzyyD0DtN0D0Tzu0CtBtAtAtN1L2XzutBtFtCtFtCtFtAtCtB&cr=375962120
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {A0E61AB5-4E2E-4F5B-8020-773EDBCD67BE} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3287375&CUI=UN41663991032792722&UM=2
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: PE_IE_Helper Class - {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files (x86)\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll (IBM Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\20.3.1.22\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Norton Identity Protection - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.3.19\coIEPlg.dll (Symantec Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.3.19\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} -  No File
Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [20992] (Microsoft Corporation)
Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Christopher Moser\AppData\Roaming\Mozilla\Firefox\Profiles\qicu5ppi.default
FF Homepage: www.msn.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Purple Fox - C:\Users\Christopher Moser\AppData\Roaming\Mozilla\Firefox\Profiles\qicu5ppi.default\Extensions\{3ffb7be0-8bde-11de-8a39-0800200c9a66}
FF Extension: Office2007Black - C:\Users\Christopher Moser\AppData\Roaming\Mozilla\Firefox\Profiles\qicu5ppi.default\Extensions\Office2007Black@JBBS.xpi
FF Extension: No Name - C:\Users\Christopher Moser\AppData\Roaming\Mozilla\Firefox\Profiles\qicu5ppi.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi

Chrome:
=======
CHR Extension: (continnuetosavve) - C:\Users\Christopher Moser\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdjglpeefoapjpnimgjjdonofbldmfhp\1

==================== Services (Whitelisted) =================

R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-03] (ActivIdentity)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\20.3.1.22\diMaster.dll [554288 2013-03-29] (Symantec Corporation)
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.3.19\diMaster.dll [554288 2013-03-29] (Symantec Corporation)

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.1.22\Definitions\BASHDefs\20130502.001\BHDrvx64.sys [1390680 2013-04-12] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-02-20] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-09-17] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.1.22\Definitions\IPSDefs\20130510.001\IDSvia64.sys [513184 2013-04-30] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.1.22\Definitions\VirusDefs\20130510.022\ENG64.SYS [126192 2013-04-29] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.1.22\Definitions\VirusDefs\20130510.022\EX64.SYS [2087664 2013-04-29] (Symantec Corporation)
R3 S3XXx64; C:\Windows\System32\DRIVERS\S3XXx64.sys [74752 2013-04-03] (Identive)
S3 slb; C:\AeriaGames\ScarletBlade\avital\scarlb64.sys [81880 2013-04-28] ()
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-04-30] (Symantec Corporation)
R1 ccSet_NAV; \SystemRoot\system32\drivers\NAVx64\1403010.016\ccSetx64.sys [x]
R1 ccSet_NST; \SystemRoot\system32\drivers\NSTx64\7DD03030.013\ccSetx64.sys [x]
R0 gfibto; system32\drivers\gfibto.sys [x]
R3 SRTSP; \SystemRoot\System32\Drivers\NAVx64\1403010.016\SRTSP64.SYS [x]
R1 SRTSPX; \SystemRoot\system32\drivers\NAVx64\1403010.016\SRTSPX64.SYS [x]
R0 SymDS; system32\drivers\NAVx64\1403010.016\SYMDS64.SYS [x]
R0 SymEFA; system32\drivers\NAVx64\1403010.016\SYMEFA64.SYS [x]
R1 SymIRON; \SystemRoot\system32\drivers\NAVx64\1403010.016\Ironx64.SYS [x]
R1 SymNetS; \SystemRoot\System32\Drivers\NAVx64\1403010.016\SYMNETS.SYS [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-05-11 21:04 - 2013-05-11 21:04 - 01875978 ____A (Farbar) C:\Users\Christopher Moser\Desktop\FRST64.exe
2013-05-11 21:04 - 2013-05-11 21:04 - 00000000 ____D C:\FRST
2013-05-11 10:21 - 2013-05-11 12:15 - 00000000 ____D C:\Users\Christopher Moser\Desktop\Clean Computer
2013-05-11 10:19 - 2013-05-11 10:19 - 00000000 ____D C:\Program Files (x86)\ESET
2013-05-11 09:39 - 2013-05-11 10:06 - 00001069 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-05-11 09:39 - 2013-05-11 10:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-11 09:39 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-05-10 19:53 - 2013-05-10 19:53 - 00002683 ____A C:\Users\Christopher Moser\Downloads\Tukui_ImprovedCurrency.zip
2013-05-10 16:38 - 2013-05-10 16:38 - 00000968 ____A C:\Windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
2013-05-10 16:38 - 2013-05-10 16:38 - 00000000 ____D C:\Users\Christopher Moser\AppData\Roaming\LavasoftStatistics
2013-05-10 16:25 - 2013-05-10 16:25 - 00000000 ____D C:\Users\Christopher Moser\AppData\Local\adawarebp
2013-05-10 16:25 - 2013-05-10 16:25 - 00000000 ____D C:\ProgramData\Downloaded Installations
2013-05-10 16:25 - 2013-05-10 16:25 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2013-05-10 16:24 - 2013-05-10 16:24 - 00000000 ____D C:\Program Files (x86)\Toolbar Cleaner
2013-05-10 16:22 - 2013-05-10 16:22 - 00014456 ____A (GFI Software) C:\Windows\System32\Drivers\gfibto.sys
2013-05-10 16:21 - 2013-05-10 16:21 - 05577352 ____A (Lavasoft Limited) C:\Users\Christopher Moser\Downloads\Adaware_Installer.exe
2013-05-09 17:31 - 2013-04-04 05:35 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-05-09 17:31 - 2013-04-04 05:30 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-05-09 17:31 - 2013-04-04 05:29 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-05-09 17:30 - 2013-05-09 17:31 - 00003990 ____A C:\Windows\SysWOW64\jupdate-1.7.0_21-b11.log
2013-05-08 18:46 - 2013-05-08 18:46 - 00000000 ____D C:\Users\Christopher Moser\AppData\Local\Tukui
2013-05-08 18:45 - 2013-05-08 18:45 - 01290451 ____A C:\Users\Christopher Moser\Downloads\tc2240.zip
2013-05-08 18:45 - 2013-05-08 18:45 - 00002573 ____A C:\Users\Public\Desktop\Tukui Client.lnk
2013-05-08 18:45 - 2013-05-08 18:45 - 00000000 ____D C:\Program Files (x86)\Tukui
2013-05-07 21:44 - 2013-05-07 21:44 - 00000000 ____D C:\Users\Christopher Moser\AppData\Roaming\Aeria Games & Entertainment
2013-05-07 21:44 - 2013-05-07 21:44 - 00000000 ____D C:\Program Files (x86)\Aeria Games
2013-05-07 09:04 - 2013-05-09 17:27 - 00000000 ____D C:\Users\Christopher Moser\AppData\Local\LogiShrd
2013-05-04 21:15 - 2013-05-04 21:16 - 00000000 ____D C:\Users\Christopher Moser\AppData\Roaming\Notepad++
2013-05-04 21:15 - 2013-05-04 21:16 - 00000000 ____D C:\Program Files (x86)\Notepad++
2013-05-04 21:04 - 2013-05-04 21:04 - 00000000 ____D C:\Users\Christopher Moser\AppData\Local\Sony Online Entertainment
2013-05-04 20:35 - 2013-05-04 20:35 - 00000000 ____D C:\ProgramData\StarApp
2013-05-04 20:32 - 2013-05-04 20:32 - 00000000 ____D C:\ProgramData\continnuetosavve
2013-05-02 22:19 - 2013-05-02 22:19 - 00018084 ____A C:\Users\Christopher Moser\Downloads\ElvUI_DTBars.zip
2013-05-02 19:26 - 2013-05-02 19:26 - 00039698 ____A C:\Users\Christopher Moser\Downloads\Tukui_ElvUI_PetBattleHUD-1.16.zip
2013-05-02 07:57 - 2013-05-02 07:57 - 02246768 ____A C:\Users\Christopher Moser\Downloads\elvui-5.99.zip
2013-04-30 07:02 - 2013-04-30 07:02 - 00000000 ____D C:\Windows\System32\Drivers\NSTx64
2013-04-30 07:02 - 2013-04-30 07:02 - 00000000 ____D C:\Program Files (x86)\Norton Identity Safe
2013-04-30 00:56 - 2013-04-30 00:56 - 00000000 ____D C:\Users\Public\Downloads\Norton
2013-04-28 15:15 - 2013-04-28 15:15 - 00000000 ____D C:\Users\Christopher Moser\AppData\Local\Aeria Games
2013-04-28 15:15 - 2013-04-28 15:15 - 00000000 ____D C:\ProgramData\Aeria Games
2013-04-28 15:10 - 2013-05-07 21:44 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2013-04-28 14:47 - 2013-04-28 15:10 - 00000000 ____D C:\AeriaGames
2013-04-28 14:47 - 2013-04-28 14:47 - 00000000 ____D C:\Users\Christopher Moser\AppData\Local\Akamai
2013-04-28 14:46 - 2013-04-28 14:46 - 00551448 ____A (Aeria Games & Entertainment) C:\Users\Christopher Moser\Downloads\scarletblade_us_downloader.exe
2013-04-23 19:37 - 2013-04-23 19:37 - 19230208 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 14323200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 13761024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-04-23 19:37 - 2013-04-23 19:37 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-04-23 19:37 - 2013-04-23 19:37 - 02647040 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 02240512 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 02046464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 01766912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-04-23 19:37 - 2013-04-23 19:37 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-04-23 19:37 - 2013-04-23 19:37 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-04-23 19:37 - 2013-04-23 19:37 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-04-23 19:37 - 2013-04-23 19:37 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 01129984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-04-23 19:37 - 2013-04-23 19:37 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-04-23 19:37 - 2013-04-23 19:37 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-04-23 19:37 - 2013-04-23 19:37 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-04-23 19:37 - 2013-04-23 19:37 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-04-23 19:37 - 2013-04-23 19:37 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-04-23 19:37 - 2013-04-23 19:37 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-04-23 19:37 - 2013-04-23 19:37 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-04-23 19:37 - 2013-04-23 19:37 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-04-23 19:37 - 2013-04-23 19:37 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-04-23 19:37 - 2013-04-23 19:37 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-04-23 19:37 - 2013-04-23 19:37 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-04-23 19:37 - 2013-04-23 19:37 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-04-23 19:37 - 2013-04-23 19:37 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-04-23 19:37 - 2013-04-23 19:37 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-04-23 19:37 - 2013-04-23 19:37 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-04-23 19:37 - 2013-04-23 19:37 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-04-23 19:37 - 2013-04-23 19:37 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-04-23 19:37 - 2013-04-23 19:37 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-04-23 19:37 - 2013-04-23 19:37 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-04-23 19:35 - 2013-04-23 19:39 - 00007187 ____A C:\Windows\IE10_main.log
2013-04-23 19:35 - 2012-08-23 09:13 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\rdpudd.dll
2013-04-23 19:35 - 2012-08-23 09:10 - 00019456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys
2013-04-23 19:35 - 2012-08-23 09:08 - 00030208 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbGD.sys
2013-04-23 19:35 - 2012-08-23 09:07 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys
2013-04-23 19:35 - 2012-08-23 08:47 - 00046592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2013-04-23 19:35 - 2012-08-23 08:46 - 00016896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2013-04-23 19:35 - 2012-08-23 08:41 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2013-04-23 19:35 - 2012-08-23 08:40 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2013-04-23 19:35 - 2012-08-23 08:24 - 00015360 ____A (Microsoft Corporation) C:\Windows\System32\RdpGroupPolicyExtension.dll
2013-04-23 19:35 - 2012-08-23 08:20 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\MsRdpWebAccess.dll
2013-04-23 19:35 - 2012-08-23 08:18 - 00037376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-04-23 19:35 - 2012-08-23 08:17 - 00018432 ____A (Microsoft Corporation) C:\Windows\System32\wksprtPS.dll
2013-04-23 19:35 - 2012-08-23 08:06 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbGDCoInstaller.dll
2013-04-23 19:35 - 2012-08-23 07:52 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-04-23 19:35 - 2012-08-23 06:20 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
2013-04-23 19:35 - 2012-08-23 06:15 - 00269312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-04-23 19:35 - 2012-08-23 06:14 - 00384000 ____A (Microsoft Corporation) C:\Windows\System32\wksprt.exe
2013-04-23 19:35 - 2012-08-23 06:12 - 00192000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2013-04-23 19:35 - 2012-08-23 05:54 - 00322560 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2013-04-23 19:35 - 2012-08-23 05:51 - 00228864 ____A (Microsoft Corporation) C:\Windows\System32\rdpendp_winip.dll
2013-04-23 19:35 - 2012-08-23 05:39 - 01048064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2013-04-23 19:35 - 2012-08-23 05:22 - 01123840 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe
2013-04-23 19:35 - 2012-08-23 04:51 - 03174912 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2013-04-23 19:35 - 2012-08-23 03:19 - 04916224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-04-23 19:35 - 2012-08-23 03:13 - 05773824 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-04-23 19:34 - 2013-04-23 19:34 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_dc3d_01011.Wdf
2013-04-23 19:32 - 2012-08-24 13:13 - 00154480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2013-04-23 19:32 - 2012-08-24 13:09 - 00458712 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2013-04-23 19:32 - 2012-08-24 13:05 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-04-23 19:32 - 2012-08-24 13:03 - 01448448 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2013-04-23 19:32 - 2012-08-24 11:57 - 00247808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-04-23 19:32 - 2012-08-24 11:57 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-04-23 19:32 - 2012-08-24 11:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-04-23 17:38 - 2013-04-12 09:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-11 18:01 - 2013-05-11 09:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-05-11 21:04 - 2013-05-11 21:04 - 01875978 ____A (Farbar) C:\Users\Christopher Moser\Desktop\FRST64.exe
2013-05-11 21:04 - 2013-05-11 21:04 - 00000000 ____D C:\FRST
2013-05-11 21:01 - 2012-08-20 23:25 - 00000000 ____D C:\Users\Christopher Moser\AppData\Local\Deployment
2013-05-11 20:07 - 2012-08-20 13:47 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-11 12:23 - 2009-07-13 23:45 - 00022912 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-11 12:23 - 2009-07-13 23:45 - 00022912 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-11 12:21 - 2009-07-14 00:13 - 00783334 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-11 12:15 - 2013-05-11 10:21 - 00000000 ____D C:\Users\Christopher Moser\Desktop\Clean Computer
2013-05-11 12:14 - 2012-08-20 18:54 - 00000000 ____A C:\Windows\System32\Drivers\lvuvc.hs
2013-05-11 12:14 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-11 12:14 - 2009-07-13 23:51 - 00044120 ____A C:\Windows\setupact.log
2013-05-11 12:13 - 2012-08-20 11:17 - 01237426 ____A C:\Windows\WindowsUpdate.log
2013-05-11 11:54 - 2012-08-20 19:24 - 00000000 ___HD C:\Users\Christopher Moser\.frostwire5
2013-05-11 11:46 - 2012-08-20 19:23 - 00000000 ____D C:\Program Files (x86)\FrostWire 5
2013-05-11 10:19 - 2013-05-11 10:19 - 00000000 ____D C:\Program Files (x86)\ESET
2013-05-11 10:06 - 2013-05-11 09:39 - 00001069 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-05-11 10:06 - 2013-05-11 09:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-11 09:50 - 2013-04-11 18:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-11 09:50 - 2010-11-20 22:47 - 00051994 ____A C:\Windows\PFRO.log
2013-05-10 19:53 - 2013-05-10 19:53 - 00002683 ____A C:\Users\Christopher Moser\Downloads\Tukui_ImprovedCurrency.zip
2013-05-10 18:29 - 2012-08-20 09:18 - 00000000 ____D C:\users\Christopher Moser
2013-05-10 16:38 - 2013-05-10 16:38 - 00000968 ____A C:\Windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
2013-05-10 16:38 - 2013-05-10 16:38 - 00000000 ____D C:\Users\Christopher Moser\AppData\Roaming\LavasoftStatistics
2013-05-10 16:25 - 2013-05-10 16:25 - 00000000 ____D C:\Users\Christopher Moser\AppData\Local\adawarebp
2013-05-10 16:25 - 2013-05-10 16:25 - 00000000 ____D C:\ProgramData\Downloaded Installations
2013-05-10 16:25 - 2013-05-10 16:25 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2013-05-10 16:24 - 2013-05-10 16:24 - 00000000 ____D C:\Program Files (x86)\Toolbar Cleaner
2013-05-10 16:22 - 2013-05-10 16:22 - 00014456 ____A (GFI Software) C:\Windows\System32\Drivers\gfibto.sys
2013-05-10 16:21 - 2013-05-10 16:21 - 05577352 ____A (Lavasoft Limited) C:\Users\Christopher Moser\Downloads\Adaware_Installer.exe
2013-05-10 15:54 - 2009-07-14 00:08 - 00032596 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-05-09 23:14 - 2012-08-20 23:23 - 00000000 ____D C:\Users\Christopher Moser\AppData\Local\CrashDumps
2013-05-09 17:31 - 2013-05-09 17:30 - 00003990 ____A C:\Windows\SysWOW64\jupdate-1.7.0_21-b11.log
2013-05-09 17:31 - 2013-03-05 11:14 - 00000000 ____D C:\Program Files (x86)\Java
2013-05-09 17:27 - 2013-05-07 09:04 - 00000000 ____D C:\Users\Christopher Moser\AppData\Local\LogiShrd
2013-05-08 18:46 - 2013-05-08 18:46 - 00000000 ____D C:\Users\Christopher Moser\AppData\Local\Tukui
2013-05-08 18:45 - 2013-05-08 18:45 - 01290451 ____A C:\Users\Christopher Moser\Downloads\tc2240.zip
2013-05-08 18:45 - 2013-05-08 18:45 - 00002573 ____A C:\Users\Public\Desktop\Tukui Client.lnk
2013-05-08 18:45 - 2013-05-08 18:45 - 00000000 ____D C:\Program Files (x86)\Tukui
2013-05-08 18:45 - 2013-02-15 22:48 - 00000000 ____D C:\Users\Christopher Moser\AppData\Local\Downloaded Installations
2013-05-07 21:44 - 2013-05-07 21:44 - 00000000 ____D C:\Users\Christopher Moser\AppData\Roaming\Aeria Games & Entertainment
2013-05-07 21:44 - 2013-05-07 21:44 - 00000000 ____D C:\Program Files (x86)\Aeria Games
2013-05-07 21:44 - 2013-04-28 15:10 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2013-05-07 09:04 - 2013-02-24 15:10 - 00000000 ____D C:\Users\Christopher Moser\AppData\Local\SCE
2013-05-05 12:22 - 2012-09-02 19:33 - 00777058 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-05-04 21:16 - 2013-05-04 21:15 - 00000000 ____D C:\Users\Christopher Moser\AppData\Roaming\Notepad++
2013-05-04 21:16 - 2013-05-04 21:15 - 00000000 ____D C:\Program Files (x86)\Notepad++
2013-05-04 21:04 - 2013-05-04 21:04 - 00000000 ____D C:\Users\Christopher Moser\AppData\Local\Sony Online Entertainment
2013-05-04 20:35 - 2013-05-04 20:35 - 00000000 ____D C:\ProgramData\StarApp
2013-05-04 20:32 - 2013-05-04 20:32 - 00000000 ____D C:\ProgramData\continnuetosavve
2013-05-03 18:06 - 2012-08-20 23:43 - 00000000 ____D C:\Users\Christopher Moser\Documents\Outlook Files
2013-05-02 22:19 - 2013-05-02 22:19 - 00018084 ____A C:\Users\Christopher Moser\Downloads\ElvUI_DTBars.zip
2013-05-02 19:26 - 2013-05-02 19:26 - 00039698 ____A C:\Users\Christopher Moser\Downloads\Tukui_ElvUI_PetBattleHUD-1.16.zip
2013-05-02 07:57 - 2013-05-02 07:57 - 02246768 ____A C:\Users\Christopher Moser\Downloads\elvui-5.99.zip
2013-04-30 07:03 - 2012-08-20 13:51 - 00000000 ____D C:\ProgramData\Norton
2013-04-30 07:02 - 2013-04-30 07:02 - 00000000 ____D C:\Windows\System32\Drivers\NSTx64
2013-04-30 07:02 - 2013-04-30 07:02 - 00000000 ____D C:\Program Files (x86)\Norton Identity Safe
2013-04-30 07:02 - 2012-08-20 13:51 - 00000000 ____D C:\Windows\System32\Drivers\NAVx64
2013-04-30 05:56 - 2012-08-20 13:51 - 00177312 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2013-04-30 05:56 - 2012-08-20 13:51 - 00007466 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
2013-04-30 05:56 - 2012-08-20 13:51 - 00000000 ____D C:\Program Files\Symantec
2013-04-30 00:56 - 2013-04-30 00:56 - 00000000 ____D C:\Users\Public\Downloads\Norton
2013-04-28 15:15 - 2013-04-28 15:15 - 00000000 ____D C:\Users\Christopher Moser\AppData\Local\Aeria Games
2013-04-28 15:15 - 2013-04-28 15:15 - 00000000 ____D C:\ProgramData\Aeria Games
2013-04-28 15:14 - 2013-02-24 15:08 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-04-28 15:14 - 2013-02-24 15:07 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-04-28 15:10 - 2013-04-28 14:47 - 00000000 ____D C:\AeriaGames
2013-04-28 14:47 - 2013-04-28 14:47 - 00000000 ____D C:\Users\Christopher Moser\AppData\Local\Akamai
2013-04-28 14:46 - 2013-04-28 14:46 - 00551448 ____A (Aeria Games & Entertainment) C:\Users\Christopher Moser\Downloads\scarletblade_us_downloader.exe
2013-04-24 00:19 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-04-23 19:43 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-04-23 19:39 - 2013-04-23 19:35 - 00007187 ____A C:\Windows\IE10_main.log
2013-04-23 19:37 - 2013-04-23 19:37 - 19230208 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 14323200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 13761024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-04-23 19:37 - 2013-04-23 19:37 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-04-23 19:37 - 2013-04-23 19:37 - 02647040 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 02240512 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 02046464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 01766912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-04-23 19:37 - 2013-04-23 19:37 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-04-23 19:37 - 2013-04-23 19:37 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-04-23 19:37 - 2013-04-23 19:37 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-04-23 19:37 - 2013-04-23 19:37 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 01129984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-04-23 19:37 - 2013-04-23 19:37 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-04-23 19:37 - 2013-04-23 19:37 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-04-23 19:37 - 2013-04-23 19:37 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-04-23 19:37 - 2013-04-23 19:37 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-04-23 19:37 - 2013-04-23 19:37 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-04-23 19:37 - 2013-04-23 19:37 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-04-23 19:37 - 2013-04-23 19:37 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-04-23 19:37 - 2013-04-23 19:37 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-04-23 19:37 - 2013-04-23 19:37 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-04-23 19:37 - 2013-04-23 19:37 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-04-23 19:37 - 2013-04-23 19:37 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-04-23 19:37 - 2013-04-23 19:37 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-04-23 19:37 - 2013-04-23 19:37 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-04-23 19:37 - 2013-04-23 19:37 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-04-23 19:37 - 2013-04-23 19:37 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-04-23 19:37 - 2013-04-23 19:37 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-04-23 19:37 - 2013-04-23 19:37 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-04-23 19:37 - 2013-04-23 19:37 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-04-23 19:37 - 2013-04-23 19:37 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-04-23 19:37 - 2013-04-23 19:37 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-04-23 19:34 - 2013-04-23 19:34 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_dc3d_01011.Wdf
2013-04-18 21:59 - 2012-08-20 13:46 - 00000000 ____D C:\ProgramData\Adobe
2013-04-18 21:58 - 2012-08-20 13:47 - 00691592 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-04-18 21:58 - 2012-08-20 13:47 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-04-14 10:25 - 2012-09-09 11:50 - 00000000 ____D C:\Program Files (x86)\PlayerScore
2013-04-14 10:21 - 2012-08-20 19:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-04-12 09:45 - 2013-04-23 17:38 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-11 09:22 - 2011-01-07 15:39 - 00770384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll
2013-04-11 09:22 - 2011-01-07 15:39 - 00421200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll

Other Malware:
===========
C:\ProgramData\uninstaller.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


Last Boot: 2013-05-04 00:55

==================== End Of Log ============================

Attached Files


Edited by Thanatoid, 11 May 2013 - 09:16 PM.


#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:38 AM

Posted 12 May 2013 - 10:46 AM

Please do this next:

icon11.gif   Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it in the same location as FRST (usually your desktop) as fixlist.txt

C:\ProgramData\uninstaller.exe

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now run FRST again.
  • When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
  • The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

icon11.gif  Go to this page and download Malwarebytes Anti-Rootkit (MBAR)

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • MBAR will create logs that you will find in the same folder you found MBAR.exe.  Please post those for me to review.

Please include the following in your next post:

  • fixlog.txt log
  • MBAR log

 


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 Thanatoid

Thanatoid
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 12 May 2013 - 12:27 PM

Completed the required tasks and its looking better so far, the notifications were spamming me about 1 every 3-5 secs and I havent seen another one after the cleanup. Posting logs for your review.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-05-2013 01
Ran by Christopher Moser at 2013-05-12 11:52:08 Run:1
Running from C:\Users\Christopher Moser\Desktop
Boot Mode: Normal
==============================================

C:\ProgramData\uninstaller.exe => Moved successfully.

==== End of Fixlog ====

 

Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.05.12.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
Christopher Moser :: CHRISTOPHERMOSE [administrator]

5/12/2013 12:03:24 PM
mbar-log-2013-05-12 (12-03-24).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 30904
Time elapsed: 8 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\MBR_0_infected.mbam (Unknown Rootkit MBR Infection) -> Delete on reboot.
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Sector_0_1953524908_user.mbam (Forged physical sector) -> Delete on reboot.

(end)
 

 

Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.05.12.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
Christopher Moser :: CHRISTOPHERMOSE [administrator]

5/12/2013 12:21:04 PM
mbar-log-2013-05-12 (12-21-04).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 30886
Time elapsed: 7 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 


Edited by Thanatoid, 12 May 2013 - 12:28 PM.


#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:38 AM

Posted 12 May 2013 - 03:38 PM

Please do this next:

icon11.gif   Download AdwCleaner from  here and save it to your desktop.

  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply

icon11.gif   Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

icon11.gif  Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.

Please include the following in your next post:
  • AdwCleaner log
  • JRT log
  • ESET log
  • How is the computer running?


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#7 Thanatoid

Thanatoid
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 12 May 2013 - 05:42 PM

Ok ran the new scans. The computer seems to be better although i am now getting Malwarebytes notifications saying "Malwarebytes Anti-Malwarebytes has Successfully blocked access to a potentially malicious website 109.236.82.107 (not always same IP, just the one that was on bubble as typing this) Type: outgoing Port: 9872 (once again not always same port),  Process: iexplore.exe (always same process).  They are not as frequent as when we started but still a pretty steady stream of notifications. Seems to change the process from svchost.exe to iexplore.exe. Posting logs for your review.

 

# AdwCleaner v2.300 - Logfile created 05/12/2013 at 15:59:43
# Updated 28/04/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Christopher Moser - CHRISTOPHERMOSE
# Boot Mode : Normal
# Running from : C:\Users\Christopher Moser\Desktop\Clean Computer\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\Christopher Moser\AppData\Roaming\Mozilla\Firefox\Profiles\qicu5ppi.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Christopher Moser\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S5].txt - [893 octets] - [12/05/2013 15:59:43]

########## EOF - C:\AdwCleaner[S5].txt - [952 octets] ##########

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Christopher Moser on Sun 05/12/2013 at 16:03:09.71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\searchprotection
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] "HKEY_CURRENT_USER\Software\Microsoft\internet explorer\internetregistry\registry\user\S-1-5-21-279938351-3769433634-3789001282-1000\software\web assistant"
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A0E61AB5-4E2E-4F5B-8020-773EDBCD67BE}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Christopher Moser\appdata\local\adawarebp"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ FireFox

Successfully deleted the following from C:\Users\Christopher Moser\AppData\Roaming\mozilla\firefox\profiles\qicu5ppi.default\prefs.js

user_pref("browser.search.defaultenginename", "SecureSearch");
Emptied folder: C:\Users\Christopher Moser\AppData\Roaming\mozilla\firefox\profiles\qicu5ppi.default\minidumps [189 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 05/12/2013 at 16:11:09.66
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

ESET found no threats therefore no log was generated for me to publish for your review.


Edited by Thanatoid, 12 May 2013 - 05:44 PM.


#8 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:38 AM

Posted 12 May 2013 - 09:02 PM

Please do this next:

icon11.gif  Download TDSSKiller.zip and extract TDSSKiller.exe to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
  • If Malicious objects are found then ensure Cure is selected.  Important - If there is no option to "Cure" it is critical that you select "Skip"
  • Then click Continue > Reboot now
  • Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.2.7.1.0_19.01.2012_17.24.26_log.txt
  • Post that log, please.

Please include the following in your next post:
  • TDSSKiller log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#9 Thanatoid

Thanatoid
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 12 May 2013 - 09:23 PM

Ran the TDSSKiller program - No Malicious Objects found. Still recieving "Malwarebytes Anti-Malwarebytes has Successfully blocked access to a potentially malicious website 109.236.82.107 (not always same IP, just the one that was on bubble as typing this) Type: outgoing Port: 9872 (once again not always same port),  Process: iexplore.exe (always same process).

 

 

21:20:49.0766 12864  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:20:50.0280 12864  ============================================================
21:20:50.0280 12864  Current date / time: 2013/05/12 21:20:50.0280
21:20:50.0280 12864  SystemInfo:
21:20:50.0280 12864  
21:20:50.0280 12864  OS Version: 6.1.7601 ServicePack: 1.0
21:20:50.0280 12864  Product type: Workstation
21:20:50.0280 12864  ComputerName: CHRISTOPHERMOSE
21:20:50.0280 12864  UserName: Christopher Moser
21:20:50.0280 12864  Windows directory: C:\Windows
21:20:50.0280 12864  System windows directory: C:\Windows
21:20:50.0280 12864  Running under WOW64
21:20:50.0280 12864  Processor architecture: Intel x64
21:20:50.0280 12864  Number of processors: 4
21:20:50.0280 12864  Page size: 0x1000
21:20:50.0280 12864  Boot type: Normal boot
21:20:50.0280 12864  ============================================================
21:20:50.0873 12864  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:20:50.0920 12864  ============================================================
21:20:50.0920 12864  \Device\Harddisk0\DR0:
21:20:50.0920 12864  MBR partitions:
21:20:50.0920 12864  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:20:50.0920 12864  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
21:20:50.0920 12864  ============================================================
21:20:50.0936 12864  C: <-> \Device\Harddisk0\DR0\Partition2
21:20:50.0936 12864  ============================================================
21:20:50.0936 12864  Initialize success
21:20:50.0936 12864  ============================================================
21:21:23.0259 16188  ============================================================
21:21:23.0259 16188  Scan started
21:21:23.0259 16188  Mode: Manual; TDLFS;
21:21:23.0259 16188  ============================================================
21:21:23.0555 16188  ================ Scan system memory ========================
21:21:23.0555 16188  System memory - ok
21:21:23.0555 16188  ================ Scan services =============================
21:21:23.0649 16188  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
21:21:23.0649 16188  1394ohci - ok
21:21:23.0696 16188  [ 5E8EFEB338DEB1F485420B090FE6C85E ] ac.sharedstore  C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
21:21:23.0696 16188  ac.sharedstore - ok
21:21:23.0711 16188  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
21:21:23.0711 16188  ACPI - ok
21:21:23.0727 16188  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
21:21:23.0727 16188  AcpiPmi - ok
21:21:23.0805 16188  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:21:23.0820 16188  AdobeARMservice - ok
21:21:23.0898 16188  [ 479901C99FA62D1C3261B7ACB1228DAD ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:21:23.0898 16188  AdobeFlashPlayerUpdateSvc - ok
21:21:23.0930 16188  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
21:21:23.0945 16188  adp94xx - ok
21:21:23.0976 16188  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
21:21:23.0976 16188  adpahci - ok
21:21:23.0992 16188  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
21:21:23.0992 16188  adpu320 - ok
21:21:24.0023 16188  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
21:21:24.0023 16188  AeLookupSvc - ok
21:21:24.0054 16188  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
21:21:24.0070 16188  AFD - ok
21:21:24.0086 16188  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
21:21:24.0086 16188  agp440 - ok
21:21:24.0101 16188  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
21:21:24.0101 16188  ALG - ok
21:21:24.0117 16188  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
21:21:24.0117 16188  aliide - ok
21:21:24.0132 16188  [ A359974EAAC83A435497C52F62A2E590 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
21:21:24.0148 16188  AMD External Events Utility - ok
21:21:24.0164 16188  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
21:21:24.0164 16188  amdide - ok
21:21:24.0179 16188  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
21:21:24.0179 16188  AmdK8 - ok
21:21:24.0288 16188  [ 60216B0E704584DE6D5A9F59E9C34C47 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
21:21:24.0382 16188  amdkmdag - ok
21:21:24.0398 16188  [ 6B4E9261B613B047A9A145F328889968 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
21:21:24.0398 16188  amdkmdap - ok
21:21:24.0429 16188  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
21:21:24.0429 16188  AmdPPM - ok
21:21:24.0429 16188  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
21:21:24.0444 16188  amdsata - ok
21:21:24.0460 16188  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
21:21:24.0460 16188  amdsbs - ok
21:21:24.0476 16188  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
21:21:24.0476 16188  amdxata - ok
21:21:24.0507 16188  [ 352476C98EF3952563A14F767491BBA9 ] amd_sata        C:\Windows\system32\DRIVERS\amd_sata.sys
21:21:24.0507 16188  amd_sata - ok
21:21:24.0522 16188  [ F4805C309FE48D6939147FE5CCDB1AD4 ] amd_xata        C:\Windows\system32\DRIVERS\amd_xata.sys
21:21:24.0522 16188  amd_xata - ok
21:21:24.0538 16188  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
21:21:24.0554 16188  AppID - ok
21:21:24.0569 16188  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
21:21:24.0569 16188  AppIDSvc - ok
21:21:24.0585 16188  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
21:21:24.0585 16188  Appinfo - ok
21:21:24.0632 16188  [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:21:24.0632 16188  Apple Mobile Device - ok
21:21:24.0663 16188  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
21:21:24.0663 16188  arc - ok
21:21:24.0710 16188  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
21:21:24.0710 16188  arcsas - ok
21:21:24.0788 16188  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:21:24.0788 16188  aspnet_state - ok
21:21:24.0819 16188  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
21:21:24.0819 16188  AsyncMac - ok
21:21:24.0834 16188  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
21:21:24.0834 16188  atapi - ok
21:21:24.0866 16188  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:21:24.0881 16188  AudioEndpointBuilder - ok
21:21:24.0897 16188  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
21:21:24.0897 16188  AudioSrv - ok
21:21:24.0928 16188  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
21:21:24.0928 16188  AxInstSV - ok
21:21:24.0944 16188  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
21:21:24.0959 16188  b06bdrv - ok
21:21:24.0975 16188  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
21:21:24.0990 16188  b57nd60a - ok
21:21:25.0006 16188  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
21:21:25.0006 16188  BDESVC - ok
21:21:25.0022 16188  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
21:21:25.0022 16188  Beep - ok
21:21:25.0037 16188  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
21:21:25.0053 16188  BFE - ok
21:21:25.0193 16188  [ 7B56A40EAAACF1867FF178501D3EA185 ] BHDrvx64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.1.22\Definitions\BASHDefs\20130502.001\BHDrvx64.sys
21:21:25.0224 16188  BHDrvx64 - ok
21:21:25.0271 16188  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
21:21:25.0287 16188  BITS - ok
21:21:25.0287 16188  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
21:21:25.0287 16188  blbdrive - ok
21:21:25.0318 16188  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:21:25.0318 16188  Bonjour Service - ok
21:21:25.0334 16188  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
21:21:25.0334 16188  bowser - ok
21:21:25.0349 16188  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
21:21:25.0349 16188  BrFiltLo - ok
21:21:25.0365 16188  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
21:21:25.0365 16188  BrFiltUp - ok
21:21:25.0396 16188  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
21:21:25.0396 16188  Browser - ok
21:21:25.0412 16188  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
21:21:25.0412 16188  Brserid - ok
21:21:25.0427 16188  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
21:21:25.0427 16188  BrSerWdm - ok
21:21:25.0443 16188  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
21:21:25.0443 16188  BrUsbMdm - ok
21:21:25.0443 16188  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
21:21:25.0443 16188  BrUsbSer - ok
21:21:25.0474 16188  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
21:21:25.0474 16188  BTHMODEM - ok
21:21:25.0474 16188  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
21:21:25.0490 16188  bthserv - ok
21:21:25.0552 16188  [ 248C952C82DF1E23775432774CBB20F1 ] ccSet_NAV       C:\Windows\system32\drivers\NAVx64\1403010.016\ccSetx64.sys
21:21:25.0552 16188  ccSet_NAV - ok
21:21:25.0599 16188  [ 248C952C82DF1E23775432774CBB20F1 ] ccSet_NST       C:\Windows\system32\drivers\NSTx64\7DD03030.013\ccSetx64.sys
21:21:25.0614 16188  ccSet_NST - ok
21:21:25.0630 16188  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
21:21:25.0630 16188  cdfs - ok
21:21:25.0661 16188  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
21:21:25.0661 16188  cdrom - ok
21:21:25.0677 16188  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
21:21:25.0677 16188  CertPropSvc - ok
21:21:25.0692 16188  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
21:21:25.0692 16188  circlass - ok
21:21:25.0708 16188  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
21:21:25.0708 16188  CLFS - ok
21:21:25.0755 16188  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:21:25.0755 16188  clr_optimization_v2.0.50727_32 - ok
21:21:25.0786 16188  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:21:25.0786 16188  clr_optimization_v2.0.50727_64 - ok
21:21:25.0833 16188  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:21:25.0833 16188  clr_optimization_v4.0.30319_32 - ok
21:21:25.0833 16188  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:21:25.0848 16188  clr_optimization_v4.0.30319_64 - ok
21:21:25.0864 16188  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
21:21:25.0864 16188  CmBatt - ok
21:21:25.0880 16188  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
21:21:25.0880 16188  cmdide - ok
21:21:25.0911 16188  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
21:21:25.0926 16188  CNG - ok
21:21:25.0958 16188  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
21:21:25.0958 16188  Compbatt - ok
21:21:25.0973 16188  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
21:21:25.0973 16188  CompositeBus - ok
21:21:25.0973 16188  COMSysApp - ok
21:21:26.0004 16188  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
21:21:26.0004 16188  crcdisk - ok
21:21:26.0036 16188  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
21:21:26.0036 16188  CryptSvc - ok
21:21:26.0067 16188  [ BA25D4B9B067248F7CAC416E855D706B ] dc3d            C:\Windows\system32\DRIVERS\dc3d.sys
21:21:26.0067 16188  dc3d - ok
21:21:26.0098 16188  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
21:21:26.0114 16188  DcomLaunch - ok
21:21:26.0129 16188  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
21:21:26.0145 16188  defragsvc - ok
21:21:26.0160 16188  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
21:21:26.0160 16188  DfsC - ok
21:21:26.0176 16188  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
21:21:26.0176 16188  Dhcp - ok
21:21:26.0192 16188  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
21:21:26.0192 16188  discache - ok
21:21:26.0207 16188  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
21:21:26.0207 16188  Disk - ok
21:21:26.0223 16188  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
21:21:26.0238 16188  Dnscache - ok
21:21:26.0270 16188  [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
21:21:26.0270 16188  DockLoginService - ok
21:21:26.0285 16188  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
21:21:26.0301 16188  dot3svc - ok
21:21:26.0332 16188  [ B42ED0320C6E41102FDE0005154849BB ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
21:21:26.0332 16188  Dot4 - ok
21:21:26.0363 16188  [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
21:21:26.0363 16188  Dot4Print - ok
21:21:26.0379 16188  [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
21:21:26.0379 16188  dot4usb - ok
21:21:26.0394 16188  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
21:21:26.0394 16188  DPS - ok
21:21:26.0426 16188  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
21:21:26.0426 16188  drmkaud - ok
21:21:26.0457 16188  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
21:21:26.0472 16188  DXGKrnl - ok
21:21:26.0488 16188  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
21:21:26.0488 16188  EapHost - ok
21:21:26.0550 16188  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
21:21:26.0582 16188  ebdrv - ok
21:21:26.0628 16188  [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
21:21:26.0644 16188  eeCtrl - ok
21:21:26.0675 16188  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
21:21:26.0675 16188  EFS - ok
21:21:26.0722 16188  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
21:21:26.0722 16188  ehRecvr - ok
21:21:26.0738 16188  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
21:21:26.0738 16188  ehSched - ok
21:21:26.0769 16188  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
21:21:26.0769 16188  elxstor - ok
21:21:26.0784 16188  [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
21:21:26.0784 16188  EraserUtilRebootDrv - ok
21:21:26.0800 16188  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
21:21:26.0800 16188  ErrDev - ok
21:21:26.0831 16188  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
21:21:26.0831 16188  EventSystem - ok
21:21:26.0847 16188  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
21:21:26.0862 16188  exfat - ok
21:21:26.0878 16188  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
21:21:26.0878 16188  fastfat - ok
21:21:26.0909 16188  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
21:21:26.0909 16188  Fax - ok
21:21:26.0925 16188  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
21:21:26.0925 16188  fdc - ok
21:21:26.0940 16188  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
21:21:26.0940 16188  fdPHost - ok
21:21:26.0940 16188  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
21:21:26.0956 16188  FDResPub - ok
21:21:26.0956 16188  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
21:21:26.0956 16188  FileInfo - ok
21:21:26.0972 16188  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
21:21:26.0972 16188  Filetrace - ok
21:21:26.0987 16188  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
21:21:26.0987 16188  flpydisk - ok
21:21:27.0003 16188  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
21:21:27.0003 16188  FltMgr - ok
21:21:27.0050 16188  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
21:21:27.0081 16188  FontCache - ok
21:21:27.0112 16188  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:21:27.0112 16188  FontCache3.0.0.0 - ok
21:21:27.0128 16188  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
21:21:27.0128 16188  FsDepends - ok
21:21:27.0143 16188  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
21:21:27.0159 16188  Fs_Rec - ok
21:21:27.0190 16188  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
21:21:27.0190 16188  fvevol - ok
21:21:27.0206 16188  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
21:21:27.0206 16188  gagp30kx - ok
21:21:27.0237 16188  [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:21:27.0237 16188  GEARAspiWDM - ok
21:21:27.0284 16188  [ 14908F4F9005C29DE8F5587E271390EE ] gfibto          C:\Windows\system32\drivers\gfibto.sys
21:21:27.0284 16188  gfibto - ok
21:21:27.0315 16188  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
21:21:27.0330 16188  gpsvc - ok
21:21:27.0346 16188  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
21:21:27.0346 16188  hcw85cir - ok
21:21:27.0377 16188  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:21:27.0377 16188  HdAudAddService - ok
21:21:27.0393 16188  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
21:21:27.0408 16188  HDAudBus - ok
21:21:27.0424 16188  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
21:21:27.0424 16188  HidBatt - ok
21:21:27.0440 16188  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
21:21:27.0440 16188  HidBth - ok
21:21:27.0455 16188  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
21:21:27.0455 16188  HidIr - ok
21:21:27.0471 16188  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
21:21:27.0471 16188  hidserv - ok
21:21:27.0486 16188  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
21:21:27.0486 16188  HidUsb - ok
21:21:27.0518 16188  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
21:21:27.0518 16188  hkmsvc - ok
21:21:27.0533 16188  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:21:27.0533 16188  HomeGroupListener - ok
21:21:27.0564 16188  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:21:27.0564 16188  HomeGroupProvider - ok
21:21:27.0642 16188  [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
21:21:27.0642 16188  hpqcxs08 - ok
21:21:27.0658 16188  [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
21:21:27.0674 16188  hpqddsvc - ok
21:21:27.0674 16188  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
21:21:27.0689 16188  HpSAMD - ok
21:21:27.0705 16188  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
21:21:27.0720 16188  HTTP - ok
21:21:27.0736 16188  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
21:21:27.0736 16188  hwpolicy - ok
21:21:27.0752 16188  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
21:21:27.0752 16188  i8042prt - ok
21:21:27.0783 16188  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
21:21:27.0783 16188  iaStorV - ok
21:21:27.0830 16188  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:21:27.0845 16188  idsvc - ok
21:21:27.0923 16188  [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.1.22\Definitions\IPSDefs\20130510.001\IDSvia64.sys
21:21:27.0939 16188  IDSVia64 - ok
21:21:27.0970 16188  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
21:21:27.0970 16188  iirsp - ok
21:21:28.0001 16188  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
21:21:28.0017 16188  IKEEXT - ok
21:21:28.0048 16188  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
21:21:28.0048 16188  intelide - ok
21:21:28.0048 16188  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
21:21:28.0064 16188  intelppm - ok
21:21:28.0079 16188  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
21:21:28.0079 16188  IPBusEnum - ok
21:21:28.0095 16188  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:21:28.0095 16188  IpFilterDriver - ok
21:21:28.0142 16188  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
21:21:28.0142 16188  iphlpsvc - ok
21:21:28.0157 16188  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
21:21:28.0157 16188  IPMIDRV - ok
21:21:28.0173 16188  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
21:21:28.0173 16188  IPNAT - ok
21:21:28.0220 16188  [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
21:21:28.0235 16188  iPod Service - ok
21:21:28.0251 16188  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
21:21:28.0251 16188  IRENUM - ok
21:21:28.0266 16188  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
21:21:28.0266 16188  isapnp - ok
21:21:28.0282 16188  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
21:21:28.0282 16188  iScsiPrt - ok
21:21:28.0313 16188  [ D85F3F18E44F7447B5F1BA5C85BAEB7C ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
21:21:28.0313 16188  k57nd60a - ok
21:21:28.0329 16188  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
21:21:28.0329 16188  kbdclass - ok
21:21:28.0344 16188  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
21:21:28.0344 16188  kbdhid - ok
21:21:28.0360 16188  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
21:21:28.0360 16188  KeyIso - ok
21:21:28.0376 16188  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
21:21:28.0376 16188  KSecDD - ok
21:21:28.0422 16188  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
21:21:28.0422 16188  KSecPkg - ok
21:21:28.0438 16188  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
21:21:28.0438 16188  ksthunk - ok
21:21:28.0469 16188  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
21:21:28.0469 16188  KtmRm - ok
21:21:28.0500 16188  [ CE4347E2D90DB2E5517B6F2BC720A862 ] LADF_CaptureOnly C:\Windows\system32\DRIVERS\ladfGSCamd64.sys
21:21:28.0516 16188  LADF_CaptureOnly - ok
21:21:28.0532 16188  [ 85A9D21D3AE2EA963E111CB150895877 ] LADF_RenderOnly C:\Windows\system32\DRIVERS\ladfGSRamd64.sys
21:21:28.0532 16188  LADF_RenderOnly - ok
21:21:28.0563 16188  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
21:21:28.0578 16188  LanmanServer - ok
21:21:28.0594 16188  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:21:28.0594 16188  LanmanWorkstation - ok
21:21:28.0625 16188  [ FA529FB35694C24BF98A9EF67C1CD9D0 ] LGBusEnum       C:\Windows\system32\drivers\LGBusEnum.sys
21:21:28.0625 16188  LGBusEnum - ok
21:21:28.0656 16188  [ 94B29CE153765E768F004FB3440BE2B0 ] LGVirHid        C:\Windows\system32\drivers\LGVirHid.sys
21:21:28.0656 16188  LGVirHid - ok
21:21:28.0672 16188  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
21:21:28.0672 16188  lltdio - ok
21:21:28.0703 16188  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
21:21:28.0703 16188  lltdsvc - ok
21:21:28.0719 16188  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
21:21:28.0719 16188  lmhosts - ok
21:21:28.0734 16188  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
21:21:28.0734 16188  LSI_FC - ok
21:21:28.0750 16188  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
21:21:28.0750 16188  LSI_SAS - ok
21:21:28.0781 16188  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
21:21:28.0781 16188  LSI_SAS2 - ok
21:21:28.0797 16188  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
21:21:28.0797 16188  LSI_SCSI - ok
21:21:28.0812 16188  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
21:21:28.0812 16188  luafv - ok
21:21:28.0859 16188  [ 0C85B2B6FB74B36A251792D45E0EF860 ] LVRS64          C:\Windows\system32\DRIVERS\lvrs64.sys
21:21:28.0859 16188  LVRS64 - ok
21:21:28.0953 16188  [ FF3A488924B0032B1A9CA6948C1FA9E8 ] LVUVC64         C:\Windows\system32\DRIVERS\lvuvc64.sys
21:21:29.0000 16188  LVUVC64 - ok
21:21:29.0031 16188  [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
21:21:29.0031 16188  MBAMProtector - ok
21:21:29.0078 16188  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
21:21:29.0093 16188  MBAMScheduler - ok
21:21:29.0109 16188  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:21:29.0124 16188  MBAMService - ok
21:21:29.0140 16188  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
21:21:29.0156 16188  Mcx2Svc - ok
21:21:29.0171 16188  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
21:21:29.0171 16188  megasas - ok
21:21:29.0187 16188  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
21:21:29.0187 16188  MegaSR - ok
21:21:29.0202 16188  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
21:21:29.0202 16188  MMCSS - ok
21:21:29.0218 16188  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
21:21:29.0218 16188  Modem - ok
21:21:29.0249 16188  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
21:21:29.0249 16188  monitor - ok
21:21:29.0249 16188  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
21:21:29.0249 16188  mouclass - ok
21:21:29.0265 16188  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
21:21:29.0265 16188  mouhid - ok
21:21:29.0280 16188  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
21:21:29.0280 16188  mountmgr - ok
21:21:29.0296 16188  [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:21:29.0296 16188  MozillaMaintenance - ok
21:21:29.0312 16188  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
21:21:29.0312 16188  mpio - ok
21:21:29.0327 16188  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
21:21:29.0327 16188  mpsdrv - ok
21:21:29.0343 16188  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
21:21:29.0358 16188  MpsSvc - ok
21:21:29.0374 16188  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
21:21:29.0374 16188  MRxDAV - ok
21:21:29.0390 16188  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
21:21:29.0390 16188  mrxsmb - ok
21:21:29.0405 16188  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:21:29.0405 16188  mrxsmb10 - ok
21:21:29.0421 16188  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:21:29.0421 16188  mrxsmb20 - ok
21:21:29.0421 16188  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
21:21:29.0421 16188  msahci - ok
21:21:29.0436 16188  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
21:21:29.0436 16188  msdsm - ok
21:21:29.0452 16188  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
21:21:29.0452 16188  MSDTC - ok
21:21:29.0468 16188  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
21:21:29.0468 16188  Msfs - ok
21:21:29.0499 16188  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
21:21:29.0499 16188  mshidkmdf - ok
21:21:29.0514 16188  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
21:21:29.0514 16188  msisadrv - ok
21:21:29.0514 16188  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
21:21:29.0530 16188  MSiSCSI - ok
21:21:29.0530 16188  msiserver - ok
21:21:29.0546 16188  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
21:21:29.0546 16188  MSKSSRV - ok
21:21:29.0561 16188  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
21:21:29.0561 16188  MSPCLOCK - ok
21:21:29.0577 16188  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
21:21:29.0577 16188  MSPQM - ok
21:21:29.0592 16188  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
21:21:29.0592 16188  MsRPC - ok
21:21:29.0608 16188  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
21:21:29.0608 16188  mssmbios - ok
21:21:29.0624 16188  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
21:21:29.0624 16188  MSTEE - ok
21:21:29.0639 16188  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
21:21:29.0639 16188  MTConfig - ok
21:21:29.0639 16188  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
21:21:29.0639 16188  Mup - ok
21:21:29.0670 16188  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
21:21:29.0670 16188  napagent - ok
21:21:29.0702 16188  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
21:21:29.0702 16188  NativeWifiP - ok
21:21:29.0764 16188  [ 241BD3019FB31E812A51B31B06906335 ] NAV             C:\Program Files (x86)\Norton AntiVirus\Engine\20.3.1.22\ccSvcHst.exe
21:21:29.0764 16188  NAV - ok
21:21:29.0826 16188  [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG          C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.1.22\Definitions\VirusDefs\20130512.003\ENG64.SYS
21:21:29.0826 16188  NAVENG - ok
21:21:29.0889 16188  [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15         C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.1.22\Definitions\VirusDefs\20130512.003\EX64.SYS
21:21:29.0920 16188  NAVEX15 - ok
21:21:29.0967 16188  [ 241BD3019FB31E812A51B31B06906335 ] NCO             C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.3.19\ccSvcHst.exe
21:21:29.0967 16188  NCO - ok
21:21:30.0029 16188  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
21:21:30.0045 16188  NDIS - ok
21:21:30.0060 16188  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
21:21:30.0060 16188  NdisCap - ok
21:21:30.0076 16188  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
21:21:30.0092 16188  NdisTapi - ok
21:21:30.0107 16188  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
21:21:30.0107 16188  Ndisuio - ok
21:21:30.0123 16188  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
21:21:30.0123 16188  NdisWan - ok
21:21:30.0138 16188  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
21:21:30.0138 16188  NDProxy - ok
21:21:30.0201 16188  [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
21:21:30.0201 16188  Net Driver HPZ12 - ok
21:21:30.0201 16188  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
21:21:30.0201 16188  NetBIOS - ok
21:21:30.0232 16188  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
21:21:30.0232 16188  NetBT - ok
21:21:30.0248 16188  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
21:21:30.0248 16188  Netlogon - ok
21:21:30.0279 16188  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
21:21:30.0279 16188  Netman - ok
21:21:30.0310 16188  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:21:30.0310 16188  NetMsmqActivator - ok
21:21:30.0326 16188  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:21:30.0326 16188  NetPipeActivator - ok
21:21:30.0341 16188  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
21:21:30.0341 16188  netprofm - ok
21:21:30.0357 16188  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:21:30.0357 16188  NetTcpActivator - ok
21:21:30.0357 16188  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:21:30.0372 16188  NetTcpPortSharing - ok
21:21:30.0372 16188  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
21:21:30.0388 16188  nfrd960 - ok
21:21:30.0404 16188  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
21:21:30.0404 16188  NlaSvc - ok
21:21:30.0419 16188  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
21:21:30.0419 16188  Npfs - ok
21:21:30.0419 16188  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
21:21:30.0419 16188  nsi - ok
21:21:30.0435 16188  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
21:21:30.0435 16188  nsiproxy - ok
21:21:30.0482 16188  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
21:21:30.0513 16188  Ntfs - ok
21:21:30.0528 16188  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
21:21:30.0528 16188  Null - ok
21:21:30.0575 16188  [ B4F53BCA4C688FF47F04FA90098F896E ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
21:21:30.0575 16188  NVHDA - ok
21:21:30.0747 16188  [ 0A2F27B5BCC45B64E152DD6AE0815198 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:21:30.0887 16188  nvlddmkm - ok
21:21:30.0903 16188  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
21:21:30.0903 16188  nvraid - ok
21:21:30.0934 16188  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
21:21:30.0934 16188  nvstor - ok
21:21:30.0950 16188  [ 574087EA9105F23FB522A4FDDD5292D9 ] nvsvc           C:\Windows\system32\nvvsvc.exe
21:21:30.0965 16188  nvsvc - ok
21:21:31.0043 16188  [ ABA5A88740635D37A2B6CEB27DBC738A ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
21:21:31.0074 16188  nvUpdatusService - ok
21:21:31.0090 16188  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
21:21:31.0090 16188  nv_agp - ok
21:21:31.0121 16188  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
21:21:31.0121 16188  ohci1394 - ok
21:21:31.0152 16188  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:21:31.0152 16188  ose - ok
21:21:31.0246 16188  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:21:31.0293 16188  osppsvc - ok
21:21:31.0324 16188  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
21:21:31.0324 16188  p2pimsvc - ok
21:21:31.0340 16188  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
21:21:31.0340 16188  p2psvc - ok
21:21:31.0355 16188  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
21:21:31.0355 16188  Parport - ok
21:21:31.0386 16188  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
21:21:31.0386 16188  partmgr - ok
21:21:31.0402 16188  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
21:21:31.0402 16188  PcaSvc - ok
21:21:31.0418 16188  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
21:21:31.0418 16188  pci - ok
21:21:31.0433 16188  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
21:21:31.0433 16188  pciide - ok
21:21:31.0433 16188  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
21:21:31.0449 16188  pcmcia - ok
21:21:31.0480 16188  [ AF7CE12C4F3DC8CB2B07685C916BBCFE ] pcouffin        C:\Windows\system32\Drivers\pcouffin.sys
21:21:31.0480 16188  pcouffin - ok
21:21:31.0496 16188  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
21:21:31.0496 16188  pcw - ok
21:21:31.0527 16188  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
21:21:31.0527 16188  PEAUTH - ok
21:21:31.0574 16188  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
21:21:31.0574 16188  PerfHost - ok
21:21:31.0620 16188  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
21:21:31.0636 16188  pla - ok
21:21:31.0667 16188  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
21:21:31.0667 16188  PlugPlay - ok
21:21:31.0714 16188  [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
21:21:31.0714 16188  Pml Driver HPZ12 - ok
21:21:31.0714 16188  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
21:21:31.0730 16188  PNRPAutoReg - ok
21:21:31.0730 16188  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
21:21:31.0730 16188  PNRPsvc - ok
21:21:31.0761 16188  [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64         C:\Windows\system32\DRIVERS\point64.sys
21:21:31.0761 16188  Point64 - ok
21:21:31.0792 16188  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
21:21:31.0792 16188  PolicyAgent - ok
21:21:31.0808 16188  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
21:21:31.0823 16188  Power - ok
21:21:31.0823 16188  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
21:21:31.0839 16188  PptpMiniport - ok
21:21:31.0839 16188  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
21:21:31.0839 16188  Processor - ok
21:21:31.0870 16188  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
21:21:31.0870 16188  ProfSvc - ok
21:21:31.0886 16188  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:21:31.0886 16188  ProtectedStorage - ok
21:21:31.0901 16188  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
21:21:31.0901 16188  Psched - ok
21:21:31.0964 16188  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
21:21:32.0026 16188  ql2300 - ok
21:21:32.0057 16188  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
21:21:32.0057 16188  ql40xx - ok
21:21:32.0088 16188  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
21:21:32.0088 16188  QWAVE - ok
21:21:32.0104 16188  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
21:21:32.0104 16188  QWAVEdrv - ok
21:21:32.0120 16188  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
21:21:32.0135 16188  RasAcd - ok
21:21:32.0151 16188  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
21:21:32.0151 16188  RasAgileVpn - ok
21:21:32.0166 16188  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
21:21:32.0166 16188  RasAuto - ok
21:21:32.0182 16188  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
21:21:32.0182 16188  Rasl2tp - ok
21:21:32.0198 16188  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
21:21:32.0198 16188  RasMan - ok
21:21:32.0213 16188  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
21:21:32.0213 16188  RasPppoe - ok
21:21:32.0229 16188  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
21:21:32.0229 16188  RasSstp - ok
21:21:32.0244 16188  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
21:21:32.0260 16188  rdbss - ok
21:21:32.0260 16188  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
21:21:32.0276 16188  rdpbus - ok
21:21:32.0291 16188  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
21:21:32.0291 16188  RDPCDD - ok
21:21:32.0307 16188  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
21:21:32.0307 16188  RDPENCDD - ok
21:21:32.0322 16188  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
21:21:32.0322 16188  RDPREFMP - ok
21:21:32.0385 16188  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
21:21:32.0385 16188  RdpVideoMiniport - ok
21:21:32.0400 16188  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
21:21:32.0400 16188  RDPWD - ok
21:21:32.0447 16188  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
21:21:32.0447 16188  rdyboost - ok
21:21:32.0478 16188  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
21:21:32.0478 16188  RemoteAccess - ok
21:21:32.0494 16188  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
21:21:32.0510 16188  RemoteRegistry - ok
21:21:32.0541 16188  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
21:21:32.0541 16188  RpcEptMapper - ok
21:21:32.0556 16188  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
21:21:32.0556 16188  RpcLocator - ok
21:21:32.0572 16188  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
21:21:32.0588 16188  RpcSs - ok
21:21:32.0619 16188  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
21:21:32.0619 16188  rspndr - ok
21:21:32.0634 16188  [ CD6D2BF0628589391BA6B60ABE064E5E ] S3XXx64         C:\Windows\system32\DRIVERS\S3XXx64.sys
21:21:32.0634 16188  S3XXx64 - ok
21:21:32.0650 16188  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
21:21:32.0650 16188  SamSs - ok
21:21:32.0666 16188  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
21:21:32.0666 16188  sbp2port - ok
21:21:32.0681 16188  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
21:21:32.0681 16188  SCardSvr - ok
21:21:32.0697 16188  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
21:21:32.0697 16188  scfilter - ok
21:21:32.0728 16188  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
21:21:32.0744 16188  Schedule - ok
21:21:32.0775 16188  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
21:21:32.0775 16188  SCPolicySvc - ok
21:21:32.0790 16188  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
21:21:32.0790 16188  SDRSVC - ok
21:21:32.0806 16188  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
21:21:32.0822 16188  secdrv - ok
21:21:32.0822 16188  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
21:21:32.0822 16188  seclogon - ok
21:21:32.0837 16188  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
21:21:32.0837 16188  SENS - ok
21:21:32.0853 16188  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
21:21:32.0853 16188  SensrSvc - ok
21:21:32.0868 16188  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
21:21:32.0868 16188  Serenum - ok
21:21:32.0884 16188  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
21:21:32.0884 16188  Serial - ok
21:21:32.0900 16188  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
21:21:32.0900 16188  sermouse - ok
21:21:32.0931 16188  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
21:21:32.0931 16188  SessionEnv - ok
21:21:32.0946 16188  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
21:21:32.0946 16188  sffdisk - ok
21:21:32.0962 16188  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
21:21:32.0962 16188  sffp_mmc - ok
21:21:32.0978 16188  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
21:21:32.0978 16188  sffp_sd - ok
21:21:32.0978 16188  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
21:21:32.0978 16188  sfloppy - ok
21:21:32.0993 16188  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
21:21:33.0009 16188  SharedAccess - ok
21:21:33.0009 16188  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:21:33.0024 16188  ShellHWDetection - ok
21:21:33.0040 16188  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
21:21:33.0040 16188  SiSRaid2 - ok
21:21:33.0056 16188  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
21:21:33.0056 16188  SiSRaid4 - ok
21:21:33.0134 16188  [ 5B43F0286A5106552004309DEB38BF93 ] slb             C:\AeriaGames\ScarletBlade\avital\scarlb64.sys
21:21:33.0149 16188  slb - ok
21:21:33.0165 16188  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
21:21:33.0180 16188  Smb - ok
21:21:33.0196 16188  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
21:21:33.0212 16188  SNMPTRAP - ok
21:21:33.0212 16188  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
21:21:33.0212 16188  spldr - ok
21:21:33.0243 16188  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
21:21:33.0258 16188  Spooler - ok
21:21:33.0305 16188  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
21:21:33.0352 16188  sppsvc - ok
21:21:33.0368 16188  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
21:21:33.0368 16188  sppuinotify - ok
21:21:33.0446 16188  [ 378A0748DE5ADF90BF9DB897DA8564E6 ] SRTSP           C:\Windows\System32\Drivers\NAVx64\1403010.016\SRTSP64.SYS
21:21:33.0461 16188  SRTSP - ok
21:21:33.0492 16188  [ 0E76CEF892C45734F7AED09FDDF35D4D ] SRTSPX          C:\Windows\system32\drivers\NAVx64\1403010.016\SRTSPX64.SYS
21:21:33.0492 16188  SRTSPX - ok
21:21:33.0508 16188  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
21:21:33.0524 16188  srv - ok
21:21:33.0539 16188  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
21:21:33.0539 16188  srv2 - ok
21:21:33.0555 16188  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
21:21:33.0555 16188  srvnet - ok
21:21:33.0570 16188  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
21:21:33.0570 16188  SSDPSRV - ok
21:21:33.0586 16188  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
21:21:33.0586 16188  SstpSvc - ok
21:21:33.0602 16188  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
21:21:33.0602 16188  stexstor - ok
21:21:33.0633 16188  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
21:21:33.0648 16188  stisvc - ok
21:21:33.0648 16188  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
21:21:33.0648 16188  swenum - ok
21:21:33.0664 16188  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
21:21:33.0680 16188  swprv - ok
21:21:33.0695 16188  [ E174C8BC572E93AEEE1036DEDAC5F225 ] SymDS           C:\Windows\system32\drivers\NAVx64\1403010.016\SYMDS64.SYS
21:21:33.0695 16188  SymDS - ok
21:21:33.0726 16188  [ 599872BAD7CFB45C7CE47CDED4B726D8 ] SymEFA          C:\Windows\system32\drivers\NAVx64\1403010.016\SYMEFA64.SYS
21:21:33.0742 16188  SymEFA - ok
21:21:33.0758 16188  [ F5D6D3B7468C46EA2DDC1D19D2A6DA0F ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
21:21:33.0758 16188  SymEvent - ok
21:21:33.0758 16188  [ ADF37F1A715D6C56C8E065FD8569A9A4 ] SymIRON         C:\Windows\system32\drivers\NAVx64\1403010.016\Ironx64.SYS
21:21:33.0773 16188  SymIRON - ok
21:21:33.0789 16188  [ 1605EBD8CB86AFC4430116065995279A ] SymNetS         C:\Windows\System32\Drivers\NAVx64\1403010.016\SYMNETS.SYS
21:21:33.0789 16188  SymNetS - ok
21:21:33.0820 16188  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
21:21:33.0836 16188  SysMain - ok
21:21:33.0851 16188  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:21:33.0851 16188  TabletInputService - ok
21:21:33.0867 16188  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
21:21:33.0867 16188  TapiSrv - ok
21:21:33.0882 16188  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
21:21:33.0898 16188  TBS - ok
21:21:33.0945 16188  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
21:21:33.0960 16188  Tcpip - ok
21:21:33.0992 16188  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
21:21:34.0007 16188  TCPIP6 - ok
21:21:34.0023 16188  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
21:21:34.0023 16188  tcpipreg - ok
21:21:34.0038 16188  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
21:21:34.0038 16188  TDPIPE - ok
21:21:34.0070 16188  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
21:21:34.0070 16188  TDTCP - ok
21:21:34.0085 16188  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
21:21:34.0085 16188  tdx - ok
21:21:34.0101 16188  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
21:21:34.0101 16188  TermDD - ok
21:21:34.0116 16188  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
21:21:34.0132 16188  TermService - ok
21:21:34.0132 16188  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
21:21:34.0132 16188  Themes - ok
21:21:34.0148 16188  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
21:21:34.0148 16188  THREADORDER - ok
21:21:34.0163 16188  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
21:21:34.0163 16188  TrkWks - ok
21:21:34.0194 16188  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:21:34.0194 16188  TrustedInstaller - ok
21:21:34.0210 16188  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
21:21:34.0210 16188  tssecsrv - ok
21:21:34.0257 16188  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
21:21:34.0257 16188  TsUsbFlt - ok
21:21:34.0288 16188  [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
21:21:34.0288 16188  TsUsbGD - ok
21:21:34.0319 16188  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
21:21:34.0319 16188  tunnel - ok
21:21:34.0335 16188  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
21:21:34.0335 16188  uagp35 - ok
21:21:34.0350 16188  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
21:21:34.0366 16188  udfs - ok
21:21:34.0382 16188  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
21:21:34.0382 16188  UI0Detect - ok
21:21:34.0397 16188  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
21:21:34.0397 16188  uliagpkx - ok
21:21:34.0413 16188  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
21:21:34.0413 16188  umbus - ok
21:21:34.0428 16188  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
21:21:34.0428 16188  UmPass - ok
21:21:34.0491 16188  [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv        C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
21:21:34.0491 16188  UMVPFSrv - ok
21:21:34.0522 16188  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
21:21:34.0538 16188  upnphost - ok
21:21:34.0553 16188  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
21:21:34.0553 16188  usbaudio - ok
21:21:34.0569 16188  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
21:21:34.0584 16188  usbccgp - ok
21:21:34.0600 16188  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
21:21:34.0600 16188  usbcir - ok
21:21:34.0631 16188  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
21:21:34.0631 16188  usbehci - ok
21:21:34.0647 16188  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
21:21:34.0647 16188  usbhub - ok
21:21:34.0662 16188  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
21:21:34.0662 16188  usbohci - ok
21:21:34.0678 16188  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
21:21:34.0678 16188  usbprint - ok
21:21:34.0709 16188  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
21:21:34.0709 16188  usbscan - ok
21:21:34.0709 16188  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:21:34.0709 16188  USBSTOR - ok
21:21:34.0725 16188  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
21:21:34.0725 16188  usbuhci - ok
21:21:34.0740 16188  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
21:21:34.0740 16188  UxSms - ok
21:21:34.0740 16188  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
21:21:34.0740 16188  VaultSvc - ok
21:21:34.0756 16188  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
21:21:34.0772 16188  vdrvroot - ok
21:21:34.0787 16188  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
21:21:34.0787 16188  vds - ok
21:21:34.0803 16188  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
21:21:34.0803 16188  vga - ok
21:21:34.0834 16188  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
21:21:34.0834 16188  VgaSave - ok
21:21:34.0834 16188  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
21:21:34.0850 16188  vhdmp - ok
21:21:34.0850 16188  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
21:21:34.0850 16188  viaide - ok
21:21:34.0865 16188  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
21:21:34.0865 16188  volmgr - ok
21:21:34.0881 16188  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
21:21:34.0896 16188  volmgrx - ok
21:21:34.0912 16188  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
21:21:34.0912 16188  volsnap - ok
21:21:34.0928 16188  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
21:21:34.0928 16188  vsmraid - ok
21:21:34.0959 16188  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
21:21:34.0990 16188  VSS - ok
21:21:34.0990 16188  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
21:21:34.0990 16188  vwifibus - ok
21:21:35.0006 16188  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
21:21:35.0021 16188  W32Time - ok
21:21:35.0037 16188  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
21:21:35.0037 16188  WacomPen - ok
21:21:35.0052 16188  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
21:21:35.0052 16188  WANARP - ok
21:21:35.0052 16188  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
21:21:35.0052 16188  Wanarpv6 - ok
21:21:35.0099 16188  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
21:21:35.0115 16188  WatAdminSvc - ok
21:21:35.0146 16188  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
21:21:35.0177 16188  wbengine - ok
21:21:35.0193 16188  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
21:21:35.0193 16188  WbioSrvc - ok
21:21:35.0208 16188  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
21:21:35.0208 16188  wcncsvc - ok
21:21:35.0224 16188  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:21:35.0224 16188  WcsPlugInService - ok
21:21:35.0240 16188  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
21:21:35.0240 16188  Wd - ok
21:21:35.0271 16188  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
21:21:35.0286 16188  Wdf01000 - ok
21:21:35.0286 16188  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
21:21:35.0286 16188  WdiServiceHost - ok
21:21:35.0302 16188  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
21:21:35.0302 16188  WdiSystemHost - ok
21:21:35.0302 16188  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
21:21:35.0318 16188  WebClient - ok
21:21:35.0318 16188  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
21:21:35.0333 16188  Wecsvc - ok
21:21:35.0349 16188  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
21:21:35.0349 16188  wercplsupport - ok
21:21:35.0364 16188  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
21:21:35.0364 16188  WerSvc - ok
21:21:35.0380 16188  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
21:21:35.0380 16188  WfpLwf - ok
21:21:35.0396 16188  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
21:21:35.0396 16188  WIMMount - ok
21:21:35.0411 16188  WinDefend - ok
21:21:35.0427 16188  WinHttpAutoProxySvc - ok
21:21:35.0442 16188  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
21:21:35.0442 16188  Winmgmt - ok
21:21:35.0474 16188  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
21:21:35.0505 16188  WinRM - ok
21:21:35.0536 16188  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
21:21:35.0552 16188  Wlansvc - ok
21:21:35.0567 16188  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
21:21:35.0567 16188  WmiAcpi - ok
21:21:35.0583 16188  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
21:21:35.0583 16188  wmiApSrv - ok
21:21:35.0598 16188  WMPNetworkSvc - ok
21:21:35.0614 16188  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
21:21:35.0630 16188  WPCSvc - ok
21:21:35.0630 16188  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
21:21:35.0645 16188  WPDBusEnum - ok
21:21:35.0645 16188  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
21:21:35.0645 16188  ws2ifsl - ok
21:21:35.0661 16188  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
21:21:35.0661 16188  wscsvc - ok
21:21:35.0661 16188  WSearch - ok
21:21:35.0708 16188  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
21:21:35.0739 16188  wuauserv - ok
21:21:35.0754 16188  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
21:21:35.0770 16188  WudfPf - ok
21:21:35.0770 16188  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
21:21:35.0770 16188  WUDFRd - ok
21:21:35.0786 16188  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
21:21:35.0786 16188  wudfsvc - ok
21:21:35.0801 16188  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
21:21:35.0817 16188  WwanSvc - ok
21:21:35.0817 16188  ================ Scan global ===============================
21:21:35.0832 16188  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:21:35.0864 16188  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
21:21:35.0864 16188  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
21:21:35.0879 16188  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:21:35.0895 16188  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:21:35.0910 16188  [Global] - ok
21:21:35.0910 16188  ================ Scan MBR ==================================
21:21:35.0910 16188  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:21:36.0176 16188  \Device\Harddisk0\DR0 - ok
21:21:36.0176 16188  ================ Scan VBR ==================================
21:21:36.0191 16188  [ 8A44B526DD9B664049A054A55641368B ] \Device\Harddisk0\DR0\Partition1
21:21:36.0191 16188  \Device\Harddisk0\DR0\Partition1 - ok
21:21:36.0191 16188  [ 85D25795CE1898470D78405CB778FA68 ] \Device\Harddisk0\DR0\Partition2
21:21:36.0207 16188  \Device\Harddisk0\DR0\Partition2 - ok
21:21:36.0207 16188  ============================================================
21:21:36.0207 16188  Scan finished
21:21:36.0207 16188  ============================================================
21:21:36.0222 5892  Detected object count: 0
21:21:36.0222 5892  Actual detected object count: 0


Edited by Thanatoid, 12 May 2013 - 09:25 PM.


#10 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:38 AM

Posted 12 May 2013 - 09:30 PM

Please do this next:

icon11.gif   Please download  Listparts64

  • Run the tool, click Scan and post the log (Result.txt) it makes.

icon11.gif  Download Combofix from HERE, and save it to your desktop.  

**Note:  It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.


  • If you have trouble, stop and post back.  Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.

.
Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registry key that has been marked for deletion" rebooting your computer will resolve the problem.

Please include the following in your next post:

  • ListParts log
  • ComboFix log

Edited by RPMcMurphy, 12 May 2013 - 09:30 PM.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#11 Thanatoid

Thanatoid
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 12 May 2013 - 10:25 PM

Here are the next 2 logs requested.

 

ListParts by Farbar Version: 10-05-2013
Ran by Christopher Moser (administrator) on 12-05-2013 at 21:34:25
Windows 7 (X64)
Running From: C:\Users\Christopher Moser\Desktop
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 42%
Total physical RAM: 6142.98 MB
Available physical RAM: 3515.16 MB
Total Pagefile: 12284.14 MB
Available Pagefile: 9134.47 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:931.41 GB) (Free:752.18 GB) NTFS

  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          931 GB      0 B         
  Disk 1    No Media           0 B      0 B         
  Disk 2    No Media           0 B      0 B         
  Disk 3    No Media           0 B      0 B         
  Disk 4    No Media           0 B      0 B         

Partitions of Disk 0:
===============

Disk ID: 1D2719F7

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary            100 MB  1024 KB
  Partition 2    Primary            931 GB   101 MB

======================================================================================================

Disk: 0
Partition 1
Type  : 07
Hidden: No
Active: Yes

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1         System Rese  NTFS   Partition    100 MB  Healthy    System (partition with boot components)  

======================================================================================================

Disk: 0
Partition 2
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     C                NTFS   Partition    931 GB  Healthy    Boot    

======================================================================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: 1D2719F7
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)


****** End Of Log ******

 

 

ComboFix 13-05-12.01 - Christopher Moser 05/12/2013  21:40:32.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6143.3372 [GMT -5:00]
Running from: c:\users\Christopher Moser\Desktop\ComboFix.exe
AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\ApproveIt\Support\Tools\AprvClean.exe
c:\programdata\continnuetosavve
c:\programdata\ReadOnlyInstaller.msi
c:\users\Christopher Moser\AppData\Roaming\inst.exe
c:\users\Christopher Moser\AppData\Roaming\vso_ts_preview.xml
.
.
(((((((((((((((((((((((((   Files Created from 2013-04-13 to 2013-05-13  )))))))))))))))))))))))))))))))
.
.
2013-05-13 02:54 . 2013-05-13 02:54    --------    d-----w-    c:\users\UpdatusUser\AppData\Local\temp
2013-05-13 02:54 . 2013-05-13 02:54    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-05-12 21:03 . 2013-05-12 21:03    --------    d-----w-    c:\windows\ERUNT
2013-05-12 21:03 . 2013-05-12 21:03    --------    d-----w-    C:\JRT
2013-05-12 02:04 . 2013-05-12 02:04    --------    d-----w-    C:\FRST
2013-05-11 15:19 . 2013-05-11 15:19    --------    d-----w-    c:\program files (x86)\ESET
2013-05-11 14:41 . 2013-05-11 14:41    --------    d-----w-    c:\users\Christopher Moser\AppData\Local\Programs
2013-05-11 14:39 . 2013-05-11 15:06    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2013-05-11 14:39 . 2013-04-04 19:50    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-05-10 21:38 . 2013-05-10 21:38    --------    d-----w-    c:\users\Christopher Moser\AppData\Roaming\LavasoftStatistics
2013-05-10 21:25 . 2013-05-10 21:25    --------    d-----w-    c:\programdata\Downloaded Installations
2013-05-10 21:25 . 2013-05-10 21:25    --------    d-----w-    c:\programdata\Ad-Aware Browsing Protection
2013-05-10 21:24 . 2013-05-10 21:24    --------    d-----w-    c:\program files (x86)\Toolbar Cleaner
2013-05-10 21:22 . 2013-05-10 21:22    14456    ----a-w-    c:\windows\system32\drivers\gfibto.sys
2013-05-09 22:31 . 2013-05-09 22:31    --------    d-----w-    c:\program files (x86)\Common Files\Java
2013-05-09 22:31 . 2013-04-04 10:35    95648    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-08 23:46 . 2013-05-08 23:46    --------    d-----w-    c:\users\Christopher Moser\AppData\Local\Tukui
2013-05-08 23:45 . 2013-05-08 23:45    --------    d-----w-    c:\program files (x86)\Tukui
2013-05-08 02:44 . 2013-05-08 02:44    --------    d-----w-    c:\program files (x86)\Aeria Games
2013-05-08 02:44 . 2013-05-08 02:44    --------    d-----w-    c:\users\Christopher Moser\AppData\Roaming\Aeria Games & Entertainment
2013-05-07 14:04 . 2013-05-09 22:27    --------    d-----w-    c:\users\Christopher Moser\AppData\Local\LogiShrd
2013-05-05 02:15 . 2013-05-05 02:16    --------    d-----w-    c:\users\Christopher Moser\AppData\Roaming\Notepad++
2013-05-05 02:15 . 2013-05-05 02:16    --------    d-----w-    c:\program files (x86)\Notepad++
2013-05-05 02:04 . 2013-05-05 02:04    --------    d-----w-    c:\users\Christopher Moser\AppData\Local\Sony Online Entertainment
2013-05-05 01:35 . 2013-05-05 01:35    --------    d-----w-    c:\programdata\StarApp
2013-04-30 12:02 . 2013-04-30 12:02    --------    d-----w-    c:\program files (x86)\Norton Identity Safe
2013-04-30 12:02 . 2013-04-30 12:02    --------    d-----w-    c:\windows\system32\drivers\NSTx64
2013-04-30 10:56 . 2013-04-30 12:02    --------    d-----w-    c:\windows\system32\drivers\NAVx64\1403010.016
2013-04-28 20:15 . 2013-04-28 20:15    --------    d-----w-    c:\users\Christopher Moser\AppData\Local\Aeria Games
2013-04-28 20:15 . 2013-04-28 20:15    --------    d-----w-    c:\programdata\Aeria Games
2013-04-28 19:47 . 2013-04-28 19:47    --------    d-----w-    c:\users\Christopher Moser\AppData\Local\Akamai
2013-04-28 19:47 . 2013-04-28 20:10    --------    d-----w-    C:\AeriaGames
2013-04-24 00:35 . 2012-08-23 15:09    3072    ----a-w-    c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2013-04-24 00:32 . 2012-08-24 18:13    154480    ----a-w-    c:\windows\system32\drivers\ksecpkg.sys
2013-04-24 00:32 . 2012-08-24 18:09    458712    ----a-w-    c:\windows\system32\drivers\cng.sys
2013-04-24 00:32 . 2012-08-24 18:05    340992    ----a-w-    c:\windows\system32\schannel.dll
2013-04-24 00:32 . 2012-08-24 18:03    1448448    ----a-w-    c:\windows\system32\lsasrv.dll
2013-04-24 00:32 . 2012-08-24 16:57    247808    ----a-w-    c:\windows\SysWow64\schannel.dll
2013-04-24 00:32 . 2012-08-24 16:57    22016    ----a-w-    c:\windows\SysWow64\secur32.dll
2013-04-24 00:32 . 2012-08-24 16:53    96768    ----a-w-    c:\windows\SysWow64\sspicli.dll
2013-04-23 22:38 . 2013-04-12 14:45    1656680    ----a-w-    c:\windows\system32\drivers\ntfs.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-30 10:56 . 2012-08-20 18:51    177312    ----a-w-    c:\windows\system32\drivers\SYMEVENT64x86.SYS
2013-04-19 02:58 . 2012-08-20 18:47    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-19 02:58 . 2012-08-20 18:47    691592    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-11 14:22 . 2011-01-07 20:39    770384    ----a-w-    c:\windows\SysWow64\msvcr100.dll
2013-04-11 14:22 . 2011-01-07 20:39    421200    ----a-w-    c:\windows\SysWow64\msvcp100.dll
2013-04-10 04:35 . 2012-08-20 15:01    72702784    ----a-w-    c:\windows\system32\MRT.exe
2013-04-03 18:12 . 2013-04-03 18:12    74752    ----a-w-    c:\windows\system32\drivers\S3XXx64.sys
2013-03-31 23:32 . 2013-03-31 23:32    82600    ----a-w-    c:\windows\system32\drivers\amd_sata.sys
2013-03-31 23:32 . 2013-03-31 23:32    42664    ----a-w-    c:\windows\system32\drivers\amd_xata.sys
2013-03-19 06:04 . 2013-04-10 02:27    5550424    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 02:27    43520    ----a-w-    c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 02:27    3968856    ----a-w-    c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 02:27    3913560    ----a-w-    c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 02:27    6656    ----a-w-    c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 02:27    112640    ----a-w-    c:\windows\system32\smss.exe
2013-03-05 16:14 . 2012-08-21 00:05    782240    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2013-03-05 16:14 . 2012-08-21 00:05    861088    ----a-w-    c:\windows\SysWow64\npDeployJava1.dll
2013-03-01 03:36 . 2013-04-10 02:31    3153408    ----a-w-    c:\windows\system32\win32k.sys
2013-02-12 05:45 . 2013-03-13 06:17    135168    ----a-w-    c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 06:17    350208    ----a-w-    c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 06:17    308736    ----a-w-    c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 06:17    111104    ----a-w-    c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 06:17    474112    ----a-w-    c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 06:17    2176512    ----a-w-    c:\windows\apppatch\AcGenral.dll
2013-02-12 04:12 . 2013-03-20 20:03    19968    ----a-w-    c:\windows\system32\drivers\usb8023.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogiShrd"="c:\users\Christopher Moser\AppData\Local\LogiShrd\iydivyxk.dll" [2013-05-07 762368]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AprvRemoveLegacyExcelKeys"="c:\program files (x86)\ApproveIt\Support\Tools\AprvClean.exe -k HKCU SOFTWARE\Microsoft\Office\Excel\Addins\OfficeAddIn.OfficeAddIn" [X]
"AprvRemoveLegacyWordKeys"="c:\program files (x86)\ApproveIt\Support\Tools\AprvClean.exe -k HKCU SOFTWARE\Microsoft\Office\Word\Addins\OfficeAddIn.OfficeAddIn" [X]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"Logitech G930"="c:\program files (x86)\Logitech\G930\G930.exe" [2011-03-23 1516888]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2013-01-31 542632]
.
c:\users\Christopher Moser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2012-8-20 0]
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-10-12 1324384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2009-6-3 164904]
ApproveIt StartUp.lnk - c:\windows\Installer\{4E01B649-0023-4EB5-9263-57DE317C3418}\Icon9557F1BC1.ico [2012-8-23 9216]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 slb;slb;c:\aeriagames\ScarletBlade\avital\scarlb64.sys [2013-04-28 81880]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-20 1255736]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2013-03-31 82600]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2013-03-31 42664]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-05-10 14456]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1403010.016\SYMDS64.SYS [2013-01-22 493656]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1403010.016\SYMEFA64.SYS [2013-01-31 1139800]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.1.22\Definitions\BASHDefs\20130502.001\BHDrvx64.sys [2013-04-12 1390680]
S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAVx64\1403010.016\ccSetx64.sys [2012-11-16 168096]
S1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NSTx64\7DD03030.013\ccSetx64.sys [2012-11-16 168096]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.1.22\Definitions\IPSDefs\20130510.001\IDSvia64.sys [2013-04-30 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1403010.016\Ironx64.SYS [2012-11-16 224416]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1403010.016\SYMNETS.SYS [2013-01-31 432800]
S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-03 277032]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2010-01-11 155648]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\20.3.1.22\ccSvcHst.exe [2012-12-24 144520]
S2 NCO;Norton Identity Safe;c:\program files (x86)\Norton Identity Safe\Engine\2013.3.3.19\ccSvcHst.exe [2012-12-24 144520]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-11-26 75904]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-09-18 138912]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-08-06 320040]
S3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys [2011-04-11 410184]
S3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys [2011-04-11 341832]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
S3 LVUVC64;Logitech Webcam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2012-08-22 82816]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
S3 S3XXx64;SCR3xx USB SmartCardReader64;c:\windows\system32\DRIVERS\S3XXx64.sys [2013-04-03 74752]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 14229059
*Deregistered* - 14229059
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-20 02:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-05-21 6868280]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 196648]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 483880]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
FF - ProfilePath - c:\users\Christopher Moser\AppData\Roaming\Mozilla\Firefox\Profiles\qicu5ppi.default\
FF - prefs.js: browser.search.selectedEngine - Wowhead
FF - prefs.js: browser.startup.homepage - www.msn.com
FF - ExtSQL: 2013-04-30 07:02; {F04D2D30-776C-4d02-8627-8E4385ECA58D}; c:\programdata\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.3.3.19\coFFPlgn
FF - ExtSQL: 2013-04-30 07:05; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.1.22\IPSFFPlgn
FF - ExtSQL: !HIDDEN! 2012-08-22 22:33; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-ApproveItForOfficeSetup - c:\program files (x86)\ApproveIt\Support\Tools\ApproveItForOfficeSetup.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKU-Default-Run-Deployment - c:\users\Christopher Moser\AppData\Local\SCE\Deployment\hkkdourwk.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-{EC77DCE9-B7C0-A87A-81E2-A12CD038CE46} - c:\progra~3\INSTAL~1\{71011~1\Setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NAV]
"ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\20.3.1.22\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\20.3.1.22\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NCO]
"ImagePath"="\"c:\program files (x86)\Norton Identity Safe\Engine\2013.3.3.19\ccSvcHst.exe\" /s \"NCO\" /m \"c:\program files (x86)\Norton Identity Safe\Engine\2013.3.3.19\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-05-12  22:20:47
ComboFix-quarantined-files.txt  2013-05-13 03:20
.
Pre-Run: 807,302,500,352 bytes free
Post-Run: 808,106,889,216 bytes free
.
- - End Of File - - B34B14405FF46E5C62B5C35BA5992263



#12 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:38 AM

Posted 13 May 2013 - 01:46 PM

Hi,

 

How frequent are the MBAM notifications you are getting now?  Are they random, or is there something that you are doing that seems to trigger them?


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#13 Thanatoid

Thanatoid
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 13 May 2013 - 02:59 PM

They are not as frequent as when we initially started, and far more time in between them now. As I posted earlier it seems to be a different process now, now its iexplore.exe instead of when it started it was svchost.exe if that makes any difference. going to attach the logs from yesterday and today so you can see the sheer volume of blocks. Yesterdays logs include both blocks from svchost.exe and iexplore.exe after some of the checks we completed they switched processes.

Attached Files


Edited by Thanatoid, 13 May 2013 - 03:15 PM.


#14 Thanatoid

Thanatoid
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 13 May 2013 - 08:19 PM

So something new now. The MBAM notifications have stopped all together, no bubbles and not seeing any activity on the logs, now I continually receive a security alert window assuming its windows that states "Security Alert" You are about to leave a secure Internet connection. It will be possible for others to view information you send. Do you want to continue. Also one that basically states i am starting a secure connection. that it will not be possible for others to view information while on that secure connection. This has all started pretty recently as of my last post.



#15 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:38 AM

Posted 13 May 2013 - 09:01 PM

That alert is actually normal behavior for Internet Explorer.  You probably had it disabled, but ComboFix restores quite a few default settings.  To turn them off again in IE, go to Tools > Internet Options > Advanced and uncheck the box next to "Warn if changing between secure and non secure mode". Or, the first time the message appears check the box "In the Future, do not show this warning". 

 

Your logs look good.  The initial MBAM notices were caused by a MBR infection; the subsequent, less frequent notices are just MBAM doing it's job.  All I have left for you is some important cleanup:

 

icon11.gif  Uninstall ComboFix

  • Press the Windows key + R on your keyboard or click Start -> Run.  Copy and past the following text into the run box that opens and press OK:
    Combofix /Uninstall

Combofix_uninstall_image.jpg

icon11.gif  Delete the following tools along with any other logs you saved from our work:
  • DDS
  • FRST (also delete the c:\FRST folder
  • MBAR
  • AdwCleaner

  • JRT

  • TDSS Killer

  • ListParts

icon11.gif  Download TFC to your desktop

  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't,  manually reboot to ensure a complete clean

icon11.gif  Finally, I'd like to make a couple of suggestions to help you stay clean in the future:

  • Restart any anti-malware programs that we disabled while we were cleaning your machine.
  • Keep your antivirus application and MBAM current and updated.  Scan with them at least weekly.
  • Avoid using P2P programs.  Refer back to my earlier post for more information.
  • Please read this post for some helpful information.

Please post once more so I know you are all set and I can mark this thread resolved. Good luck and stay safe!

 

 


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users