Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Worried About Trojan / RAT / Webcam


  • This topic is locked This topic is locked
20 replies to this topic

#1 iswearimnotparanoid

iswearimnotparanoid

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:54 PM

Posted 25 September 2013 - 02:04 AM

Hi, I am quite concerned that a person whom I know has a raft of computer / networking talents might be prying into my computer somehow...

 

I confronted them about it & took a look at their computer - I located several suspicious programs on their computer such as 'Go To My PC', 'IP Cam', & various others, along with Google searches on duplicating PCs, sharing resources, etc. which clearly indicate they're up to no good.

 

I haven't been able to locate anything as such on my own computer - However things just don't seem right, and they seem to have knowledge of certain things which could only have come from my computer?

 

Here is my DDS log:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16686  BrowserJavaVersion: 10.40.2
Run by Rushnlabs at 16:13:24 on 2013-09-25
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.61.1033.18.7659.5063 [GMT 10:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\BtwRSupportService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\mmc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com.au/
mWinlogon: Userinit = userinit.exe
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ips\ipsbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [DLSService] "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CINEFO~1.LNK - C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_40-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0040-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_40-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_40-windows-i586.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{F0020F86-3882-4FED-9CFB-3F9DE4DDBB6A} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{F0020F86-3882-4FED-9CFB-3F9DE4DDBB6A}\24967605F6E646147313346313 : DHCPNameServer = 10.0.0.138
TCP: Interfaces\{F0020F86-3882-4FED-9CFB-3F9DE4DDBB6A}\777777E237472756564726F616274696E676E2F62776 : DHCPNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - 
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-3-5 78976]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-3-5 38528]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1207020.003\symds64.sys [2013-9-16 450680]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1207020.003\symefa64.sys [2013-9-16 912504]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20130903.002\BHDrvx64.sys [2013-9-3 1525336]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20130923.001\IDSviA64.sys [2013-9-24 520280]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1207020.003\ironx64.sys [2013-9-16 171128]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1207020.003\symnets.sys [2013-9-16 386168]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-7-21 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-4-2 204288]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-4-2 365568]
R2 BcmBtRSupport;Bluetooth Driver Management Service;C:\Windows\System32\BtwRSupportService.exe [2013-8-9 2252504]
R2 DymoPnpService;DYMO PnP Service;C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [2013-3-5 33072]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-2-18 265544]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-7-11 26680]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-7-21 2375168]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-9-16 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-9-16 701512]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe [2013-9-16 130008]
R3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\System32\drivers\amdhub30.sys [2011-3-18 87168]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-7-21 46136]
R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\amdxhc.sys [2011-3-18 188544]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-11-18 115216]
R3 bcbtums;Bluetooth USB LD Filter;C:\Windows\System32\drivers\bcbtums.sys [2013-8-9 170712]
R3 btwampfl;btwampfl;C:\Windows\System32\drivers\btwampfl.sys [2013-8-9 166104]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-7-21 39464]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-29 31088]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-9-14 140376]
R3 hpCMSrv;HP Connection Manager 4 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-5-23 1098296]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-9-16 25928]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-7-21 337512]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-7-21 47232]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2011/07/20 21:18:45;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-1-26 241648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-19 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-19 138576]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-9-14 19456]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-14 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-14 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-14 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-9-14 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-9-14 30208]
S3 TTM57SLUsb;TTM 57SL USB driver;C:\Windows\System32\drivers\TTM57SLUsb.sys [2013-9-22 49144]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-9-14 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2013-09-22 01:36:42 49144 ----a-w- C:\Windows\System32\drivers\TTM57SLUsb.sys
2013-09-19 05:42:50 -------- d-----w- C:\Users\Rushnlabs\AppData\Local\GoPro
2013-09-19 05:29:21 -------- d-----w- C:\Users\Rushnlabs\AppData\Roaming\GoPro
2013-09-19 05:29:00 -------- d-----w- C:\Program Files (x86)\CineForm
2013-09-19 05:28:06 -------- d-----w- C:\Program Files (x86)\GoPro
2013-09-19 03:49:51 -------- d-----w- C:\Program Files (x86)\ESET
2013-09-19 01:42:24 -------- d-----w- C:\ProgramData\Oracle
2013-09-19 01:41:28 868264 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-09-19 01:41:15 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-09-18 23:50:37 -------- d-----w- C:\Users\Rushnlabs\AppData\Roaming\Ableton
2013-09-18 23:45:57 -------- d-----w- C:\Program Files\Common Files\Propellerhead Software
2013-09-18 23:44:10 -------- d-----w- C:\Users\Rushnlabs\AppData\Roaming\uTorrent
2013-09-18 23:43:36 -------- d-----w- C:\ProgramData\Ableton
2013-09-18 03:06:25 -------- d-----w- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2013-09-18 02:37:24 -------- d-----w- C:\Users\Rushnlabs\AppData\Local\Apple Computer
2013-09-18 01:54:54 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2013-09-18 01:54:54 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2013-09-18 01:54:54 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2013-09-18 01:54:54 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2013-09-18 01:54:54 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2013-09-18 01:49:44 -------- d-----w- C:\Users\Rushnlabs\AppData\Local\Apple
2013-09-18 01:48:45 53248 ----a-r- C:\Users\Rushnlabs\AppData\Roaming\Microsoft\Installer\{B2BE8E3F-17E8-4784-A1FC-510575EE0223}\ARPPRODUCTICON.exe
2013-09-18 01:48:41 -------- d-----w- C:\Program Files (x86)\Common Files\Serato
2013-09-18 01:28:07 -------- d-----w- C:\temp
2013-09-18 01:27:38 122880 ----a-r- C:\Users\Rushnlabs\AppData\Roaming\Microsoft\Installer\{EA21EB55-073F-4CF5-A964-0412E755955A}\NewShortcut7_B56E5B51EA954C948003CC703E2AFAD5.exe
2013-09-18 01:27:38 122880 ----a-r- C:\Users\Rushnlabs\AppData\Roaming\Microsoft\Installer\{EA21EB55-073F-4CF5-A964-0412E755955A}\NewShortcut1_9046FC1E1C604E8F87F08E640274C274.exe
2013-09-18 01:27:36 -------- d-----w- C:\Program Files (x86)\Serato
2013-09-18 01:27:14 -------- d-----w- C:\Windows\Downloaded Installations
2013-09-17 03:55:45 -------- d-----w- C:\Users\Rushnlabs\AppData\Local\Sanford,_L.P
2013-09-17 03:43:06 -------- d-----w- C:\Users\Rushnlabs\AppData\Local\DYMO
2013-09-17 03:42:53 -------- d-----w- C:\Users\Rushnlabs\AppData\Local\assembly
2013-09-17 03:20:07 -------- d-----w- C:\Program Files (x86)\DYMO
2013-09-17 03:20:01 -------- d-----w- C:\ProgramData\DYMO
2013-09-17 03:08:04 -------- d-----w- C:\Program Files\DYMO LabelWriter Drivers
2013-09-17 02:09:46 -------- d-----w- C:\Users\Rushnlabs\AppData\Local\Adobe
2013-09-16 04:36:11 -------- d-----w- C:\Windows\PCHEALTH
2013-09-16 02:41:58 -------- d-----w- C:\Program Files (x86)\Common Files\Telespree
2013-09-16 02:41:38 -------- d-----w- C:\Users\Rushnlabs\AppData\Local\Hewlett-Packard_Developme
2013-09-16 02:01:17 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2013-09-16 01:55:26 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2013-09-16 01:32:40 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-09-16 01:21:03 -------- d-----w- C:\Users\Rushnlabs\AppData\Roaming\Malwarebytes
2013-09-16 01:20:48 -------- d-----w- C:\ProgramData\Malwarebytes
2013-09-16 01:20:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-09-16 01:20:46 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-16 01:16:21 -------- d-----w- C:\Users\Rushnlabs\AppData\Local\Programs
2013-09-15 23:52:19 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2013-09-15 23:50:49 -------- d-----w- C:\Windows\SHELLNEW
2013-09-15 23:49:07 -------- d-----w- C:\Users\Rushnlabs\AppData\Local\Microsoft Help
2013-09-15 23:37:30 -------- d-----w- C:\Users\Rushnlabs\AppData\Local\Google
2013-09-15 23:36:54 912504 ----a-w- C:\Windows\System32\drivers\NISx64\1207020.003\symefa64.sys
2013-09-15 23:36:54 744568 ----a-w- C:\Windows\System32\drivers\NISx64\1207020.003\srtsp64.sys
2013-09-15 23:36:54 450680 ----a-w- C:\Windows\System32\drivers\NISx64\1207020.003\symds64.sys
2013-09-15 23:36:54 40568 ----a-w- C:\Windows\System32\drivers\NISx64\1207020.003\srtspx64.sys
2013-09-15 23:36:54 386168 ----a-w- C:\Windows\System32\drivers\NISx64\1207020.003\symnets.sys
2013-09-15 23:36:53 171128 ----a-w- C:\Windows\System32\drivers\NISx64\1207020.003\ironx64.sys
2013-09-15 23:36:43 -------- d-----w- C:\Windows\System32\drivers\NISx64\1207020.003
2013-09-15 23:36:01 -------- d-----w- C:\Users\Rushnlabs\AppData\Local\Apps
2013-09-15 23:36:00 -------- d-----w- C:\Users\Rushnlabs\AppData\Local\Deployment
2013-09-15 06:21:44 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2013-09-15 06:21:44 366592 ----a-w- C:\Windows\System32\qdvd.dll
2013-09-15 06:12:40 43640 ----a-r- C:\Windows\System32\drivers\SymIMV.sys
2013-09-14 21:14:05 163504 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin
2013-09-14 10:07:40 -------- d-----w- C:\Users\Rushnlabs\AppData\Local\HP
2013-09-14 10:07:35 -------- d-----w- C:\Users\Rushnlabs\AppData\Local\AuthenTec
2013-09-14 09:38:09 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2013-09-14 09:38:09 1882624 ----a-w- C:\Windows\System32\msxml3.dll
2013-09-14 09:38:09 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2013-09-14 09:38:08 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2013-09-14 09:38:08 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2013-09-14 09:38:08 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2013-09-14 09:38:06 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2013-09-14 09:38:06 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2013-09-14 09:38:06 209920 ----a-w- C:\Windows\System32\profsvc.dll
2013-09-14 09:38:06 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll
2013-09-14 09:36:53 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-09-14 09:35:53 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2013-09-14 09:35:53 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2013-09-14 09:35:53 331776 ----a-w- C:\Windows\System32\oleacc.dll
2013-09-14 09:35:53 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2013-09-14 09:35:52 68608 ----a-w- C:\Windows\System32\taskhost.exe
2013-09-14 09:35:26 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-09-14 09:35:26 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-09-14 09:35:03 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2013-09-14 09:35:03 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2013-09-14 09:35:01 503808 ----a-w- C:\Windows\System32\srcore.dll
2013-09-14 09:35:01 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2013-09-14 09:33:54 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2013-09-14 09:33:54 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2013-09-14 09:33:53 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2013-09-14 09:33:53 31232 ----a-w- C:\Windows\System32\prevhost.exe
2013-09-14 09:30:14 67072 ----a-w- C:\Windows\splwow64.exe
2013-09-14 09:30:14 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2013-09-14 09:24:51 -------- d-----w- C:\ProgramData\Synaptics
2013-09-14 09:18:59 -------- d-----w- C:\Windows\SysWow64\Wat
2013-09-14 09:18:59 -------- d-----w- C:\Windows\System32\Wat
2013-09-14 08:50:55 -------- d-----w- C:\Windows\System32\MRT
2013-09-14 08:43:07 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2013-09-14 08:43:07 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2013-09-14 08:43:07 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2013-09-14 08:43:07 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-09-14 08:24:39 46080 ----a-w- C:\Windows\System32\atmlib.dll
2013-09-14 08:24:39 367616 ----a-w- C:\Windows\System32\atmfd.dll
2013-09-14 08:24:39 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2013-09-14 08:24:39 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2013-09-14 08:23:49 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2013-09-14 08:23:49 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2013-09-14 08:23:49 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2013-09-14 08:23:49 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2013-09-14 08:23:48 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2013-09-14 08:23:48 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2013-09-14 08:23:48 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2013-09-14 08:07:05 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-09-14 08:07:05 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2013-09-14 08:07:05 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-09-14 08:07:04 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2013-09-14 08:07:04 5120 ----a-w- C:\Windows\System32\wmi.dll
2013-09-14 07:55:18 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2013-09-14 07:53:57 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-09-14 07:51:28 230400 ----a-w- C:\Windows\System32\wwansvc.dll
2013-09-14 07:51:27 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
2013-09-14 07:51:07 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-09-14 07:51:07 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-09-14 07:50:20 715776 ----a-w- C:\Windows\System32\kerberos.dll
2013-09-14 07:50:20 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2013-09-14 07:49:45 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-09-14 07:49:45 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-09-14 07:49:45 144384 ----a-w- C:\Windows\System32\cdd.dll
2013-09-14 07:46:25 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-09-14 07:45:33 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2013-09-14 07:45:33 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2013-09-14 07:45:33 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2013-09-14 07:45:33 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2013-09-14 07:45:02 605552 ----a-w- C:\Windows\System32\winload.exe
2013-09-14 07:45:02 566208 ----a-w- C:\Windows\System32\winresume.efi
2013-09-14 07:45:01 642944 ----a-w- C:\Windows\System32\winload.efi
2013-09-14 07:45:01 518672 ----a-w- C:\Windows\System32\winresume.exe
2013-09-14 07:45:01 20352 ----a-w- C:\Windows\System32\kdusb.dll
2013-09-14 07:45:01 19328 ----a-w- C:\Windows\System32\kd1394.dll
2013-09-14 07:45:01 17792 ----a-w- C:\Windows\System32\kdcom.dll
2013-09-14 07:44:51 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-09-14 07:44:50 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-09-14 07:44:49 95744 ----a-w- C:\Windows\System32\synceng.dll
2013-09-14 07:44:49 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2013-09-14 07:41:55 3155456 ----a-w- C:\Windows\System32\win32k.sys
2013-09-14 07:40:03 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-09-14 07:40:02 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2013-09-14 07:40:02 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-09-14 07:39:39 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-09-14 07:39:39 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-09-14 07:39:31 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2013-09-14 07:38:26 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-09-14 07:38:26 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-09-14 07:38:25 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2013-09-14 07:38:23 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2013-09-14 07:38:23 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
2013-09-14 07:38:23 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2013-09-14 07:36:54 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-09-14 07:36:54 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-09-14 07:36:54 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-09-14 07:36:54 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-09-14 07:35:41 2871808 ----a-w- C:\Windows\explorer.exe
2013-09-14 07:35:41 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe
2013-09-14 07:35:38 3216384 ----a-w- C:\Windows\System32\msi.dll
2013-09-14 07:35:37 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2013-09-14 07:34:26 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-09-14 07:34:26 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-09-14 07:29:49 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-09-14 07:29:49 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-09-14 07:29:12 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2013-09-14 07:28:54 77312 ----a-w- C:\Windows\System32\packager.dll
2013-09-14 07:28:54 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2013-09-14 07:16:00 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2013-09-14 06:42:35 -------- d-----w- C:\Users\Rushnlabs\AppData\Local\Diagnostics
2013-09-14 06:39:32 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2013-09-14 06:39:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2013-09-14 06:39:32 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2013-09-14 06:34:23 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2013-09-14 06:34:12 99840 ----a-w- C:\Windows\System32\wudriver.dll
2013-09-14 06:33:58 36864 ----a-w- C:\Windows\System32\wuapp.exe
2013-09-14 06:33:58 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2013-09-14 06:33:14 -------- d-----w- C:\Users\Rushnlabs\AppData\Local\AMD
2013-09-14 06:33:05 -------- d-----w- C:\Users\Rushnlabs\AppData\Local\ATI
2013-09-14 06:32:19 -------- d-----w- C:\Users\Rushnlabs\AppData\Local\Broadcom
2013-09-14 06:32:05 -------- d-----w- C:\Users\Rushnlabs\AppData\Roaming\Synaptics
2013-09-14 06:32:04 -------- d-----w- C:\Users\Rushnlabs\AppData\Roaming\hpqLog
2013-09-14 06:31:02 -------- d-----w- C:\Users\Rushnlabs\AppData\Local\RemEngine
2013-09-14 06:27:37 -------- d-----w- C:\Users\Rushnlabs\AppData\Local\Hewlett-Packard
2013-09-14 06:27:23 -------- d-----w- C:\Users\Rushnlabs\AppData\Local\Hewlett-Packard_Company
2013-09-14 06:26:24 -------- d-----w- C:\Users\Rushnlabs\AppData\Local\VirtualStore
2013-09-05 20:06:12 1443328 ----a-w- C:\Windows\System32\CFHD.dll
2013-09-05 20:03:20 1474560 ----a-w- C:\Windows\SysWow64\CFHD.dll
.
==================== Find3M  ====================
.
2013-09-19 01:41:03 790440 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-09-14 07:11:42 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2013-08-16 04:35:22 1060864 ----a-w- C:\Windows\SysWow64\MFC71.dll
2013-08-16 04:35:16 2838200 ----a-w- C:\Windows\System32\libmmd.dll
2013-08-16 04:35:14 633008 ----a-w- C:\Windows\SysWow64\ippjw7-6.1.dll
2013-08-16 04:35:14 534712 ----a-w- C:\Windows\SysWow64\libiomp5md.dll
2013-08-16 04:35:14 529080 ----a-w- C:\Windows\System32\libiomp5md.dll
2013-08-16 04:35:14 509624 ----a-w- C:\Windows\System32\libguide40.dll
2013-08-16 04:35:14 473272 ----a-w- C:\Windows\SysWow64\libguide40.dll
2013-08-16 04:35:14 3586232 ----a-w- C:\Windows\SysWow64\libmmd.dll
2013-08-16 04:35:14 239792 ----a-w- C:\Windows\SysWow64\ipps-6.1.dll
2013-08-16 04:35:14 129200 ----a-w- C:\Windows\SysWow64\ippvc-6.1.dll
2013-08-16 04:35:14 129200 ----a-w- C:\Windows\SysWow64\ippcore-6.1.dll
2013-08-16 04:35:14 104624 ----a-w- C:\Windows\SysWow64\ippj-6.1.dll
2013-08-09 10:02:14 66264 ----a-w- C:\Windows\System32\btwdi.dll
2013-08-09 10:02:14 2232024 ----a-w- C:\Windows\System32\BcmBtRSupport.dll
2013-08-09 10:02:14 170712 ----a-w- C:\Windows\System32\drivers\bcbtums.sys
2013-08-09 10:02:14 166104 ----a-w- C:\Windows\System32\drivers\btwampfl.sys
2013-08-09 10:02:12 2252504 ----a-w- C:\Windows\System32\BtwRSupportService.exe
2013-08-02 02:15:44 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-02 02:15:03 362496 ----a-w- C:\Windows\System32\wow64win.dll
2013-08-02 02:15:03 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-02 02:15:03 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-08-02 02:14:11 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-08-02 01:59:30 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-02 01:59:30 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-02 01:51:23 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-02 01:50:42 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe
2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe
2013-08-02 00:45:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-02 00:45:36 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-02 00:45:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-02 00:45:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll
2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
.
============= FINISH: 16:14:09.65 ===============
 

 



BC AdBot (Login to Remove)

 


#2 iswearimnotparanoid

iswearimnotparanoid
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:54 PM

Posted 25 September 2013 - 02:09 AM

I had run 'RogeKiller' prior to the above log (and reading the instructions on this forum), which detected 2 Registry Entries & deleted them. Here's a copy of that log just in case it's relevant.

 

RogueKiller V8.6.12 [Sep 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Rushnlabs [Admin rights]
Mode : Remove -- Date : 09/25/2013 15:47:19
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - Hitachi HTS547575A9E384 SATA Disk Device +++++
--- User ---
[MBR] c9ed977436e605b933ff3dc05328406a
[BSP] 253fe50e54e3ba0b85cc9e08294834e4 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 700547 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1435129856 | Size: 14554 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1464936448 | Size: 102 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 6d9de099117179b5ae316c0decf29117
[BSP] 253fe50e54e3ba0b85cc9e08294834e4 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 77824 Mo
1 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 159793152 | Size: 400 Mo
 
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) (Standard disk drives) - WD My Passport 0740 USB Device +++++
--- User ---
[MBR] 0edf6d74277cbf53326024140954c17f
[BSP] fdbfd5c3900bba49e56c79efbc312c7f : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476907 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
 
Finished : << RKreport[0]_D_09252013_154719.txt >>
RKreport[0]_S_09252013_151956.txt


#3 iswearimnotparanoid

iswearimnotparanoid
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:54 PM

Posted 25 September 2013 - 02:18 AM

Malware Bytes Log:

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.09.24.05
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
Rushnlabs :: DDAY [administrator]
 
Protection: Enabled
 
25/09/2013 4:53:24 PM
mbam-log-2013-09-25 (16-53-24).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 198874
Time elapsed: 5 minute(s), 6 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)


#4 iswearimnotparanoid

iswearimnotparanoid
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:54 PM

Posted 28 September 2013 - 06:09 PM

OK, I am pretty certain somethings up. I took a look in my Registry and found this suspicious item:

 

 

Attached Files



#5 iswearimnotparanoid

iswearimnotparanoid
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:54 PM

Posted 28 September 2013 - 10:24 PM

Please? Someone reply?

Here's my 'Hijack This' log:
 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 9:21:39 AM, on 29/09/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16686)
 
 
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Users\Rushnlabs\Downloads\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/14
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: TSBHO Class - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: CineForm Status.lnk = C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Bluetooth Driver Management Service (BcmBtRSupport) - Unknown owner - C:\Windows\system32\BtwRSupportService.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: CyberLink Product - 2011/07/20 21:18:45 (CLKMSVC10_38F51D56) - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
O23 - Service: DYMO PnP Service (DymoPnpService) - Sanford, L.P. - C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: TrueSuiteService (FPLService) - HP - C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Connection Manager 4 Service (hpCMSrv) - Hewlett-Packard Development Company L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 12255 bytes


#6 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:54 AM

Posted 30 September 2013 - 02:05 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/508904 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#7 iswearimnotparanoid

iswearimnotparanoid
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:54 PM

Posted 30 September 2013 - 09:38 AM

Yes I still need help!

 

I am concerned that somehow my computer is allowing some form of Remote Desktop / Hidden Connection / RAT Services.

 

My **gut** instinct is perhaps some modified version of TeamViewer which has been embedded in system processes so that it is undetectable by me. The person whom I suspected of doing this denied everything & said they don't use any of that sort of software, however when he/she showed me their pc I located several programs such as Gotomypc, IPCam, TeamViewer and other remote services. I copied his teamviewer log (a program he said he never uses) & emailed it to myself and it shows many remote connections, webcam recordings, etc. I just couldn't find anything to "identify" it as being my pc.

 

The laptop has been running extremely hot, and things just don't seem right. Weird behaviours with my network connections, file permissions & users, etc.

 

When I try to "stop" currently running processes I get "access denied" and things just don't seem right.

 

I do not have a Windows 7 disc as it came pre-loaded on the laptop.

 

I've been messing around with av programs & trying to fix this the last few days as I didn't thing anyone on this forum would reply - So hopefully i haven't done much damage :S I'm one step away from buying a new pc.



#8 iswearimnotparanoid

iswearimnotparanoid
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:54 PM

Posted 30 September 2013 - 09:49 AM

Here is the new DDS Log.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16686  BrowserJavaVersion: 10.40.2
Run by Rushnlabs at 0:41:02 on 2013-10-01
#Option Extended Search is enabled.
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.61.1033.18.7659.5803 [GMT 10:00]
.
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\BtwRSupportService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ips\ipsbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{F0020F86-3882-4FED-9CFB-3F9DE4DDBB6A} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{F0020F86-3882-4FED-9CFB-3F9DE4DDBB6A}\24967605F6E646147313346313 : DHCPNameServer = 10.0.0.138
TCP: Interfaces\{F0020F86-3882-4FED-9CFB-3F9DE4DDBB6A}\777777E237472756564726F616274696E676E2F62776 : DHCPNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: AutorunsDisabled - <orphaned>
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-3-5 78976]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-3-5 38528]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1207020.003\symds64.sys [2013-9-16 450680]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1207020.003\symefa64.sys [2013-9-16 912504]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20130924.001\BHDrvx64.sys [2013-9-24 1525848]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20130927.001\IDSviA64.sys [2013-9-28 520280]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1207020.003\ironx64.sys [2013-9-16 171128]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1207020.003\symnets.sys [2013-9-16 386168]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-7-21 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-4-2 204288]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-4-2 365568]
R2 BcmBtRSupport;Bluetooth Driver Management Service;C:\Windows\System32\BtwRSupportService.exe [2013-8-9 2252504]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-2-18 265544]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-7-11 26680]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-7-21 2375168]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe [2013-9-16 130008]
R3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\System32\drivers\amdhub30.sys [2011-3-18 87168]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-7-21 46136]
R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\amdxhc.sys [2011-3-18 188544]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-11-18 115216]
R3 bcbtums;Bluetooth USB LD Filter;C:\Windows\System32\drivers\bcbtums.sys [2013-8-9 170712]
R3 btwampfl;btwampfl;C:\Windows\System32\drivers\btwampfl.sys [2013-8-9 166104]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-7-21 39464]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-29 31088]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-9-14 140376]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-7-21 337512]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-7-21 47232]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2011/07/20 21:18:45;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-1-26 241648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-19 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-19 138576]
S3 hpCMSrv;HP Connection Manager 4 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-5-23 1098296]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-9-14 19456]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-14 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-14 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-14 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-9-14 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-9-14 30208]
S3 TTM57SLUsb;TTM 57SL USB driver;C:\Windows\System32\drivers\TTM57SLUsb.sys [2013-9-22 49144]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-9-14 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 60 ================
.
2013-09-30 01:53:37 -------- d-----w- C:\Users\Rushnlabs\AppData\Roaming\TuneUp Software
2013-09-30 01:53:17 -------- d-----w- C:\ProgramData\TuneUp Software
2013-09-30 01:53:15 -------- d-sh--w- C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2013-09-30 01:53:15 -------- d--h--w- C:\ProgramData\Common Files
2013-09-30 01:52:05 -------- d-----w- C:\Users\Rushnlabs\AppData\Roaming\OpenCandy
2013-09-30 01:27:35 -------- d-sh--w- C:\$RECYCLE.BIN
2013-09-30 01:14:25 -------- d-----w- C:\Users\Rushnlabs\AppData\Local\Diagnostics
2013-09-29 23:54:22 -------- d-----w- C:\Users\Rushnlabs\AppData\Local\ATI
2013-09-29 10:32:15 -------- d-----w- C:\Users\Rushnlabs\AppData\Roaming\SUPERAntiSpyware.com
2013-09-29 09:49:32 -------- d-----w- C:\Users\Rushnlabs\AppData\Local\ElevatedDiagnostics
2013-09-29 09:45:54 -------- d-----w- C:\Users\Rushnlabs\AppData\Local\temp
2013-09-29 09:19:20 -------- d-----w- C:\ProgramData\SecTaskMan
2013-09-29 04:13:32 98816 ----a-w- C:\Windows\sed.exe
2013-09-29 04:13:32 256000 ----a-w- C:\Windows\PEV.exe
2013-09-29 04:13:32 208896 ----a-w- C:\Windows\MBR.exe
2013-09-29 03:27:23 -------- d-----w- C:\Windows\pss
2013-09-28 15:00:47 368640 ----a-w- C:\Windows\SysWow64\ReWire.dll
2013-09-28 15:00:47 233472 ----a-w- C:\Windows\SysWow64\REX Shared Library.dll
2013-09-28 14:58:13 -------- d-----w- C:\Program Files (x86)\Ableton
2013-09-25 10:44:26 -------- d-----w- C:\Snort
2013-09-25 07:52:41 -------- d-----w- C:\Program Files\CCleaner
2013-09-22 01:36:42 49144 ----a-w- C:\Windows\System32\drivers\TTM57SLUsb.sys
2013-09-19 05:42:50 -------- d-----w- C:\Users\Rushnlabs\AppData\Local\GoPro
2013-09-19 05:29:21 -------- d-----w- C:\Users\Rushnlabs\AppData\Roaming\GoPro
2013-09-19 05:29:00 -------- d-----w- C:\Program Files (x86)\CineForm
2013-09-19 05:28:06 -------- d-----w- C:\Program Files (x86)\GoPro
2013-09-19 01:42:24 -------- d-----w- C:\ProgramData\Oracle
2013-09-19 01:41:28 868264 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-09-19 01:41:15 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-09-18 23:50:37 -------- d-----w- C:\Users\Rushnlabs\AppData\Roaming\Ableton
2013-09-18 23:45:57 -------- d-----w- C:\Program Files\Common Files\Propellerhead Software
2013-09-18 23:44:10 -------- d-----w- C:\Users\Rushnlabs\AppData\Roaming\uTorrent
2013-09-18 23:43:36 -------- d-----w- C:\ProgramData\Ableton
2013-09-18 03:06:25 -------- d-----w- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2013-09-18 02:37:24 -------- d-----w- C:\Users\Rushnlabs\AppData\Local\Apple Computer
2013-09-18 01:54:54 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2013-09-18 01:54:54 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2013-09-18 01:54:54 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2013-09-18 01:54:54 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2013-09-18 01:54:54 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2013-09-18 01:49:44 -------- d-----w- C:\Users\Rushnlabs\AppData\Local\Apple
2013-09-18 01:48:45 53248 ----a-r- C:\Users\Rushnlabs\AppData\Roaming\Microsoft\Installer\{B2BE8E3F-17E8-4784-A1FC-510575EE0223}\ARPPRODUCTICON.exe
2013-09-18 01:48:41 -------- d-----w- C:\Program Files (x86)\Common Files\Serato
2013-09-18 01:28:07 -------- d-----w- C:\temp
2013-09-18 01:27:38 122880 ----a-r- C:\Users\Rushnlabs\AppData\Roaming\Microsoft\Installer\{EA21EB55-073F-4CF5-A964-0412E755955A}\NewShortcut7_B56E5B51EA954C948003CC703E2AFAD5.exe
2013-09-18 01:27:38 122880 ----a-r- C:\Users\Rushnlabs\AppData\Roaming\Microsoft\Installer\{EA21EB55-073F-4CF5-A964-0412E755955A}\NewShortcut1_9046FC1E1C604E8F87F08E640274C274.exe
2013-09-18 01:27:36 -------- d-----w- C:\Program Files (x86)\Serato
2013-09-18 01:27:14 -------- d-----w- C:\Windows\Downloaded Installations
2013-09-17 03:55:45 -------- d-----w- C:\Users\Rushnlabs\AppData\Local\Sanford,_L.P
2013-09-17 03:43:06 -------- d-----w- C:\Users\Rushnlabs\AppData\Local\DYMO
2013-09-17 03:42:53 -------- d-----w- C:\Users\Rushnlabs\AppData\Local\assembly
2013-09-17 03:20:01 -------- d-----w- C:\ProgramData\DYMO
2013-09-17 03:08:04 -------- d-----w- C:\Program Files\DYMO LabelWriter Drivers
2013-09-17 02:09:46 -------- d-----w- C:\Users\Rushnlabs\AppData\Local\Adobe
2013-09-16 04:36:11 -------- d-----w- C:\Windows\PCHEALTH
2013-09-16 02:41:58 -------- d-----w- C:\Program Files (x86)\Common Files\Telespree
2013-09-16 02:41:38 -------- d-----w- C:\Users\Rushnlabs\AppData\Local\Hewlett-Packard_Developme
2013-09-16 02:01:17 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2013-09-16 01:55:26 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2013-09-16 01:32:40 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-09-16 01:21:03 -------- d-----w- C:\Users\Rushnlabs\AppData\Roaming\Malwarebytes
2013-09-16 01:20:48 -------- d-----w- C:\ProgramData\Malwarebytes
2013-09-16 01:20:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-09-16 01:20:46 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-16 01:16:21 -------- d-----w- C:\Users\Rushnlabs\AppData\Local\Programs
2013-09-15 23:52:19 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2013-09-15 23:50:49 -------- d-----w- C:\Windows\SHELLNEW
2013-09-15 23:49:07 -------- d-----w- C:\Users\Rushnlabs\AppData\Local\Microsoft Help
2013-09-15 23:37:30 -------- d-----w- C:\Users\Rushnlabs\AppData\Local\Google
2013-09-15 23:36:54 912504 ----a-w- C:\Windows\System32\drivers\NISx64\1207020.003\symefa64.sys
2013-09-15 23:36:54 744568 ----a-w- C:\Windows\System32\drivers\NISx64\1207020.003\srtsp64.sys
2013-09-15 23:36:54 450680 ----a-w- C:\Windows\System32\drivers\NISx64\1207020.003\symds64.sys
2013-09-15 23:36:54 40568 ----a-w- C:\Windows\System32\drivers\NISx64\1207020.003\srtspx64.sys
2013-09-15 23:36:54 386168 ----a-w- C:\Windows\System32\drivers\NISx64\1207020.003\symnets.sys
2013-09-15 23:36:53 171128 ----a-w- C:\Windows\System32\drivers\NISx64\1207020.003\ironx64.sys
2013-09-15 23:36:43 -------- d-----w- C:\Windows\System32\drivers\NISx64\1207020.003
2013-09-15 23:36:01 -------- d-----w- C:\Users\Rushnlabs\AppData\Local\Apps
2013-09-15 23:36:00 -------- d-----w- C:\Users\Rushnlabs\AppData\Local\Deployment
2013-09-15 06:21:44 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2013-09-15 06:21:44 366592 ----a-w- C:\Windows\System32\qdvd.dll
2013-09-15 06:12:40 43640 ----a-r- C:\Windows\System32\drivers\SymIMV.sys
2013-09-14 21:14:05 163504 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin
2013-09-14 10:07:40 -------- d-----w- C:\Users\Rushnlabs\AppData\Local\HP
2013-09-14 10:07:35 -------- d-----w- C:\Users\Rushnlabs\AppData\Local\AuthenTec
2013-09-14 09:38:09 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2013-09-14 09:38:09 1882624 ----a-w- C:\Windows\System32\msxml3.dll
2013-09-14 09:38:09 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2013-09-14 09:38:08 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2013-09-14 09:38:08 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2013-09-14 09:38:08 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2013-09-14 09:38:06 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2013-09-14 09:38:06 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2013-09-14 09:38:06 209920 ----a-w- C:\Windows\System32\profsvc.dll
2013-09-14 09:38:06 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll
2013-09-14 09:36:53 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-09-14 09:35:53 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2013-09-14 09:35:53 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2013-09-14 09:35:53 331776 ----a-w- C:\Windows\System32\oleacc.dll
2013-09-14 09:35:53 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2013-09-14 09:35:52 68608 ----a-w- C:\Windows\System32\taskhost.exe
2013-09-14 09:35:26 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-09-14 09:35:26 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-09-14 09:35:03 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2013-09-14 09:35:03 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2013-09-14 09:35:01 503808 ----a-w- C:\Windows\System32\srcore.dll
2013-09-14 09:35:01 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2013-09-14 09:33:54 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2013-09-14 09:33:54 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2013-09-14 09:33:53 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2013-09-14 09:33:53 31232 ----a-w- C:\Windows\System32\prevhost.exe
2013-09-14 09:30:14 67072 ----a-w- C:\Windows\splwow64.exe
2013-09-14 09:30:14 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2013-09-14 09:24:51 -------- d-----w- C:\ProgramData\Synaptics
2013-09-14 09:18:59 -------- d-----w- C:\Windows\SysWow64\Wat
2013-09-14 09:18:59 -------- d-----w- C:\Windows\System32\Wat
2013-09-14 08:50:55 -------- d-----w- C:\Windows\System32\MRT
2013-09-14 08:43:07 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2013-09-14 08:43:07 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2013-09-14 08:43:07 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2013-09-14 08:43:07 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-09-14 08:24:39 46080 ----a-w- C:\Windows\System32\atmlib.dll
2013-09-14 08:24:39 367616 ----a-w- C:\Windows\System32\atmfd.dll
2013-09-14 08:24:39 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2013-09-14 08:24:39 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2013-09-14 08:23:49 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2013-09-14 08:23:49 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2013-09-14 08:23:49 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2013-09-14 08:23:49 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2013-09-14 08:23:48 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2013-09-14 08:23:48 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2013-09-14 08:23:48 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2013-09-14 08:07:05 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-09-14 08:07:05 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2013-09-14 08:07:05 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-09-14 08:07:04 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2013-09-14 08:07:04 5120 ----a-w- C:\Windows\System32\wmi.dll
2013-09-14 07:55:18 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2013-09-14 07:53:57 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-09-14 07:51:28 230400 ----a-w- C:\Windows\System32\wwansvc.dll
2013-09-14 07:51:27 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
2013-09-14 07:51:07 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-09-14 07:51:07 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-09-14 07:50:20 715776 ----a-w- C:\Windows\System32\kerberos.dll
2013-09-14 07:50:20 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2013-09-14 07:49:45 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-09-14 07:49:45 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-09-14 07:49:45 144384 ----a-w- C:\Windows\System32\cdd.dll
2013-09-14 07:46:25 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-09-14 07:45:33 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2013-09-14 07:45:33 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2013-09-14 07:45:33 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2013-09-14 07:45:33 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2013-09-14 07:45:02 605552 ----a-w- C:\Windows\System32\winload.exe
2013-09-14 07:45:02 566208 ----a-w- C:\Windows\System32\winresume.efi
2013-09-14 07:45:01 642944 ----a-w- C:\Windows\System32\winload.efi
2013-09-14 07:45:01 518672 ----a-w- C:\Windows\System32\winresume.exe
2013-09-14 07:45:01 20352 ----a-w- C:\Windows\System32\kdusb.dll
2013-09-14 07:45:01 19328 ----a-w- C:\Windows\System32\kd1394.dll
2013-09-14 07:45:01 17792 ----a-w- C:\Windows\System32\kdcom.dll
2013-09-14 07:44:51 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-09-14 07:44:50 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-09-14 07:44:49 95744 ----a-w- C:\Windows\System32\synceng.dll
2013-09-14 07:44:49 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2013-09-14 07:41:55 3155456 ----a-w- C:\Windows\System32\win32k.sys
2013-09-14 07:40:03 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-09-14 07:40:02 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2013-09-14 07:40:02 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-09-14 07:39:39 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-09-14 07:39:39 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-09-14 07:39:31 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2013-09-14 07:38:26 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-09-14 07:38:26 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-09-14 07:38:25 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2013-09-14 07:38:23 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2013-09-14 07:38:23 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
2013-09-14 07:38:23 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2013-09-14 07:36:54 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-09-14 07:36:54 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-09-14 07:36:54 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-09-14 07:36:54 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-09-14 07:35:41 2871808 ----a-w- C:\Windows\explorer.exe
2013-09-14 07:35:41 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe
2013-09-14 07:35:38 3216384 ----a-w- C:\Windows\System32\msi.dll
2013-09-14 07:35:37 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2013-09-14 07:34:26 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-09-14 07:34:26 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-09-14 07:29:49 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-09-14 07:29:49 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-09-14 07:29:12 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2013-09-14 07:28:54 77312 ----a-w- C:\Windows\System32\packager.dll
2013-09-14 07:28:54 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2013-09-14 07:16:00 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2013-09-14 06:39:32 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2013-09-14 06:39:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2013-09-14 06:39:32 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2013-09-14 06:34:23 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2013-09-14 06:34:12 99840 ----a-w- C:\Windows\System32\wudriver.dll
2013-09-14 06:33:58 36864 ----a-w- C:\Windows\System32\wuapp.exe
2013-09-14 06:33:58 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2013-09-14 06:33:14 -------- d-----w- C:\Users\Rushnlabs\AppData\Local\AMD
2013-09-14 06:32:19 -------- d-----w- C:\Users\Rushnlabs\AppData\Local\Broadcom
2013-09-14 06:32:05 -------- d-----w- C:\Users\Rushnlabs\AppData\Roaming\Synaptics
2013-09-14 06:32:04 -------- d-----w- C:\Users\Rushnlabs\AppData\Roaming\hpqLog
2013-09-14 06:31:02 -------- d-----w- C:\Users\Rushnlabs\AppData\Local\RemEngine
2013-09-14 06:27:37 -------- d-----w- C:\Users\Rushnlabs\AppData\Local\Hewlett-Packard
2013-09-14 06:27:23 -------- d-----w- C:\Users\Rushnlabs\AppData\Local\Hewlett-Packard_Company
2013-09-14 06:26:24 -------- d-----w- C:\Users\Rushnlabs\AppData\Local\VirtualStore
2013-09-05 20:06:12 1443328 ----a-w- C:\Windows\System32\CFHD.dll
2013-09-05 20:03:20 1474560 ----a-w- C:\Windows\SysWow64\CFHD.dll
2013-08-16 04:35:22 1060864 ----a-w- C:\Windows\SysWow64\MFC71.dll
2013-08-16 04:35:16 2838200 ----a-w- C:\Windows\System32\libmmd.dll
2013-08-16 04:35:14 633008 ----a-w- C:\Windows\SysWow64\ippjw7-6.1.dll
2013-08-16 04:35:14 534712 ----a-w- C:\Windows\SysWow64\libiomp5md.dll
2013-08-16 04:35:14 529080 ----a-w- C:\Windows\System32\libiomp5md.dll
2013-08-16 04:35:14 509624 ----a-w- C:\Windows\System32\libguide40.dll
2013-08-16 04:35:14 473272 ----a-w- C:\Windows\SysWow64\libguide40.dll
2013-08-16 04:35:14 3586232 ----a-w- C:\Windows\SysWow64\libmmd.dll
2013-08-16 04:35:14 239792 ----a-w- C:\Windows\SysWow64\ipps-6.1.dll
2013-08-16 04:35:14 129200 ----a-w- C:\Windows\SysWow64\ippvc-6.1.dll
2013-08-16 04:35:14 129200 ----a-w- C:\Windows\SysWow64\ippcore-6.1.dll
2013-08-16 04:35:14 104624 ----a-w- C:\Windows\SysWow64\ippj-6.1.dll
2013-08-13 21:53:56 18634944 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
2013-08-09 10:02:14 66264 ----a-w- C:\Windows\System32\btwdi.dll
2013-08-09 10:02:14 2232024 ----a-w- C:\Windows\System32\BcmBtRSupport.dll
2013-08-09 10:02:14 170712 ----a-w- C:\Windows\System32\drivers\bcbtums.sys
2013-08-09 10:02:14 166104 ----a-w- C:\Windows\System32\drivers\btwampfl.sys
2013-08-09 10:02:12 2252504 ----a-w- C:\Windows\System32\BtwRSupportService.exe
.
==================== Find6M  ====================
.
2013-09-19 01:41:03 790440 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-09-14 07:11:42 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2013-08-02 02:15:44 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-02 02:15:03 362496 ----a-w- C:\Windows\System32\wow64win.dll
2013-08-02 02:15:03 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-02 02:15:03 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-08-02 02:14:11 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-08-02 01:59:30 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-02 01:59:30 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-02 01:51:23 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-02 01:50:42 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe
2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe
2013-08-02 00:45:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-02 00:45:36 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-02 00:45:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-02 00:45:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll
2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-06-15 04:32:16 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
2013-04-30 17:59:12 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2013-04-30 17:59:12 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2013-04-17 07:02:06 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-04-17 06:24:46 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
.
============= FINISH:  0:41:24.74 ===============
 

Attached Files



#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:54 PM

Posted 01 October 2013 - 01:58 AM

Hello, my name is Elise and I'll assist you with this issue.
 
First of all, if someone is googling to find remote accessing tools and options, it is unlikely they have the skill to actually deploy them (if they knew what they were doing they wouldn't be using google for one). Hacking a computer takes more than that and while you have a lot of remote controlling applications that are legitimate, getting one on a system you don't have access to without the user's consent requires a malicious file (a trojan or similar). That means you'd have at some point (unknowingly) executed the bad file. While this is not impossible, I don't see evidence of it in your logs.
 
The user account you found in the screenshot is the trusted installer account, which is a legitimate and default windows account.

That being said, to be sure, lets run the following tool.

We need to run a scan with Combofix:
  • Please go to the download page for ComboFix by sUBs.
  • Click the Download Now button pictured below and save the file to your desktop:

    download.png
  • Disable any anti-virus and/or firewall software you have installed.
    instructions can be found here if needed
  • Close all open windows including your web browser
    as mentioned in the first post, you may want to print out all instructions before starting
  • Double-click on the ComboFix icon on your desktop. cf-icon.jpg
  • Read the Disclaimer and click I Agree if you want to run the software, then you should see a window like the one below:

    cf-preparing.jpg
  • DO NOT use your computer while ComboFix is running. There are a lot of things going on behind the scenes and a single mouse click can cause the program to stall.

    However, if you see the prompt below, please click Yes to download the Microsoft Windows Recovery Console.

    recovery-console-prompt.jpg

    If an Internet connection is not available or you choose not to install the recovery console, ComboFix will run in Reduced Functionality mode
  • Allow ComboFix to reboot the computer if necessary, it will run again after you log back in.
  • When complete, a log file will be displayed, please copy and paste the contents of this file into your next post.

    cf-log.jpg
More information about downloading and using ComboFix can be found here if needed.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 iswearimnotparanoid

iswearimnotparanoid
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:54 PM

Posted 03 October 2013 - 05:44 PM

Argh!!! This is driving me insane. Take a look at these suspicious logs from when I ran a registry cleaner, the invalid firewall rules. These have got to be concrete evidence that someone is remotely messing with my computer. NONE of those program file directories exist on my pc and I've never even heard of them before - They've gotta be from the remote pc.

 

 

Invalid firewall rule MCX-In-TCP - %SystemRoot%\ehome\ehshell.exe HKLM\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules

Invalid firewall rule MCX-Out-TCP - %SystemRoot%\ehome\ehshell.exe HKLM\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
Invalid firewall rule MCX-In-UDP - %SystemRoot%\ehome\ehshell.exe HKLM\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
Invalid firewall rule MCX-Out-UDP - %SystemRoot%\ehome\ehshell.exe HKLM\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
Invalid firewall rule MCX-Prov-Out-TCP - %SystemRoot%\ehome\mcx2prov.exe HKLM\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
Invalid firewall rule MCX-McrMgr-Out-TCP - %SystemRoot%\ehome\mcrmgr.exe HKLM\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
Invalid firewall rule NetPres-In-TCP-NoScope - %SystemRoot%\system32\netproj.exe HKLM\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
Invalid firewall rule NetPres-Out-TCP-NoScope - %SystemRoot%\system32\netproj.exe HKLM\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
Invalid firewall rule NetPres-WSD-In-UDP - %SystemRoot%\system32\netproj.exe HKLM\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
Invalid firewall rule NetPres-WSD-Out-UDP - %SystemRoot%\system32\netproj.exe HKLM\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
Invalid firewall rule NetPres-In-TCP - %SystemRoot%\system32\netproj.exe HKLM\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
Invalid firewall rule NetPres-Out-TCP - %SystemRoot%\system32\netproj.exe HKLM\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
Invalid firewall rule {5089B36F-63F7-4BD6-9949-2B3D02ACECE3} - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe HKLM\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
Invalid firewall rule {1D7186AE-4045-4748-8D12-6F6FC6A5C1AA} - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe HKLM\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
Invalid firewall rule {72065031-1BF3-4F91-B949-0DE7443A32EA} - C:\Program Files (x86)\Intel Corporation\Intel Wireless Display\WiDiApp.exe HKLM\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
Invalid firewall rule {37E3F20F-DE20-4516-B208-CC46191BDD72} - C:\Program Files (x86)\Skype\Phone\Skype.exe HKLM\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
Invalid firewall rule {AD29B28E-7AA3-4C13-8BCB-E7373F378ED2} - C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe HKLM\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
Invalid firewall rule {AF4AE69A-970E-423A-BC81-27A1EA6D36DD} - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe HKLM\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
Invalid firewall rule {9B15F693-7BE6-4C83-ACC0-C481A95321E0} - C:\Program Files (x86)\Windows Live\Mesh\MOE.exe HKLM\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
Invalid firewall rule TCP Query User{E4714ADC-D31E-483B-BED7-EE134571BD0A}C:\program files (x86)\valve\portal 2\portal2.exe - C:\program files (x86)\valve\portal 2\portal2.exe HKLM\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
Invalid firewall rule UDP Query User{04870D66-C8F2-469A-BBEE-DB139BBAEF25}C:\program files (x86)\valve\portal 2\portal2.exe - C:\program files (x86)\valve\portal 2\portal2.exe HKLM\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
Invalid firewall rule {9CD09840-B549-4F75-9EEB-6BE3B543DAE8} - C:\Program Files\ma-config.com\x64\maconfservice.exe HKLM\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
Invalid firewall rule {7B0CA09B-E132-4AA1-8B28-59AA97CB5C57} - C:\Program Files\ma-config.com\x64\maconfservice.exe HKLM\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
Invalid firewall rule {DDBDFF88-AB5D-48C8-97E3-C62C37C73A65} - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe HKLM\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
Invalid firewall rule {098976E5-15FD-484D-A487-16CB85708525} - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe HKLM\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
Invalid firewall rule {B8B4E785-9232-4B9A-8B01-74C63AC2AA26} - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe HKLM\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
Invalid firewall rule {204A6AA5-9247-4962-B215-AE31E13E695F} - C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\WDExpress.exe HKLM\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
Invalid firewall rule TCP Query User{6D0D83BF-46DD-4AD9-ADAF-FEFDCBDD8796}C:\program files\hexchat\hexchat.exe - C:\program files\hexchat\hexchat.exe HKLM\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
Invalid firewall rule UDP Query User{35CE3A0D-04E0-4137-BD84-AA59DAD8ACD3}C:\program files\hexchat\hexchat.exe - C:\program files\hexchat\hexchat.exe HKLM\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
Invalid firewall rule {75F7ED18-0511-4362-A6A1-FD4D619DE3ED} - C:\program files\hexchat\hexchat.exe HKLM\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
Invalid firewall rule {4DA3135C-FE3A-4327-9163-37CEA0209ED3} - C:\program files\hexchat\hexchat.exe HKLM\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules


#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:54 PM

Posted 04 October 2013 - 02:07 AM

Actually this is no sign at all of anything malicious. It simply means that at some point a firewall rule was created for these programs, but since the program no longer exists, the rule is invalid (you can't have a valid rule for a non-existent file). Added to that, its not recommended to run registry cleaners, they have the potential to do more harm than good.

 

If you still require help, continue with the steps provided in my previous post.


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 iswearimnotparanoid

iswearimnotparanoid
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:54 PM

Posted 05 October 2013 - 11:29 PM

OK. But I am nearly 100% certain there is some form of remote access happening to my PC. Here's the combofix log:

 

ComboFix 13-10-04.02 - Rushnlabs 06/10/2013  14:01:32.3.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.61.1033.18.7659.5931 [GMT 10:00]
Running from: c:\users\Rushnlabs\Desktop\123.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2013-09-06 to 2013-10-06  )))))))))))))))))))))))))))))))
.
.
2013-10-06 04:10 . 2013-10-06 04:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-04 05:44 . 2013-10-04 05:44 -------- d-----w- c:\programdata\Kaspersky Lab
2013-10-04 05:28 . 2013-10-04 05:28 61440 ----a-w- c:\windows\SysWow64\drivers\dgfmaptu.sys
2013-10-04 04:45 . 2013-10-04 04:45 208216 ----a-w- c:\windows\system32\drivers\94055109.sys
2013-10-03 22:50 . 2013-10-03 22:50 36680 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-10-03 22:36 . 2013-10-03 22:36 -------- d-----w- c:\users\Public\CyberLink
2013-10-03 21:21 . 2013-10-03 21:21 -------- d-----w- C:\RegBackup
2013-10-03 18:23 . 2013-10-03 18:46 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-10-03 18:14 . 2013-10-04 04:57 -------- d-----w- C:\TDSSKiller_Quarantine
2013-10-03 04:22 . 2013-10-03 04:22 -------- d-----w- c:\program files (x86)\ESET
2013-10-03 04:19 . 2013-10-03 22:11 -------- d-----w- c:\program files\HitmanPro
2013-10-03 04:19 . 2013-10-04 05:04 -------- d-----w- c:\programdata\HitmanPro
2013-10-02 13:21 . 2013-10-03 22:12 -------- d-----w- C:\EEK
2013-10-02 13:11 . 2013-10-02 13:11 -------- d-----w- c:\program files (x86)\Tweaking.com
2013-10-01 02:40 . 2013-10-01 02:40 -------- d-----w- C:\9b82ec5e9f7003df37cca0f6
2013-10-01 02:39 . 2011-06-10 05:32 246784 ----a-w- c:\windows\system32\input.dll
2013-10-01 02:39 . 2011-06-10 04:30 202240 ----a-w- c:\windows\SysWow64\input.dll
2013-10-01 02:38 . 2011-03-19 06:09 31744 ----a-w- c:\windows\system32\drivers\usbrpm.sys
2013-10-01 02:36 . 2013-10-01 02:36 -------- d-----w- c:\program files\ATI
2013-10-01 02:35 . 2011-02-25 06:25 296320 ----a-w- c:\windows\system32\drivers\volsnap.sys
2013-10-01 02:35 . 2013-10-01 02:35 -------- d-----w- c:\program files\ATI Technologies
2013-10-01 02:30 . 2013-10-01 02:30 -------- d-----w- c:\program files (x86)\Renesas Electronics
2013-10-01 02:25 . 2011-03-16 17:14 521728 ----a-w- c:\windows\system32\drivers\stwrt64.sys
2013-10-01 02:25 . 2011-03-16 17:14 652288 ----a-w- c:\windows\system32\stapi64.dll
2013-10-01 02:25 . 2011-03-16 17:14 431616 ----a-w- c:\windows\system32\stcplx64.dll
2013-10-01 02:25 . 2011-03-16 17:14 1500672 ----a-w- c:\windows\system32\stapo64.dll
2013-10-01 02:25 . 2013-10-03 22:08 -------- d-----w- c:\program files\IDT
2013-10-01 00:11 . 2013-10-04 05:37 -------- d-----w- c:\windows\system32\drivers\NISx64\1500020.001
2013-09-30 21:15 . 2013-10-06 00:36 -------- d-----w- c:\program files (x86)\trend micro
2013-09-30 20:52 . 2013-09-30 20:52 -------- d-----w- c:\windows\ERUNT
2013-09-30 20:46 . 2013-10-04 09:23 -------- d-----w- C:\AdwCleaner
2013-09-30 01:54 . 2013-09-30 01:54 -------- d-----w- c:\program files (x86)\Windows Sidebar
2013-09-30 01:53 . 2013-09-30 01:58 -------- d-sh--w- c:\programdata\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2013-09-30 01:53 . 2013-09-30 01:53 -------- d-----w- c:\programdata\Common Files
2013-09-29 09:19 . 2013-09-29 23:37 -------- d-----w- c:\programdata\SecTaskMan
2013-09-28 15:00 . 2011-03-29 04:38 368640 ----a-w- c:\windows\SysWow64\ReWire.dll
2013-09-28 15:00 . 2011-03-29 04:38 233472 ----a-w- c:\windows\SysWow64\REX Shared Library.dll
2013-09-28 14:58 . 2013-09-28 14:58 -------- d-----w- c:\program files (x86)\Ableton
2013-09-25 07:52 . 2013-09-25 07:52 -------- d-----w- c:\program files\CCleaner
2013-09-22 01:36 . 2013-07-09 02:28 49144 ----a-w- c:\windows\system32\drivers\TTM57SLUsb.sys
2013-09-19 05:29 . 2013-09-19 05:29 -------- d-----w- c:\program files (x86)\CineForm
2013-09-19 05:28 . 2013-09-25 10:40 -------- d-----w- c:\program files\DIFX
2013-09-19 05:28 . 2013-09-19 05:38 -------- d-----w- c:\users\Public\CineForm
2013-09-19 05:28 . 2013-09-19 05:28 -------- d-----w- c:\program files (x86)\GoPro
2013-09-19 01:42 . 2013-09-19 01:42 -------- d-----w- c:\programdata\Oracle
2013-09-19 01:41 . 2013-09-19 01:41 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-09-19 01:41 . 2013-09-19 01:41 868264 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-09-19 01:41 . 2013-09-19 01:41 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-09-18 23:45 . 2013-09-18 23:45 -------- d-----w- c:\program files\Common Files\Propellerhead Software
2013-09-18 23:43 . 2013-09-28 15:37 -------- d-----w- c:\programdata\Ableton
2013-09-18 02:05 . 2013-09-18 02:05 -------- d-----w- c:\program files\WinRAR
2013-09-18 01:54 . 2013-09-18 01:54 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-09-18 01:54 . 2013-09-18 01:54 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-09-18 01:54 . 2013-09-18 01:54 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-09-18 01:54 . 2013-09-18 01:54 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-09-18 01:54 . 2013-09-18 01:54 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-09-18 01:54 . 2013-09-18 02:37 -------- d-----w- c:\programdata\Apple Computer
2013-09-18 01:54 . 2013-09-18 01:54 -------- d-----w- c:\program files (x86)\QuickTime
2013-09-18 01:50 . 2013-09-18 01:50 -------- d-----w- c:\program files (x86)\Common Files\Apple
2013-09-18 01:49 . 2013-09-18 01:49 -------- d-----w- c:\program files (x86)\Apple Software Update
2013-09-18 01:49 . 2013-09-18 01:49 -------- d-----w- c:\programdata\Apple
2013-09-18 01:48 . 2013-09-18 01:48 -------- d-----w- c:\program files (x86)\Common Files\Serato
2013-09-18 01:28 . 2013-09-18 01:28 -------- d-----w- C:\temp
2013-09-18 01:27 . 2013-09-18 01:27 -------- d-----w- c:\program files (x86)\Serato
2013-09-18 01:27 . 2013-09-18 01:27 -------- d-----w- c:\windows\Downloaded Installations
2013-09-16 04:36 . 2013-09-16 04:36 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2013-09-16 04:36 . 2013-09-16 04:36 -------- d-----w- c:\windows\PCHEALTH
2013-09-16 04:32 . 2013-09-16 04:32 -------- d-----w- c:\program files\Microsoft Silverlight
2013-09-16 04:32 . 2013-09-16 04:32 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-09-16 02:01 . 2013-09-16 02:01 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2013-09-16 02:00 . 2013-09-16 02:00 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2013-09-16 01:55 . 2013-09-16 01:55 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2013-09-16 01:20 . 2013-09-16 01:20 -------- d-----w- c:\programdata\Malwarebytes
2013-09-16 01:20 . 2013-09-16 01:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-09-16 01:20 . 2013-04-04 04:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-15 23:54 . 2013-09-15 23:54 -------- d-----w- c:\program files\Microsoft Office
2013-09-15 23:52 . 2013-09-15 23:52 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2013-09-15 23:50 . 2013-09-16 02:02 -------- d-----w- c:\windows\SHELLNEW
2013-09-15 23:48 . 2013-10-03 22:12 -------- d-----w- c:\programdata\Microsoft Help
2013-09-15 23:46 . 2013-09-15 23:46 -------- d-----r- C:\MSOCache
2013-09-15 23:37 . 2013-09-15 23:39 -------- d-----w- c:\program files (x86)\Google
2013-09-15 06:21 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2013-09-15 06:21 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2013-09-15 06:12 . 2013-08-05 19:32 78936 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2013-09-14 21:14 . 2013-09-14 21:14 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin
2013-09-14 09:38 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll
2013-09-14 09:38 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll
2013-09-14 09:38 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2013-09-14 09:38 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2013-09-14 09:38 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
2013-09-14 09:38 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2013-09-14 09:38 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2013-09-14 09:38 . 2011-03-03 06:24 183296 ----a-w- c:\windows\system32\dnsrslvr.dll
2013-09-14 09:38 . 2011-03-03 06:24 357888 ----a-w- c:\windows\system32\dnsapi.dll
2013-09-14 09:38 . 2011-03-03 06:21 30208 ----a-w- c:\windows\system32\dnscacheugc.exe
2013-09-14 09:38 . 2011-03-03 05:36 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe
2013-09-14 09:36 . 2013-07-25 09:25 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-09-14 09:35 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2013-09-14 09:35 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2013-09-14 09:35 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2013-09-14 09:35 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2013-09-14 09:35 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-09-14 09:35 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-09-14 09:35 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-09-14 09:35 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2013-09-14 09:35 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2013-09-14 09:35 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2013-09-14 09:35 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2013-09-14 09:33 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll
2013-09-14 09:33 . 2011-05-03 04:30 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2013-09-14 09:33 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe
2013-09-14 09:33 . 2011-02-18 05:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2013-09-14 09:30 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2013-09-14 09:30 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2013-09-14 09:24 . 2013-09-14 09:24 -------- d-----w- c:\programdata\Synaptics
2013-09-14 09:18 . 2013-09-14 09:18 -------- d-----w- c:\windows\SysWow64\Wat
2013-09-14 09:18 . 2013-09-14 09:18 -------- d-----w- c:\windows\system32\Wat
2013-09-14 08:50 . 2013-09-14 08:52 -------- d-----w- c:\windows\system32\MRT
2013-09-14 08:43 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-09-14 08:43 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-09-14 08:43 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2013-09-14 08:43 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-09-14 08:24 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2013-09-14 08:24 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2013-09-14 08:24 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-01 00:12 . 2011-07-21 04:14 177752 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2013-09-19 01:41 . 2011-05-08 04:16 790440 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-09-05 20:06 . 2013-09-05 20:06 1443328 ----a-w- c:\windows\system32\CFHD.dll
2013-09-05 20:03 . 2013-09-05 20:03 1474560 ----a-w- c:\windows\SysWow64\CFHD.dll
2013-08-16 04:35 . 2013-08-16 04:35 1060864 ----a-w- c:\windows\SysWow64\MFC71.dll
2013-08-16 04:35 . 2013-08-16 04:35 2838200 ----a-w- c:\windows\system32\libmmd.dll
2013-08-16 04:35 . 2013-08-16 04:35 633008 ----a-w- c:\windows\SysWow64\ippjw7-6.1.dll
2013-08-16 04:35 . 2013-08-16 04:35 534712 ----a-w- c:\windows\SysWow64\libiomp5md.dll
2013-08-16 04:35 . 2013-08-16 04:35 529080 ----a-w- c:\windows\system32\libiomp5md.dll
2013-08-16 04:35 . 2013-08-16 04:35 509624 ----a-w- c:\windows\system32\libguide40.dll
2013-08-16 04:35 . 2013-08-16 04:35 473272 ----a-w- c:\windows\SysWow64\libguide40.dll
2013-08-16 04:35 . 2013-08-16 04:35 3586232 ----a-w- c:\windows\SysWow64\libmmd.dll
2013-08-16 04:35 . 2013-08-16 04:35 239792 ----a-w- c:\windows\SysWow64\ipps-6.1.dll
2013-08-16 04:35 . 2013-08-16 04:35 129200 ----a-w- c:\windows\SysWow64\ippvc-6.1.dll
2013-08-16 04:35 . 2013-08-16 04:35 129200 ----a-w- c:\windows\SysWow64\ippcore-6.1.dll
2013-08-16 04:35 . 2013-08-16 04:35 104624 ----a-w- c:\windows\SysWow64\ippj-6.1.dll
2013-08-09 10:02 . 2013-08-09 10:02 66264 ----a-w- c:\windows\system32\btwdi.dll
2013-08-09 10:02 . 2013-08-09 10:02 2232024 ----a-w- c:\windows\system32\BcmBtRSupport.dll
2013-08-09 10:02 . 2013-08-09 10:02 170712 ----a-w- c:\windows\system32\drivers\bcbtums.sys
2013-08-09 10:02 . 2013-08-09 10:02 166104 ----a-w- c:\windows\system32\drivers\btwampfl.sys
2013-08-09 10:02 . 2013-08-09 10:02 2252504 ----a-w- c:\windows\system32\BtwRSupportService.exe
2013-08-02 01:48 . 2013-09-14 07:46 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-07-11 574008]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-07-20 113288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-30 1132320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
.
R0 xfks;xfks;c:\windows\system32\drivers\dgfmaptu.sys;c:\windows\SYSNATIVE\drivers\dgfmaptu.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
R2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
R3 bcbtums;Bluetooth USB LD Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
R3 btwampfl;btwampfl;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TTM57SLUsb;TTM 57SL USB driver;c:\windows\system32\Drivers\TTM57SLUsb.sys;c:\windows\SYSNATIVE\Drivers\TTM57SLUsb.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 BcmBtRSupport;Bluetooth Driver Management Service;c:\windows\system32\BtwRSupportService.exe;c:\windows\SYSNATIVE\BtwRSupportService.exe [x]
R4 CLKMSVC10_38F51D56;CyberLink Product - 2011/07/20 21:18;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1500020.001\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1500020.001\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1500020.001\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1500020.001\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\BASHDefs\20130924.001\BHDrvx64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\BASHDefs\20130924.001\BHDrvx64.sys [x]
S1 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\NISx64\1500020.001\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1500020.001\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\IPSDefs\20131004.001\IDSvia64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\IPSDefs\20131004.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1500020.001\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1500020.001\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1500020.001\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1500020.001\SYMNETS.SYS [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\21.0.2.1\NIS.exe;c:\program files (x86)\Norton Internet Security\Engine\21.0.2.1\NIS.exe [x]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys;c:\windows\SYSNATIVE\DRIVERS\amdhub30.sys [x]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys;c:\windows\SYSNATIVE\DRIVERS\amdxhc.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - PXLDAPOB
*Deregistered* - CLKMDRV10_38F51D56
*Deregistered* - pxldapob
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-19 03:43 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-15 23:37]
.
2013-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-15 23:37]
.
2013-09-29 c:\windows\Tasks\HPCeeScheduleForDDAY$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2013-09-29 c:\windows\Tasks\HPCeeScheduleForRushnlabs.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-16 1128448]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\21.0.2.1\NIS.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\21.0.2.1\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\NISx64\1500020.001\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton Internet Security\Engine\21.0.2.1;c:\program files (x86)\Norton Internet Security\Engine64\21.0.2.1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-10-06  14:22:54
ComboFix-quarantined-files.txt  2013-10-06 04:22
.
Pre-Run: 570,007,490,560 bytes free
Post-Run: 569,997,611,008 bytes free
.
- - End Of File - - A3B4ED30A29D60D7DD40E1821F69FF90
A36C5E4F47E84449FF07ED3517B43A31


#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:54 PM

Posted 06 October 2013 - 01:54 AM

I see one suspicious driver, but besides that no evidence of remote control.

We need to execute a CF-script.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Press Windows key + R and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:
Rootkit::
c:\windows\system32\drivers\dgfmaptu.sys

Driver::
xfks
Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 iswearimnotparanoid

iswearimnotparanoid
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:54 PM

Posted 06 October 2013 - 10:25 AM

OK Done. Here is the log:

 

ComboFix 13-10-04.02 - Rushnlabs 06/10/2013  20:45:42.4.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.61.1033.18.7659.5533 [GMT 10:00]
Running from: c:\users\Rushnlabs\Desktop\123.exe
Command switches used :: c:\users\Rushnlabs\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_xfks
.
.
(((((((((((((((((((((((((   Files Created from 2013-09-06 to 2013-10-06  )))))))))))))))))))))))))))))))
.
.
2013-10-06 11:41 . 2013-10-06 11:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-04 05:44 . 2013-10-04 05:44 -------- d-----w- c:\programdata\Kaspersky Lab
2013-10-04 05:28 . 2013-10-04 05:28 61440 ----a-w- c:\windows\SysWow64\drivers\dgfmaptu.sys
2013-10-04 04:45 . 2013-10-04 04:45 208216 ----a-w- c:\windows\system32\drivers\94055109.sys
2013-10-03 22:50 . 2013-10-03 22:50 36680 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-10-03 22:36 . 2013-10-03 22:36 -------- d-----w- c:\users\Public\CyberLink
2013-10-03 21:21 . 2013-10-03 21:21 -------- d-----w- C:\RegBackup
2013-10-03 18:23 . 2013-10-03 18:46 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-10-03 18:14 . 2013-10-04 04:57 -------- d-----w- C:\TDSSKiller_Quarantine
2013-10-03 04:22 . 2013-10-03 04:22 -------- d-----w- c:\program files (x86)\ESET
2013-10-03 04:19 . 2013-10-03 22:11 -------- d-----w- c:\program files\HitmanPro
2013-10-03 04:19 . 2013-10-04 05:04 -------- d-----w- c:\programdata\HitmanPro
2013-10-02 13:21 . 2013-10-03 22:12 -------- d-----w- C:\EEK
2013-10-02 13:11 . 2013-10-02 13:11 -------- d-----w- c:\program files (x86)\Tweaking.com
2013-10-01 02:40 . 2013-10-01 02:40 -------- d-----w- C:\9b82ec5e9f7003df37cca0f6
2013-10-01 02:39 . 2011-06-10 05:32 246784 ----a-w- c:\windows\system32\input.dll
2013-10-01 02:39 . 2011-06-10 04:30 202240 ----a-w- c:\windows\SysWow64\input.dll
2013-10-01 02:38 . 2011-03-19 06:09 31744 ----a-w- c:\windows\system32\drivers\usbrpm.sys
2013-10-01 02:36 . 2013-10-01 02:36 -------- d-----w- c:\program files\ATI
2013-10-01 02:35 . 2011-02-25 06:25 296320 ----a-w- c:\windows\system32\drivers\volsnap.sys
2013-10-01 02:35 . 2013-10-01 02:35 -------- d-----w- c:\program files\ATI Technologies
2013-10-01 02:30 . 2013-10-01 02:30 -------- d-----w- c:\program files (x86)\Renesas Electronics
2013-10-01 02:25 . 2011-03-16 17:14 521728 ----a-w- c:\windows\system32\drivers\stwrt64.sys
2013-10-01 02:25 . 2011-03-16 17:14 652288 ----a-w- c:\windows\system32\stapi64.dll
2013-10-01 02:25 . 2011-03-16 17:14 431616 ----a-w- c:\windows\system32\stcplx64.dll
2013-10-01 02:25 . 2011-03-16 17:14 1500672 ----a-w- c:\windows\system32\stapo64.dll
2013-10-01 02:25 . 2013-10-03 22:08 -------- d-----w- c:\program files\IDT
2013-10-01 00:11 . 2013-10-04 05:37 -------- d-----w- c:\windows\system32\drivers\NISx64\1500020.001
2013-09-30 21:15 . 2013-10-06 00:36 -------- d-----w- c:\program files (x86)\trend micro
2013-09-30 20:52 . 2013-09-30 20:52 -------- d-----w- c:\windows\ERUNT
2013-09-30 20:46 . 2013-10-06 10:37 -------- d-----w- C:\AdwCleaner
2013-09-30 01:54 . 2013-09-30 01:54 -------- d-----w- c:\program files (x86)\Windows Sidebar
2013-09-30 01:53 . 2013-09-30 01:58 -------- d-sh--w- c:\programdata\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2013-09-30 01:53 . 2013-09-30 01:53 -------- d-----w- c:\programdata\Common Files
2013-09-29 09:19 . 2013-09-29 23:37 -------- d-----w- c:\programdata\SecTaskMan
2013-09-28 15:00 . 2011-03-29 04:38 368640 ----a-w- c:\windows\SysWow64\ReWire.dll
2013-09-28 15:00 . 2011-03-29 04:38 233472 ----a-w- c:\windows\SysWow64\REX Shared Library.dll
2013-09-28 14:58 . 2013-09-28 14:58 -------- d-----w- c:\program files (x86)\Ableton
2013-09-25 07:52 . 2013-09-25 07:52 -------- d-----w- c:\program files\CCleaner
2013-09-22 01:36 . 2013-07-09 02:28 49144 ----a-w- c:\windows\system32\drivers\TTM57SLUsb.sys
2013-09-19 05:29 . 2013-09-19 05:29 -------- d-----w- c:\program files (x86)\CineForm
2013-09-19 05:28 . 2013-09-19 05:38 -------- d-----w- c:\users\Public\CineForm
2013-09-19 05:28 . 2013-09-19 05:28 -------- d-----w- c:\program files (x86)\GoPro
2013-09-19 01:42 . 2013-09-19 01:42 -------- d-----w- c:\programdata\Oracle
2013-09-19 01:41 . 2013-09-19 01:41 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-09-19 01:41 . 2013-09-19 01:41 868264 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-09-19 01:41 . 2013-09-19 01:41 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-09-18 23:45 . 2013-09-18 23:45 -------- d-----w- c:\program files\Common Files\Propellerhead Software
2013-09-18 23:43 . 2013-09-28 15:37 -------- d-----w- c:\programdata\Ableton
2013-09-18 02:05 . 2013-09-18 02:05 -------- d-----w- c:\program files\WinRAR
2013-09-18 01:54 . 2013-09-18 01:54 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-09-18 01:54 . 2013-09-18 01:54 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-09-18 01:54 . 2013-09-18 01:54 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-09-18 01:54 . 2013-09-18 01:54 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-09-18 01:54 . 2013-09-18 01:54 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-09-18 01:54 . 2013-09-18 02:37 -------- d-----w- c:\programdata\Apple Computer
2013-09-18 01:54 . 2013-09-18 01:54 -------- d-----w- c:\program files (x86)\QuickTime
2013-09-18 01:50 . 2013-09-18 01:50 -------- d-----w- c:\program files (x86)\Common Files\Apple
2013-09-18 01:49 . 2013-09-18 01:49 -------- d-----w- c:\program files (x86)\Apple Software Update
2013-09-18 01:49 . 2013-09-18 01:49 -------- d-----w- c:\programdata\Apple
2013-09-18 01:48 . 2013-09-18 01:48 -------- d-----w- c:\program files (x86)\Common Files\Serato
2013-09-18 01:28 . 2013-09-18 01:28 -------- d-----w- C:\temp
2013-09-18 01:27 . 2013-09-18 01:27 -------- d-----w- c:\program files (x86)\Serato
2013-09-18 01:27 . 2013-09-18 01:27 -------- d-----w- c:\windows\Downloaded Installations
2013-09-16 04:36 . 2013-09-16 04:36 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2013-09-16 04:36 . 2013-09-16 04:36 -------- d-----w- c:\windows\PCHEALTH
2013-09-16 04:32 . 2013-09-16 04:32 -------- d-----w- c:\program files\Microsoft Silverlight
2013-09-16 04:32 . 2013-09-16 04:32 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-09-16 02:01 . 2013-09-16 02:01 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2013-09-16 02:00 . 2013-09-16 02:00 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2013-09-16 01:55 . 2013-09-16 01:55 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2013-09-16 01:20 . 2013-09-16 01:20 -------- d-----w- c:\programdata\Malwarebytes
2013-09-16 01:20 . 2013-10-06 06:17 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-09-16 01:20 . 2013-04-04 04:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-15 23:54 . 2013-09-15 23:54 -------- d-----w- c:\program files\Microsoft Office
2013-09-15 23:52 . 2013-09-15 23:52 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2013-09-15 23:50 . 2013-09-16 02:02 -------- d-----w- c:\windows\SHELLNEW
2013-09-15 23:48 . 2013-10-03 22:12 -------- d-----w- c:\programdata\Microsoft Help
2013-09-15 23:46 . 2013-09-15 23:46 -------- d-----r- C:\MSOCache
2013-09-15 23:37 . 2013-09-15 23:39 -------- d-----w- c:\program files (x86)\Google
2013-09-15 06:21 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2013-09-15 06:21 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2013-09-15 06:12 . 2013-08-05 19:32 78936 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2013-09-14 21:14 . 2013-09-14 21:14 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin
2013-09-14 09:38 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll
2013-09-14 09:38 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll
2013-09-14 09:38 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2013-09-14 09:38 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2013-09-14 09:38 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
2013-09-14 09:38 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2013-09-14 09:38 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2013-09-14 09:38 . 2011-03-03 06:24 183296 ----a-w- c:\windows\system32\dnsrslvr.dll
2013-09-14 09:38 . 2011-03-03 06:24 357888 ----a-w- c:\windows\system32\dnsapi.dll
2013-09-14 09:38 . 2011-03-03 06:21 30208 ----a-w- c:\windows\system32\dnscacheugc.exe
2013-09-14 09:38 . 2011-03-03 05:36 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe
2013-09-14 09:36 . 2013-07-25 09:25 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-09-14 09:35 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2013-09-14 09:35 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2013-09-14 09:35 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2013-09-14 09:35 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2013-09-14 09:35 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-09-14 09:35 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-09-14 09:35 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-09-14 09:35 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2013-09-14 09:35 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2013-09-14 09:35 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2013-09-14 09:35 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2013-09-14 09:33 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll
2013-09-14 09:33 . 2011-05-03 04:30 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2013-09-14 09:33 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe
2013-09-14 09:33 . 2011-02-18 05:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2013-09-14 09:30 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2013-09-14 09:30 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2013-09-14 09:24 . 2013-09-14 09:24 -------- d-----w- c:\programdata\Synaptics
2013-09-14 09:18 . 2013-09-14 09:18 -------- d-----w- c:\windows\SysWow64\Wat
2013-09-14 09:18 . 2013-09-14 09:18 -------- d-----w- c:\windows\system32\Wat
2013-09-14 08:50 . 2013-09-14 08:52 -------- d-----w- c:\windows\system32\MRT
2013-09-14 08:43 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-09-14 08:43 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-09-14 08:43 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2013-09-14 08:43 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-09-14 08:24 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2013-09-14 08:24 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2013-09-14 08:24 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2013-09-14 08:24 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-01 00:12 . 2011-07-21 04:14 177752 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2013-09-19 01:41 . 2011-05-08 04:16 790440 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-09-05 20:06 . 2013-09-05 20:06 1443328 ----a-w- c:\windows\system32\CFHD.dll
2013-09-05 20:03 . 2013-09-05 20:03 1474560 ----a-w- c:\windows\SysWow64\CFHD.dll
2013-08-16 04:35 . 2013-08-16 04:35 1060864 ----a-w- c:\windows\SysWow64\MFC71.dll
2013-08-16 04:35 . 2013-08-16 04:35 2838200 ----a-w- c:\windows\system32\libmmd.dll
2013-08-16 04:35 . 2013-08-16 04:35 633008 ----a-w- c:\windows\SysWow64\ippjw7-6.1.dll
2013-08-16 04:35 . 2013-08-16 04:35 534712 ----a-w- c:\windows\SysWow64\libiomp5md.dll
2013-08-16 04:35 . 2013-08-16 04:35 529080 ----a-w- c:\windows\system32\libiomp5md.dll
2013-08-16 04:35 . 2013-08-16 04:35 509624 ----a-w- c:\windows\system32\libguide40.dll
2013-08-16 04:35 . 2013-08-16 04:35 473272 ----a-w- c:\windows\SysWow64\libguide40.dll
2013-08-16 04:35 . 2013-08-16 04:35 3586232 ----a-w- c:\windows\SysWow64\libmmd.dll
2013-08-16 04:35 . 2013-08-16 04:35 239792 ----a-w- c:\windows\SysWow64\ipps-6.1.dll
2013-08-16 04:35 . 2013-08-16 04:35 129200 ----a-w- c:\windows\SysWow64\ippvc-6.1.dll
2013-08-16 04:35 . 2013-08-16 04:35 129200 ----a-w- c:\windows\SysWow64\ippcore-6.1.dll
2013-08-16 04:35 . 2013-08-16 04:35 104624 ----a-w- c:\windows\SysWow64\ippj-6.1.dll
2013-08-09 10:02 . 2013-08-09 10:02 66264 ----a-w- c:\windows\system32\btwdi.dll
2013-08-09 10:02 . 2013-08-09 10:02 2232024 ----a-w- c:\windows\system32\BcmBtRSupport.dll
2013-08-09 10:02 . 2013-08-09 10:02 170712 ----a-w- c:\windows\system32\drivers\bcbtums.sys
2013-08-09 10:02 . 2013-08-09 10:02 166104 ----a-w- c:\windows\system32\drivers\btwampfl.sys
2013-08-09 10:02 . 2013-08-09 10:02 2252504 ----a-w- c:\windows\system32\BtwRSupportService.exe
2013-08-02 01:48 . 2013-09-14 07:46 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2013-04-22 720064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-07-11 574008]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-07-20 113288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-30 1132320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
R3 bcbtums;Bluetooth USB LD Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
R3 btwampfl;btwampfl;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TTM57SLUsb;TTM 57SL USB driver;c:\windows\system32\Drivers\TTM57SLUsb.sys;c:\windows\SYSNATIVE\Drivers\TTM57SLUsb.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 BcmBtRSupport;Bluetooth Driver Management Service;c:\windows\system32\BtwRSupportService.exe;c:\windows\SYSNATIVE\BtwRSupportService.exe [x]
R4 CLKMSVC10_38F51D56;CyberLink Product - 2011/07/20 21:18;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1500020.001\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1500020.001\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1500020.001\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1500020.001\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\BASHDefs\20130924.001\BHDrvx64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\BASHDefs\20130924.001\BHDrvx64.sys [x]
S1 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\NISx64\1500020.001\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1500020.001\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\IPSDefs\20131004.001\IDSvia64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\IPSDefs\20131004.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1500020.001\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1500020.001\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1500020.001\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1500020.001\SYMNETS.SYS [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\21.0.2.1\NIS.exe;c:\program files (x86)\Norton Internet Security\Engine\21.0.2.1\NIS.exe [x]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys;c:\windows\SYSNATIVE\DRIVERS\amdhub30.sys [x]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys;c:\windows\SYSNATIVE\DRIVERS\amdxhc.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-19 03:43 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-15 23:37]
.
2013-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-15 23:37]
.
2013-09-29 c:\windows\Tasks\HPCeeScheduleForDDAY$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2013-09-29 c:\windows\Tasks\HPCeeScheduleForRushnlabs.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-16 1128448]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\21.0.2.1\NIS.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\21.0.2.1\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\NISx64\1500020.001\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton Internet Security\Engine\21.0.2.1;c:\program files (x86)\Norton Internet Security\Engine64\21.0.2.1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
.
**************************************************************************
.
Completion time: 2013-10-06  21:49:30 - machine was rebooted
ComboFix-quarantined-files.txt  2013-10-06 11:49
ComboFix2.txt  2013-10-06 04:23
.
Pre-Run: 569,443,651,584 bytes free
Post-Run: 569,247,567,872 bytes free
.
- - End Of File - - FB6090B4FE6D71A74CFCDEE4A7228DCD
A36C5E4F47E84449FF07ED3517B43A31


#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:54 PM

Posted 06 October 2013 - 10:57 AM

Can you please see if the folloiwng file exists:

 

c:\qoobox\quarantine\c\windows\system32\drivers\dgfmaptu.vir

 

If it exists, please upload it here: http://www.bleepingcomputer.com/submit-malware.php?channel=105


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users