Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan or Rootkit hiding in my system


  • This topic is locked This topic is locked
19 replies to this topic

#1 Crimsonight

Crimsonight

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:37 PM

Posted 25 August 2013 - 12:39 PM

I tired a different forum and after all the scans they told me to re-install Windows, which I had already told them I'd done twice before even going to them. I started trying to fix it myself and I came across Rootkit unhooker. I recieved the following errors:

Failed to enable debug privilege, not a critical issue

load driver privilege not adjusted

 

I'm hoping you can help me. To speed up the process, here is a list of scans I ran with the other forums:

Junkware Removal Tool

AdwCleaner

Malwarebytes' Anti-Malware

Roguekiller

Combofix

ESET OnlineScan

Kaspersky Virus Removal Tool

Farbar Recovery Scan Tool

Malwarebytes Anti-Rootkit

TDSSKiller

OTL

SFC /Scannow

Dr.Web CureIt

 

The Thread: http://forums.malwarebytes.org/index.php?showtopic=130557&page=1

 

 

I know there's something because my browers will open on its own when I'm not home. Sometimes it will redirect me to my homepage while I'm browsing. When I try to use Netflix, playing a show ALWAYS results in redirecting to homepage. When I run SafeMode, the browser spams open. The browser spams itself on occasion when I run some games as well.
 

I would like to know what we're hunting for and how much of a threat it is to me. If you could tell me, I would be grateful. If you destroy it, I will love you.

 



BC AdBot (Login to Remove)

 


#2 Crimsonight

Crimsonight
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:37 PM

Posted 25 August 2013 - 12:47 PM

Here's a DDS.log

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16502
Run by TheCrimsonight at 13:45:37 on 2013-08-25
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8140.5141 [GMT -4:00]
.
AV: AVG Internet Security 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Internet Security 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
C:\Users\TheCrimsonight\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\msdt.exe
C:\Windows\System32\sdiagnhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
uRun: [Spotify Web Helper] "C:\Users\TheCrimsonight\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{EBAB845C-0AB3-462A-B466-A86C7D204A50} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{EBAB845C-0AB3-462A-B466-A86C7D204A50}\54465736164796F6E614373796374716E647 : DHCPNameServer = 65.32.5.111 65.32.5.112 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\TheCrimsonight\AppData\Roaming\Mozilla\Firefox\Profiles\aoi7otob.default\
FF - prefs.js: browser.startup.homepage - Google.com
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-08-22 04:33; firefox@ghostery.com; C:\Users\TheCrimsonight\AppData\Roaming\Mozilla\Firefox\Profiles\aoi7otob.default\extensions\firefox@ghostery.com.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-7-20 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-7-20 311608]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-7-1 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-7-10 45880]
R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2012-9-4 50296]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-7-20 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-7-20 206648]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-9-21 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-9-21 204288]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [2013-7-25 1432080]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-7-4 4939312]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-7-23 283136]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-1-24 901184]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-1-24 991296]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-2-18 265544]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-17 682040]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-9-21 13336]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-2 483688]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-9-21 2656280]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-1-24 1298496]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-8-5 283200]
R3 hpCMSrv;HP Connection Manager 4.0 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-2-15 1071160]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-9-21 317440]
R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2011-8-9 12289472]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-12-10 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-12-10 181248]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-9-21 333928]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-9-21 428136]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2009-12-2 721768]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2009-12-2 269672]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2009-12-2 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2009-12-2 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-2 209768]
R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2011-2-16 42392]
R3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2011/09/21 02:53:16;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-1-25 241648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-7-25 162672]
S3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2011-1-24 58128]
S3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2011-1-24 274944]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\Windows\System32\drivers\hitmanpro37.sys [2013-8-23 32000]
S3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2011-1-24 59904]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-2-4 340240]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-8-7 19456]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-8-7 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-8-7 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-8-7 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-08-25 17:41:59    24448    ----a-w-    C:\Windows\SysWow64\drivers\rkhdrv40.sys
2013-08-25 04:02:24    --------    d-----w-    C:\Program Files\CCleaner
2013-08-24 02:43:15    --------    d-----w-    C:\ProgramData\Sophos
2013-08-24 01:19:25    32000    ----a-w-    C:\Windows\System32\drivers\hitmanpro37.sys
2013-08-16 21:41:56    5550528    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-08-16 21:41:56    3968960    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-16 21:41:56    3913664    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-08-16 21:41:55    243712    ----a-w-    C:\Windows\System32\wow64.dll
2013-08-16 21:41:55    1732032    ----a-w-    C:\Windows\System32\ntdll.dll
2013-08-16 21:41:55    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2013-08-16 21:41:55    1292192    ----a-w-    C:\Windows\SysWow64\ntdll.dll
2013-08-16 21:41:54    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2013-08-16 21:41:54    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2013-08-16 21:41:54    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2013-08-16 21:41:54    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2013-08-16 20:53:16    1472512    ----a-w-    C:\Windows\System32\crypt32.dll
2013-08-16 20:53:16    1166848    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-08-16 20:53:15    224256    ----a-w-    C:\Windows\System32\wintrust.dll
2013-08-16 20:53:15    184320    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-08-16 20:53:15    175104    ----a-w-    C:\Windows\SysWow64\wintrust.dll
2013-08-16 20:53:15    140288    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2013-08-16 20:53:15    139776    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-08-16 20:53:15    103936    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-08-16 20:53:03    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2013-08-16 20:53:03    2048    ----a-w-    C:\Windows\System32\tzres.dll
2013-08-16 20:52:55    663552    ----a-w-    C:\Windows\SysWow64\rpcrt4.dll
2013-08-16 20:52:55    1888768    ----a-w-    C:\Windows\System32\WMVDECOD.DLL
2013-08-16 20:52:55    1620992    ----a-w-    C:\Windows\SysWow64\WMVDECOD.DLL
2013-08-16 20:52:55    1217024    ----a-w-    C:\Windows\System32\rpcrt4.dll
2013-08-16 20:52:54    1910208    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-08-16 20:52:02    39936    ----a-w-    C:\Windows\System32\drivers\tssecsrv.sys
2013-08-14 00:51:00    --------    d-----w-    C:\ProgramData\VirtualizedApplications
2013-08-13 21:41:38    --------    d-----w-    C:\Users\TheCrimsonight\AppData\Local\SoftGrid Client
2013-08-13 21:41:37    --------    d-----w-    C:\Users\TheCrimsonight\AppData\Roaming\SoftGrid Client
2013-08-13 21:40:59    --------    d-----w-    C:\Program Files (x86)\Microsoft Application Virtualization Client
2013-08-13 21:40:35    --------    d-----w-    C:\Users\TheCrimsonight\AppData\Roaming\TP
2013-08-11 05:06:51    556632    ------w-    C:\Windows\System32\drivers\4816839drv.sys
2013-08-10 23:03:40    --------    d-----w-    C:\Users\TheCrimsonight\AppData\Local\CrashDumps
2013-08-10 17:38:01    --------    d-sh--w-    C:\$RECYCLE.BIN
2013-08-08 19:16:23    98816    ----a-w-    C:\Windows\sed.exe
2013-08-08 19:16:23    256000    ----a-w-    C:\Windows\PEV.exe
2013-08-08 19:16:23    208896    ----a-w-    C:\Windows\MBR.exe
2013-08-08 06:24:05    --------    d-----w-    C:\Program Files (x86)\MSXML 4.0
2013-08-08 06:22:44    --------    d-----w-    C:\Windows\System32\MRT
2013-08-07 21:17:27    --------    d-----w-    C:\Windows\SysWow64\Wat
2013-08-07 21:17:27    --------    d-----w-    C:\Windows\System32\Wat
2013-08-07 20:41:24    2560    ----a-w-    C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-08-07 20:41:23    9728    ----a-w-    C:\Windows\System32\Wdfres.dll
2013-08-07 20:41:23    785512    ----a-w-    C:\Windows\System32\drivers\Wdf01000.sys
2013-08-07 20:41:23    54376    ----a-w-    C:\Windows\System32\drivers\WdfLdr.sys
2013-08-07 20:39:32    87040    ----a-w-    C:\Windows\System32\drivers\WUDFPf.sys
2013-08-07 20:39:32    84992    ----a-w-    C:\Windows\System32\WUDFSvc.dll
2013-08-07 20:39:32    198656    ----a-w-    C:\Windows\System32\drivers\WUDFRd.sys
2013-08-07 20:39:32    194048    ----a-w-    C:\Windows\System32\WUDFPlatform.dll
2013-08-07 20:39:31    744448    ----a-w-    C:\Windows\System32\WUDFx.dll
2013-08-07 20:39:31    45056    ----a-w-    C:\Windows\System32\WUDFCoinstaller.dll
2013-08-07 20:39:31    229888    ----a-w-    C:\Windows\System32\WUDFHost.exe
2013-08-07 20:24:57    340992    ----a-w-    C:\Windows\System32\schannel.dll
2013-08-07 20:23:59    870912    ----a-w-    C:\Windows\SysWow64\XpsPrint.dll
2013-08-07 20:22:54    503808    ----a-w-    C:\Windows\System32\srcore.dll
2013-08-07 20:22:53    43008    ----a-w-    C:\Windows\SysWow64\srclient.dll
2013-08-07 20:20:25    223752    ----a-w-    C:\Windows\System32\drivers\fvevol.sys
2013-08-07 20:20:21    31232    ----a-w-    C:\Windows\SysWow64\prevhost.exe
2013-08-07 20:20:21    31232    ----a-w-    C:\Windows\System32\prevhost.exe
2013-08-07 20:20:03    67072    ----a-w-    C:\Windows\splwow64.exe
2013-08-07 20:20:03    559104    ----a-w-    C:\Windows\System32\spoolsv.exe
2013-08-07 20:18:33    --------    d-----w-    C:\Users\TheCrimsonight\AppData\Local\ElevatedDiagnostics
2013-08-06 20:35:40    --------    d-----w-    C:\Users\TheCrimsonight\AppData\Local\Skyrim
2013-08-06 00:58:18    --------    d-----w-    C:\Users\TheCrimsonight\AppData\Local\Diagnostics
2013-08-05 22:02:58    --------    d-----w-    C:\ProgramData\EA Core
2013-08-05 21:18:34    --------    d-----w-    C:\Program Files (x86)\Origin Games
2013-08-05 21:18:29    --------    d-----w-    C:\Users\TheCrimsonight\AppData\Local\Origin
2013-08-05 21:04:23    --------    d-----w-    C:\Users\TheCrimsonight\AppData\Roaming\Origin
2013-08-05 21:04:12    --------    d-----w-    C:\ProgramData\Origin
2013-08-05 21:04:03    --------    d-----w-    C:\Program Files (x86)\Origin
2013-08-05 21:02:23    --------    d-----w-    C:\ProgramData\Electronic Arts
2013-08-05 20:38:09    283200    ----a-w-    C:\Windows\System32\drivers\dtsoftbus01.sys
2013-08-05 19:42:45    5554512    ----a-w-    C:\Windows\System32\d3dcsx_42.dll
2013-08-05 19:42:45    5501792    ----a-w-    C:\Windows\SysWow64\d3dcsx_42.dll
2013-08-05 19:42:29    285024    ----a-w-    C:\Windows\System32\d3dx11_42.dll
2013-08-05 19:42:29    235344    ----a-w-    C:\Windows\SysWow64\d3dx11_42.dll
2013-08-05 19:42:09    2475352    ----a-w-    C:\Windows\System32\D3DX9_42.dll
2013-08-05 19:42:09    1892184    ----a-w-    C:\Windows\SysWow64\D3DX9_42.dll
2013-08-05 19:41:45    520544    ----a-w-    C:\Windows\System32\d3dx10_41.dll
2013-08-05 19:41:45    2430312    ----a-w-    C:\Windows\System32\D3DCompiler_41.dll
2013-08-05 19:41:15    5425496    ----a-w-    C:\Windows\System32\D3DX9_41.dll
2013-08-05 19:40:45    73544    ----a-w-    C:\Windows\System32\XAPOFX1_3.dll
2013-08-05 19:40:45    521560    ----a-w-    C:\Windows\System32\XAudio2_4.dll
2013-08-05 19:40:45    517448    ----a-w-    C:\Windows\SysWow64\XAudio2_4.dll
2013-08-05 19:40:35    235352    ----a-w-    C:\Windows\SysWow64\xactengine3_4.dll
2013-08-05 19:40:35    174936    ----a-w-    C:\Windows\System32\xactengine3_4.dll
2013-08-05 19:40:31    24920    ----a-w-    C:\Windows\System32\X3DAudio1_6.dll
2013-08-05 19:40:31    22360    ----a-w-    C:\Windows\SysWow64\X3DAudio1_6.dll
2013-08-05 19:40:02    519000    ----a-w-    C:\Windows\System32\d3dx10_40.dll
2013-08-05 19:40:02    452440    ----a-w-    C:\Windows\SysWow64\d3dx10_40.dll
2013-08-05 19:40:02    2605920    ----a-w-    C:\Windows\System32\D3DCompiler_40.dll
2013-08-05 19:40:02    2036576    ----a-w-    C:\Windows\SysWow64\D3DCompiler_40.dll
2013-08-05 19:39:48    5631312    ----a-w-    C:\Windows\System32\D3DX9_40.dll
2013-08-05 19:39:20    4379984    ----a-w-    C:\Windows\SysWow64\D3DX9_40.dll
2013-08-05 19:37:59    467984    ----a-w-    C:\Windows\SysWow64\d3dx10_39.dll
2013-08-05 19:37:59    1493528    ----a-w-    C:\Windows\SysWow64\D3DCompiler_39.dll
2013-08-05 19:37:34    4992520    ----a-w-    C:\Windows\System32\D3DX9_39.dll
2013-08-05 19:37:34    3851784    ----a-w-    C:\Windows\SysWow64\D3DX9_39.dll
2013-08-05 19:37:08    68104    ----a-w-    C:\Windows\System32\XAPOFX1_0.dll
2013-08-05 19:37:08    65032    ----a-w-    C:\Windows\SysWow64\XAPOFX1_0.dll
2013-08-05 19:37:08    511496    ----a-w-    C:\Windows\System32\XAudio2_1.dll
2013-08-05 19:37:08    507400    ----a-w-    C:\Windows\SysWow64\XAudio2_1.dll
2013-08-05 19:37:00    238088    ----a-w-    C:\Windows\SysWow64\xactengine3_1.dll
2013-08-05 19:37:00    177672    ----a-w-    C:\Windows\System32\xactengine3_1.dll
2013-08-05 19:36:56    28168    ----a-w-    C:\Windows\System32\X3DAudio1_4.dll
2013-08-05 19:36:56    25608    ----a-w-    C:\Windows\SysWow64\X3DAudio1_4.dll
2013-08-05 19:36:41    540688    ----a-w-    C:\Windows\System32\d3dx10_38.dll
2013-08-05 19:36:41    467984    ----a-w-    C:\Windows\SysWow64\d3dx10_38.dll
2013-08-05 19:36:41    1941528    ----a-w-    C:\Windows\System32\D3DCompiler_38.dll
2013-08-05 19:36:41    1491992    ----a-w-    C:\Windows\SysWow64\D3DCompiler_38.dll
2013-08-05 19:36:23    4991496    ----a-w-    C:\Windows\System32\D3DX9_38.dll
2013-08-05 19:36:23    3850760    ----a-w-    C:\Windows\SysWow64\D3DX9_38.dll
2013-08-05 19:36:12    489480    ----a-w-    C:\Windows\System32\XAudio2_0.dll
2013-08-05 19:36:12    479752    ----a-w-    C:\Windows\SysWow64\XAudio2_0.dll
2013-08-05 19:36:06    238088    ----a-w-    C:\Windows\SysWow64\xactengine3_0.dll
2013-08-05 19:36:06    177672    ----a-w-    C:\Windows\System32\xactengine3_0.dll
2013-08-05 19:35:50    28168    ----a-w-    C:\Windows\System32\X3DAudio1_3.dll
2013-08-05 19:35:50    25608    ----a-w-    C:\Windows\SysWow64\X3DAudio1_3.dll
2013-08-05 19:35:20    529424    ----a-w-    C:\Windows\System32\d3dx10_37.dll
2013-08-05 19:35:20    462864    ----a-w-    C:\Windows\SysWow64\d3dx10_37.dll
2013-08-05 19:35:20    1860120    ----a-w-    C:\Windows\System32\D3DCompiler_37.dll
2013-08-05 19:35:20    1420824    ----a-w-    C:\Windows\SysWow64\D3DCompiler_37.dll
2013-08-05 19:35:01    4910088    ----a-w-    C:\Windows\System32\D3DX9_37.dll
2013-08-05 19:35:01    3786760    ----a-w-    C:\Windows\SysWow64\D3DX9_37.dll
2013-08-05 19:34:53    411656    ----a-w-    C:\Windows\System32\xactengine2_10.dll
2013-08-05 19:34:53    267272    ----a-w-    C:\Windows\SysWow64\xactengine2_10.dll
2013-08-05 19:34:29    508264    ----a-w-    C:\Windows\System32\d3dx10_36.dll
2013-08-05 19:34:29    444776    ----a-w-    C:\Windows\SysWow64\d3dx10_36.dll
2013-08-05 19:34:29    2006552    ----a-w-    C:\Windows\System32\D3DCompiler_36.dll
2013-08-05 19:34:29    1374232    ----a-w-    C:\Windows\SysWow64\D3DCompiler_36.dll
2013-08-05 19:34:18    5081608    ----a-w-    C:\Windows\System32\d3dx9_36.dll
2013-08-05 19:34:18    3734536    ----a-w-    C:\Windows\SysWow64\d3dx9_36.dll
2013-08-05 19:32:56    4496232    ----a-w-    C:\Windows\System32\d3dx9_34.dll
2013-08-05 19:32:56    3497832    ----a-w-    C:\Windows\SysWow64\d3dx9_34.dll
2013-08-05 19:32:48    107368    ----a-w-    C:\Windows\System32\xinput1_3.dll
2013-08-05 19:32:40    403304    ----a-w-    C:\Windows\System32\xactengine2_7.dll
2013-08-05 19:32:40    261480    ----a-w-    C:\Windows\SysWow64\xactengine2_7.dll
2013-08-05 19:32:23    506728    ----a-w-    C:\Windows\System32\d3dx10_33.dll
2013-08-05 19:32:23    443752    ----a-w-    C:\Windows\SysWow64\d3dx10_33.dll
2013-08-05 19:32:23    1400176    ----a-w-    C:\Windows\System32\D3DCompiler_33.dll
2013-08-05 19:32:23    1123696    ----a-w-    C:\Windows\SysWow64\D3DCompiler_33.dll
2013-08-05 19:32:14    4494184    ----a-w-    C:\Windows\System32\d3dx9_33.dll
2013-08-05 19:32:14    3495784    ----a-w-    C:\Windows\SysWow64\d3dx9_33.dll
2013-08-05 19:31:56    393576    ----a-w-    C:\Windows\System32\xactengine2_6.dll
2013-08-05 19:31:56    255848    ----a-w-    C:\Windows\SysWow64\xactengine2_6.dll
2013-08-05 19:31:21    390424    ----a-w-    C:\Windows\System32\xactengine2_5.dll
2013-08-05 19:31:21    251672    ----a-w-    C:\Windows\SysWow64\xactengine2_5.dll
2013-08-05 19:30:57    469264    ----a-w-    C:\Windows\System32\d3dx10.dll
2013-08-05 19:30:57    440080    ----a-w-    C:\Windows\SysWow64\d3dx10.dll
2013-08-05 19:29:32    364824    ----a-w-    C:\Windows\System32\xactengine2_4.dll
2013-08-05 19:29:32    237848    ----a-w-    C:\Windows\SysWow64\xactengine2_4.dll
2013-08-05 19:29:32    17688    ----a-w-    C:\Windows\System32\x3daudio1_1.dll
2013-08-05 19:29:32    15128    ----a-w-    C:\Windows\SysWow64\x3daudio1_1.dll
2013-08-05 19:29:14    3977496    ----a-w-    C:\Windows\System32\d3dx9_31.dll
2013-08-05 19:29:14    2414360    ----a-w-    C:\Windows\SysWow64\d3dx9_31.dll
2013-08-05 19:29:09    363288    ----a-w-    C:\Windows\System32\xactengine2_3.dll
2013-08-05 19:29:09    236824    ----a-w-    C:\Windows\SysWow64\xactengine2_3.dll
2013-08-05 19:29:06    83736    ----a-w-    C:\Windows\System32\xinput1_2.dll
2013-08-05 19:29:06    62744    ----a-w-    C:\Windows\SysWow64\xinput1_2.dll
2013-08-05 19:27:58    3767504    ----a-w-    C:\Windows\System32\d3dx9_26.dll
2013-08-05 19:27:58    2297552    ----a-w-    C:\Windows\SysWow64\d3dx9_26.dll
2013-08-05 19:23:54    --------    d-----w-    C:\Program Files (x86)\The Elder Scrolls V Skyrim
2013-08-05 19:17:10    --------    d-----w-    C:\Users\TheCrimsonight\AppData\Roaming\DAEMON Tools Lite
2013-08-05 19:17:09    --------    d-----w-    C:\Program Files (x86)\DAEMON Tools Lite
2013-08-05 19:16:33    --------    d-----w-    C:\ProgramData\DAEMON Tools Lite
2013-08-05 14:39:24    --------    d-----w-    C:\Program Files (x86)\VideoLAN
2013-08-05 07:30:25    1660232    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com\components\FFXPCOM.dll
2013-08-05 04:57:52    --------    d-----w-    C:\Users\TheCrimsonight\AppData\Local\SKIDROW
2013-08-05 00:33:44    --------    d-----w-    C:\Program Files (x86)\Portal 2
2013-08-04 17:43:26    --------    d-----w-    C:\Users\TheCrimsonight\AppData\Local\HP
2013-08-04 17:43:18    --------    d-----w-    C:\Users\TheCrimsonight\AppData\Local\AuthenTec
2013-08-04 17:31:35    80384    ----a-w-    C:\Windows\System32\drivers\BTHUSB.SYS
2013-08-04 08:58:56    --------    d-----w-    C:\Users\TheCrimsonight\AppData\Local\Apple Computer
2013-08-04 08:58:06    --------    d-----w-    C:\Program Files\iPod
2013-08-04 08:58:05    --------    d-----w-    C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-04 08:58:05    --------    d-----w-    C:\Program Files\iTunes
2013-08-04 08:58:05    --------    d-----w-    C:\Program Files (x86)\iTunes
2013-08-04 07:43:00    867240    ----a-w-    C:\Windows\SysWow64\npDeployJava1.dll
2013-08-03 15:08:50    --------    d-----w-    C:\HP_TOOLS_mountHPSF
2013-08-03 15:08:17    --------    d-----w-    C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2013-08-02 07:04:42    --------    d-----w-    C:\Users\TheCrimsonight\AppData\Roaming\Philipp Winterberg
2013-08-02 07:04:40    --------    d-----w-    C:\Program Files (x86)\RAR File Open Knife - Free Opener
2013-08-01 19:19:06    4178264    ----a-w-    C:\Windows\SysWow64\D3DX9_41.dll
2013-08-01 19:19:05    81768    ----a-w-    C:\Windows\SysWow64\xinput1_3.dll
2013-08-01 19:18:58    --------    d-----w-    C:\Program Files (x86)\TERA
2013-08-01 19:18:56    --------    d-----w-    C:\Users\TheCrimsonight\AppData\Local\TERA
2013-08-01 19:00:31    --------    d-----w-    C:\Users\TheCrimsonight\Seeker
2013-08-01 18:34:52    --------    d-----w-    C:\Users\TheCrimsonight\AppData\Local\Microsoft Games
2013-08-01 08:02:05    --------    d-----w-    C:\Windows\ERUNT
2013-08-01 07:08:20    33240    ----a-w-    C:\Windows\System32\drivers\GEARAspiWDM.sys
2013-08-01 07:08:04    46080    ----a-w-    C:\Windows\System32\atmlib.dll
2013-08-01 07:08:04    367616    ----a-w-    C:\Windows\System32\atmfd.dll
2013-08-01 07:08:04    34304    ----a-w-    C:\Windows\SysWow64\atmlib.dll
2013-08-01 07:08:04    295424    ----a-w-    C:\Windows\SysWow64\atmfd.dll
2013-08-01 07:07:52    --------    d-----w-    C:\Users\TheCrimsonight\AppData\Local\Apple
2013-08-01 07:04:28    --------    d-----w-    C:\Program Files\Bonjour
2013-08-01 07:04:28    --------    d-----w-    C:\Program Files (x86)\Bonjour
2013-08-01 07:03:58    81408    ----a-w-    C:\Windows\System32\imagehlp.dll
2013-08-01 07:03:58    5120    ----a-w-    C:\Windows\SysWow64\wmi.dll
2013-08-01 07:03:58    5120    ----a-w-    C:\Windows\System32\wmi.dll
2013-08-01 07:03:58    23408    ----a-w-    C:\Windows\System32\drivers\fs_rec.sys
2013-08-01 07:03:58    159232    ----a-w-    C:\Windows\SysWow64\imagehlp.dll
2013-08-01 07:00:25    --------    d-----w-    C:\Users\TheCrimsonight\AppData\Local\Spotify
2013-08-01 06:59:55    --------    d-----w-    C:\Users\TheCrimsonight\AppData\Roaming\Spotify
2013-08-01 06:57:40    --------    d-----r-    C:\Program Files (x86)\Skype
2013-08-01 06:56:46    --------    d-----w-    C:\Users\TheCrimsonight\AppData\Local\AOL
2013-07-31 08:15:30    --------    d-----w-    C:\Users\TheCrimsonight\AppData\Roaming\Malwarebytes
2013-07-31 08:15:03    --------    d-----w-    C:\Users\TheCrimsonight\AppData\Local\Programs
2013-07-31 08:08:08    --------    d-----w-    C:\Users\TheCrimsonight\AppData\Local\Adobe
2013-07-31 07:11:57    376688    ----a-w-    C:\Windows\System32\drivers\netio.sys
2013-07-31 07:10:44    478208    ----a-w-    C:\Windows\System32\dpnet.dll
2013-07-31 07:09:56    498688    ----a-w-    C:\Windows\System32\drivers\afd.sys
2013-07-31 07:08:58    690688    ----a-w-    C:\Windows\SysWow64\msvcrt.dll
2013-07-30 16:09:47    --------    d-----w-    C:\Users\TheCrimsonight\AppData\Roaming\AVG2013
2013-07-30 16:09:20    --------    d-----w-    C:\Users\TheCrimsonight\AppData\Roaming\TuneUp Software
2013-07-30 16:09:01    --------    d-----w-    C:\ProgramData\AVG2013
2013-07-30 16:09:01    --------    d-----w-    C:\$AVG
2013-07-30 16:08:17    --------    d-----w-    C:\Program Files (x86)\AVG
2013-07-30 16:05:14    --------    d--h--w-    C:\ProgramData\Common Files
2013-07-30 16:05:14    --------    d-----w-    C:\Users\TheCrimsonight\AppData\Local\MFAData
2013-07-30 16:05:14    --------    d-----w-    C:\Users\TheCrimsonight\AppData\Local\Avg2013
2013-07-30 16:05:14    --------    d-----w-    C:\ProgramData\MFAData
2013-07-30 11:10:32    --------    d-----w-    C:\Users\TheCrimsonight\AppData\Local\Macromedia
2013-07-30 11:10:22    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-30 11:10:22    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-30 10:39:32    --------    d-----w-    C:\ProgramData\Synaptics
2013-07-30 10:27:30    --------    d-----w-    C:\Users\TheCrimsonight\AppData\Local\ATI
2013-07-30 10:26:31    --------    d-----w-    C:\Users\TheCrimsonight\AppData\Roaming\Intel Corporation
2013-07-30 10:26:29    --------    d-----w-    C:\Users\TheCrimsonight\AppData\Roaming\hpqLog
2013-07-30 10:26:28    --------    d-----w-    C:\Users\TheCrimsonight\AppData\Roaming\Synaptics
2013-07-30 10:25:50    --------    d-----w-    C:\Users\TheCrimsonight\AppData\Local\RemEngine
2013-07-30 10:24:52    826880    ----a-w-    C:\Windows\SysWow64\rdpcore.dll
2013-07-30 10:24:52    23552    ----a-w-    C:\Windows\System32\drivers\tdtcp.sys
2013-07-30 10:24:52    1031680    ----a-w-    C:\Windows\System32\rdpcore.dll
2013-07-30 10:23:13    --------    d-----w-    C:\Users\TheCrimsonight\AppData\Local\Hewlett-Packard
2013-07-30 10:22:57    --------    d-----w-    C:\Users\TheCrimsonight\AppData\Local\Hewlett-Packard_Company
.
==================== Find3M  ====================
.
2013-08-04 07:42:42    789416    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-07-25 03:37:25    2312704    ----a-w-    C:\Windows\System32\jscript9.dll
2013-07-25 03:30:49    1392128    ----a-w-    C:\Windows\System32\wininet.dll
2013-07-25 03:29:41    1494528    ----a-w-    C:\Windows\System32\inetcpl.cpl
2013-07-25 03:28:46    173056    ----a-w-    C:\Windows\System32\ieUnatt.exe
2013-07-25 03:28:31    599040    ----a-w-    C:\Windows\System32\vbscript.dll
2013-07-25 03:27:20    2382848    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-07-25 02:32:35    1800704    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-07-25 02:26:10    1129472    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-07-25 02:25:30    1427968    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2013-07-25 02:23:59    142848    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2013-07-25 02:23:58    420864    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2013-07-25 02:22:35    2382848    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-07-20 05:51:00    311608    ----a-w-    C:\Windows\System32\drivers\avgloga.sys
2013-07-20 05:50:56    71480    ----a-w-    C:\Windows\System32\drivers\avgidsha.sys
2013-07-20 05:50:56    246072    ----a-w-    C:\Windows\System32\drivers\avgidsdrivera.sys
2013-07-20 05:50:50    206648    ----a-w-    C:\Windows\System32\drivers\avgldx64.sys
2013-07-10 05:32:38    45880    ----a-w-    C:\Windows\System32\drivers\avgrkx64.sys
2013-07-09 04:45:07    44032    ----a-w-    C:\Windows\apppatch\acwow64.dll
2013-07-01 05:45:28    116536    ----a-w-    C:\Windows\System32\drivers\avgmfx64.sys
2013-06-05 03:34:27    3153920    ----a-w-    C:\Windows\System32\win32k.sys
2013-06-04 06:00:13    624128    ----a-w-    C:\Windows\System32\qedit.dll
2013-06-04 04:53:07    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
.
============= FINISH: 13:46:10.17 ===============
 



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:37 PM

Posted 30 August 2013 - 12:40 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/505572 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 Crimsonight

Crimsonight
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:37 PM

Posted 31 August 2013 - 12:17 PM

I dont have a Windows Disc

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16502
Run by TheCrimsonight at 13:14:52 on 2013-08-31
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8140.5599 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ips\ipsbho.dll
BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{EBAB845C-0AB3-462A-B466-A86C7D204A50} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll
x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\TheCrimsonight\AppData\Roaming\Mozilla\Firefox\Profiles\68ylm6ku.default\
FF - prefs.js: browser.startup.homepage - Google.com
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
FF - ExtSQL: 2013-08-22 04:33; firefox@ghostery.com; C:\Users\TheCrimsonight\AppData\Roaming\Mozilla\Firefox\Profiles\68ylm6ku.default\extensions\firefox@ghostery.com.xpi
FF - ExtSQL: 2013-08-26 08:51; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_12_1
FF - ExtSQL: 2013-08-26 09:09; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1207020.003\symds64.sys [2013-8-27 450680]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1207020.003\symefa64.sys [2013-8-27 912504]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [2013-7-15 1393240]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20130830.001\IDSviA64.sys [2013-8-30 520280]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1207020.003\ironx64.sys [2013-8-27 171128]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1207020.003\symnets.sys [2013-8-27 386168]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-5-23 143120]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-9-21 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-9-21 204288]
R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]
R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-17 682040]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-2-28 92216]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-9-21 13336]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe [2013-8-27 130008]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-6-18 139616]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-9-21 2656280]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-8-26 140376]
R3 hpCMSrv;HP Connection Manager 4.0 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-2-15 1071160]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-9-21 317440]
R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2011-8-9 12289472]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-7-18 366600]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-12-10 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-12-10 181248]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-9-21 333928]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-9-21 428136]
R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2011-2-16 42392]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2011/09/21 02:53:16;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-1-25 241648]
S2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-2-18 265544]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-7-25 162672]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-2 183560]
S3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2011-1-24 58128]
S3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2011-1-24 274944]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2011-1-24 59904]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-2-4 340240]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-8-29 19456]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-8-29 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-8-29 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-8-29 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-08-31 16:42:31    9515512    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{21956A8F-CFB7-4FCD-90E5-83D148FE994D}\mpengine.dll
2013-08-30 13:27:15    9515512    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-08-29 18:26:51    --------    d-----r-    C:\Program Files (x86)\Skype
2013-08-29 14:28:31    --------    d-----w-    C:\Program Files (x86)\MSXML 4.0
2013-08-29 13:57:37    --------    d-----w-    C:\Windows\SysWow64\Wat
2013-08-29 13:57:37    --------    d-----w-    C:\Windows\System32\Wat
2013-08-29 08:13:08    9728    ----a-w-    C:\Windows\System32\Wdfres.dll
2013-08-29 08:13:08    785512    ----a-w-    C:\Windows\System32\drivers\Wdf01000.sys
2013-08-29 08:13:08    54376    ----a-w-    C:\Windows\System32\drivers\WdfLdr.sys
2013-08-29 08:13:08    2560    ----a-w-    C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-08-29 08:02:23    --------    d-----w-    C:\Windows\System32\MRT
2013-08-29 07:55:10    46080    ----a-w-    C:\Windows\System32\atmlib.dll
2013-08-29 07:55:10    367616    ----a-w-    C:\Windows\System32\atmfd.dll
2013-08-29 07:55:10    34304    ----a-w-    C:\Windows\SysWow64\atmlib.dll
2013-08-29 07:55:09    295424    ----a-w-    C:\Windows\SysWow64\atmfd.dll
2013-08-29 07:54:16    87040    ----a-w-    C:\Windows\System32\drivers\WUDFPf.sys
2013-08-29 07:54:16    84992    ----a-w-    C:\Windows\System32\WUDFSvc.dll
2013-08-29 07:54:16    198656    ----a-w-    C:\Windows\System32\drivers\WUDFRd.sys
2013-08-29 07:54:16    194048    ----a-w-    C:\Windows\System32\WUDFPlatform.dll
2013-08-29 07:54:15    744448    ----a-w-    C:\Windows\System32\WUDFx.dll
2013-08-29 07:54:15    45056    ----a-w-    C:\Windows\System32\WUDFCoinstaller.dll
2013-08-29 07:54:15    229888    ----a-w-    C:\Windows\System32\WUDFHost.exe
2013-08-29 07:48:36    81408    ----a-w-    C:\Windows\System32\imagehlp.dll
2013-08-29 07:48:36    23408    ----a-w-    C:\Windows\System32\drivers\fs_rec.sys
2013-08-29 07:48:36    159232    ----a-w-    C:\Windows\SysWow64\imagehlp.dll
2013-08-29 07:48:35    5120    ----a-w-    C:\Windows\SysWow64\wmi.dll
2013-08-29 07:48:35    5120    ----a-w-    C:\Windows\System32\wmi.dll
2013-08-29 07:38:49    663552    ----a-w-    C:\Windows\SysWow64\rpcrt4.dll
2013-08-29 07:38:49    1217024    ----a-w-    C:\Windows\System32\rpcrt4.dll
2013-08-29 07:38:47    307200    ----a-w-    C:\Windows\System32\ncrypt.dll
2013-08-29 07:38:47    288768    ----a-w-    C:\Windows\System32\drivers\mrxsmb10.sys
2013-08-29 07:38:47    220160    ----a-w-    C:\Windows\SysWow64\ncrypt.dll
2013-08-29 07:38:47    158208    ----a-w-    C:\Windows\System32\drivers\mrxsmb.sys
2013-08-29 07:38:47    128000    ----a-w-    C:\Windows\System32\drivers\mrxsmb20.sys
2013-08-29 07:36:59    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2013-08-29 07:35:56    95600    ----a-w-    C:\Windows\System32\drivers\ksecdd.sys
2013-08-29 07:34:59    574464    ----a-w-    C:\Windows\System32\d3d10level9.dll
2013-08-29 07:33:44    5550424    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-08-29 07:32:59    903168    ----a-w-    C:\Windows\SysWow64\certutil.exe
2013-08-29 07:26:11    466944    ----a-w-    C:\Program Files\Common Files\System\ado\msadomd.dll
2013-08-29 07:25:58    861696    ----a-w-    C:\Windows\System32\oleaut32.dll
2013-08-29 07:25:58    571904    ----a-w-    C:\Windows\SysWow64\oleaut32.dll
2013-08-29 07:25:58    331776    ----a-w-    C:\Windows\System32\oleacc.dll
2013-08-29 07:25:58    233472    ----a-w-    C:\Windows\SysWow64\oleacc.dll
2013-08-29 07:25:57    90624    ----a-w-    C:\Windows\System32\drivers\bowser.sys
2013-08-29 07:22:10    67072    ----a-w-    C:\Windows\splwow64.exe
2013-08-29 07:22:10    559104    ----a-w-    C:\Windows\System32\spoolsv.exe
2013-08-29 07:20:56    77312    ----a-w-    C:\Windows\System32\packager.dll
2013-08-29 07:20:56    67072    ----a-w-    C:\Windows\SysWow64\packager.dll
2013-08-27 23:23:27    912504    ----a-w-    C:\Windows\System32\drivers\NISx64\1207020.003\symefa64.sys
2013-08-27 23:23:27    386168    ----a-w-    C:\Windows\System32\drivers\NISx64\1207020.003\symnets.sys
2013-08-27 23:23:26    744568    ----a-w-    C:\Windows\System32\drivers\NISx64\1207020.003\srtsp64.sys
2013-08-27 23:23:26    450680    ----a-w-    C:\Windows\System32\drivers\NISx64\1207020.003\symds64.sys
2013-08-27 23:23:26    40568    ----a-w-    C:\Windows\System32\drivers\NISx64\1207020.003\srtspx64.sys
2013-08-27 23:23:26    171128    ----a-w-    C:\Windows\System32\drivers\NISx64\1207020.003\ironx64.sys
2013-08-27 23:23:15    --------    d-----w-    C:\Windows\System32\drivers\NISx64\1207020.003
2013-08-27 07:41:59    941720    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{87EA9BD5-0911-48AA-8C9A-2CBEC004C680}\gapaengine.dll
2013-08-27 07:40:12    --------    d-----w-    C:\Program Files (x86)\Microsoft Security Client
2013-08-27 07:40:03    --------    d-----w-    C:\Program Files\Microsoft Security Client
2013-08-27 07:22:34    --------    d-----w-    C:\Users\TheCrimsonight\AppData\Roaming\SUPERAntiSpyware.com
2013-08-27 07:22:13    --------    d-----w-    C:\ProgramData\SUPERAntiSpyware.com
2013-08-27 07:22:13    --------    d-----w-    C:\Program Files\SUPERAntiSpyware
2013-08-27 07:14:59    8199504    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-08-27 07:14:56    9515512    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{16539C4B-0086-4990-9654-F15F9F350BA5}\mpengine.dll
2013-08-27 06:21:38    --------    d-----w-    C:\Users\TheCrimsonight\AppData\Local\CrashDumps
2013-08-27 05:31:58    --------    d-----w-    C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2013-08-27 05:04:02    --------    d-----w-    C:\Users\TheCrimsonight\AppData\Roaming\BitTorrent
2013-08-27 04:52:06    --------    d-----w-    C:\Users\TheCrimsonight\AppData\Roaming\DriverCure
2013-08-27 04:52:05    --------    d-----w-    C:\Users\TheCrimsonight\AppData\Roaming\ParetoLogic
2013-08-27 04:25:40    --------    d-----w-    C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-08-27 04:25:38    --------    d-----w-    C:\Program Files (x86)\Common Files\Wise Installation Wizard
2013-08-27 04:11:05    274432    ----a-w-    C:\Windows\SysWow64\ssleay32.dll
2013-08-27 04:11:04    81920    ----a-w-    C:\Windows\eSellerateControl350.dll
2013-08-27 04:11:04    356352    ----a-w-    C:\Windows\eSellerateEngine.dll
2013-08-27 04:11:04    1122304    ----a-w-    C:\Windows\SysWow64\libeay32.dll
2013-08-27 04:10:28    --------    d-----w-    C:\Users\TheCrimsonight\AppData\Local\Programs
2013-08-27 00:59:18    --------    d-----w-    C:\Users\TheCrimsonight\AppData\Local\Macromedia
2013-08-27 00:58:43    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-27 00:58:43    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-08-26 18:35:04    --------    d-----w-    C:\Program Files (x86)\Common Files\Symantec Shared
2013-08-26 13:23:38    --------    d-----w-    C:\Program Files (x86)\Microsoft Analysis Services
2013-08-26 13:23:34    --------    d-----w-    C:\Windows\SHELLNEW
2013-08-26 13:23:08    --------    d-----w-    C:\Users\TheCrimsonight\AppData\Local\Microsoft Help
2013-08-26 13:16:14    --------    d-----w-    C:\ProgramData\Synaptics
2013-08-26 12:57:52    --------    d-----w-    C:\Users\TheCrimsonight\AppData\Local\ATI
2013-08-26 12:56:53    --------    d-----w-    C:\Users\TheCrimsonight\AppData\Roaming\Intel Corporation
2013-08-26 12:56:49    --------    d-----w-    C:\Users\TheCrimsonight\AppData\Roaming\hpqLog
2013-08-26 12:56:47    --------    d-----w-    C:\Users\TheCrimsonight\AppData\Roaming\Synaptics
2013-08-26 12:55:58    --------    d-----w-    C:\Users\TheCrimsonight\AppData\Local\RemEngine
2013-08-26 12:55:01    826880    ----a-w-    C:\Windows\SysWow64\rdpcore.dll
2013-08-26 12:55:01    23552    ----a-w-    C:\Windows\System32\drivers\tdtcp.sys
2013-08-26 12:55:01    1031680    ----a-w-    C:\Windows\System32\rdpcore.dll
2013-08-26 12:53:26    --------    d-----w-    C:\Users\TheCrimsonight\AppData\Local\Hewlett-Packard
2013-08-26 12:53:08    --------    d-----w-    C:\Users\TheCrimsonight\AppData\Local\Hewlett-Packard_Company
.
==================== Find3M  ====================
.
2013-08-26 13:09:27    174200    ----a-w-    C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2013-07-25 09:25:54    1888768    ----a-w-    C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27    1620992    ----a-w-    C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-25 03:37:25    2312704    ----a-w-    C:\Windows\System32\jscript9.dll
2013-07-25 03:30:49    1392128    ----a-w-    C:\Windows\System32\wininet.dll
2013-07-25 03:29:41    1494528    ----a-w-    C:\Windows\System32\inetcpl.cpl
2013-07-25 03:28:46    173056    ----a-w-    C:\Windows\System32\ieUnatt.exe
2013-07-25 03:28:31    599040    ----a-w-    C:\Windows\System32\vbscript.dll
2013-07-25 03:27:20    2382848    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-07-25 02:32:35    1800704    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-07-25 02:26:10    1129472    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-07-25 02:25:30    1427968    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2013-07-25 02:23:59    142848    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2013-07-25 02:23:58    420864    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2013-07-25 02:22:35    2382848    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-07-19 01:58:42    2048    ----a-w-    C:\Windows\System32\tzres.dll
2013-07-19 01:41:01    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2013-07-09 05:52:52    224256    ----a-w-    C:\Windows\System32\wintrust.dll
2013-07-09 05:46:20    184320    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-07-09 05:46:20    1472512    ----a-w-    C:\Windows\System32\crypt32.dll
2013-07-09 05:46:20    139776    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-07-09 04:52:10    175104    ----a-w-    C:\Windows\SysWow64\wintrust.dll
2013-07-09 04:46:31    140288    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31    1166848    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-07-09 04:46:31    103936    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-07-06 06:03:53    1910208    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-06-19 01:50:08    247216    ----a-w-    C:\Windows\System32\drivers\MpFilter.sys
2013-06-19 01:50:08    139616    ----a-w-    C:\Windows\System32\drivers\NisDrvWFP.sys
2013-06-15 04:32:16    39936    ----a-w-    C:\Windows\System32\drivers\tssecsrv.sys
2013-06-05 03:34:27    3153920    ----a-w-    C:\Windows\System32\win32k.sys
2013-06-04 06:00:13    624128    ----a-w-    C:\Windows\System32\qedit.dll
2013-06-04 04:53:07    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
.
============= FINISH: 13:15:34.93 ===============
 



#5 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:03:37 PM

Posted 06 September 2013 - 07:10 PM

Hello Crimsonight, and  :welcome: to the Virus/Trojan/Spyware/Malware Removal forum.

I am oneof4, and I am here to help you!

  • I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received and do not proceed if you need clarification.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.
  • At the top right-center  of the topic you will see a button called Watch Topic. If you click on this, another page will open. Please choose Immediate Notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  • If after 5 days you have not replied to this topic, I will assume it has been abandoned, and I will close it.
  • I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. :heart: Please be courteous and appreciative for the assistance provided!
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

==========


I have done some digging where your issue is concerned, and I do not think it is malware related.  With the number of scans they had you run over at the MBAM forum, if you had malware, it should definitely be gone! :wink:  Your problem has occurred with other users, and it seems that a faulty keyboard could be the problem.  Give this a try:

 

  • Click on the Start Orb > Right-Click on Computer > Choose Properties > Choose Device Manager in the upper left corner > Click the + sign beside "Keyboard" > Right-click on your keyboard device and choose Uninstall
  • Reboot the computer

Did this help?

 

==========

 

Something else I noticed that can cause you issues:

 

I do not recommend that you have more than one anti-virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti-virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Norton Internet Security or Microsoft Security Essentials.


Edited by oneof4, 06 September 2013 - 07:15 PM.

Best Regards,
oneof4.


#6 Crimsonight

Crimsonight
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:37 PM

Posted 06 September 2013 - 07:50 PM

Once I do this, how will I continue to communicate? I'm on a laptop. Will the keyboard software be reinstalled?



#7 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:03:37 PM

Posted 06 September 2013 - 08:31 PM

Yes, when you reboot, the keyboard drivers should automatically re-install.


Best Regards,
oneof4.


#8 Crimsonight

Crimsonight
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:37 PM

Posted 06 September 2013 - 08:40 PM

The uninstall didn't work. I check with netflix. When I went to watch a show, it refreshes the screen several times to the homepage. On occasion when I close the window while its refreshing, new windows will open.



#9 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:03:37 PM

Posted 07 September 2013 - 08:30 AM

Try bypassing your router, and plug directly into your modem for internet access.


Best Regards,
oneof4.


#10 Crimsonight

Crimsonight
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:37 PM

Posted 07 September 2013 - 11:50 PM

Will that be a permanent solution? my modem is in my kitchen on a self on the wall so having to be hardwired wouldnt be a viable solution. I'm sorry if Im asking a lot of question. I just like to know why Im doing something and what I should be expecting to happen exactly.



#11 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:03:37 PM

Posted 08 September 2013 - 07:32 AM

Just trying to determine if your router has possibly been hacked. Bypassing it will determine that.


Best Regards,
oneof4.


#12 Crimsonight

Crimsonight
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:37 PM

Posted 09 September 2013 - 11:21 PM

I'm still here, I just havent gotten around to buying the necessary cord.



#13 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:03:37 PM

Posted 10 September 2013 - 06:04 AM

:thumbup2:


Best Regards,
oneof4.


#14 Crimsonight

Crimsonight
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:37 PM

Posted 11 September 2013 - 08:25 PM

Did a direct link and the problem still happens.

I tried to play an MMO and the browser kept opening until firefox crashed and then it continued to attempt to open lagging out EVERYTHING and making it impossible to play.



#15 Crimsonight

Crimsonight
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:37 PM

Posted 11 September 2013 - 08:35 PM

I installed Chrome and set it as my default. Without any prompting, it began to open multiple windows. It acts worst that firefox.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users