Jump to content

BinDong

Honorary Members
 View Profile  See their activity

  • Posts

    45

  • Joined

  • Last visited

 Content Type 

Everything posted by BinDong

  1. BinDong
    Thank you for your help!
  2. BinDong
    As for the ESET scanner, is it safe to not uninstall it? Im going to scan with it also as like an extra protection. Also.. Using roguekiller.. is it safe or not on your own? I heard from some people that they used it all the time without much problems. I heard from others it can be dangerous. Can roguekiller be a program you just open up and scan and delete viruses?
  3. BinDong
    No more problems now. What could I do to prevent hijackers and such? I been scanning constantly and cannot detect anything. What could i do to prevent this from happening?
  4. BinDong
    I was thinking maybe it is my registery that was being messed up. I did some research and some say that Windows Update messes up your registery and such. Maybe that is the reason why my computer is acting that way. Are there any programs out there that I can run anytime and can fix my registery?
  5. BinDong
    I dont think i still have the browser redirect problem now. But when my computer starts up, sometimes it loads EXTREMELY slowly and i had to force restart it to get it working. I wonder if that is because of the virus or just my computer.
  6. BinDong
    ComboFix 12-11-22.03 - Bin 11/22/2012 8:56.3.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.5610.3968 [GMT -8:00] Running from: c:\users\Bin\Downloads\ComboFix.exe Command switches used :: c:\users\Bin\Downloads\CFScript.txt AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\users\Bin\unofficial tiaras moonshine mod g16s2-v118c(1).exe.part" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Bin\unofficial tiaras moonshine mod g16s2-v118c(1).exe.part . . ((((((((((((((((((((((((( Files Created from 2012-10-22 to 2012-11-22 ))))))))))))))))))))))))))))))) . . 2012-11-22 17:06 . 2012-11-22 17:06 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-22 08:14 . 2012-01-19 17:22 45936 ----a-w- c:\windows\SysWow64\SBBD.EXE 2012-11-18 23:20 . 2012-11-18 23:20 -------- d-----w- c:\users\Bin\Documentscode.client.directory.cache 2012-11-18 04:02 . 2012-11-18 04:02 -------- d-----w- c:\users\Bin\AppData\Local\AIM 2012-11-18 01:33 . 2012-10-30 05:04 66395536 ----a-w- c:\windows\system32\MRT.exe 2012-11-18 01:32 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll 2012-11-18 01:32 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-11-18 01:32 . 2012-10-18 18:25 3149824 ----a-w- c:\windows\system32\win32k.sys 2012-11-18 01:32 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-11-18 01:32 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-11-18 01:32 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-11-18 01:32 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll 2012-11-18 01:32 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-11-18 01:31 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll 2012-11-18 01:31 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll 2012-11-18 01:30 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll 2012-11-18 01:30 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll 2012-11-18 01:30 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-11-18 01:30 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-11-18 01:30 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll 2012-11-18 01:30 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-11-18 01:30 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-11-18 01:30 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-11-17 23:11 . 2012-01-12 16:28 74872 ----a-r- c:\windows\system32\drivers\sbapifs.sys 2012-11-17 23:10 . 2012-01-19 17:22 45936 ------w- c:\windows\system32\SBBD.EXE 2012-11-16 23:08 . 2012-11-16 23:08 -------- d-----w- c:\program files (x86)\ESET 2012-11-14 21:03 . 2012-11-15 02:24 -------- d-----w- c:\users\Bin\AppData\Roaming\QuickScan 2012-11-13 01:46 . 2012-11-13 01:46 -------- d-----w- c:\windows\system32\drivers\NSTx64 2012-11-13 01:46 . 2012-11-13 01:46 -------- d-----w- c:\program files (x86)\Norton Identity Safe 2012-11-13 01:43 . 2012-11-16 02:34 -------- d-----w- c:\windows\system32\drivers\NAVx64\1402000.013 2012-11-12 01:34 . 2011-12-16 04:29 31232 ----a-w- c:\windows\system32\drivers\tap0901.sys 2012-11-06 21:44 . 2012-11-06 21:44 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys 2012-11-06 21:44 . 2012-11-06 21:44 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll 2012-10-25 06:50 . 2012-10-25 06:50 535552 ----a-w- c:\windows\system32\drivers\stwrt64.sys 2012-10-25 06:50 . 2012-10-25 06:50 654336 ------w- c:\windows\system32\stapi64.dll 2012-10-25 06:50 . 2012-10-25 06:50 448512 ----a-w- c:\windows\system32\stcplx64.dll 2012-10-25 06:50 . 2012-10-25 06:50 1987072 ----a-w- c:\windows\system32\stapo64.dll 2012-10-25 06:50 . 2012-10-25 06:52 -------- d-----w- c:\program files\IDT . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-18 01:43 . 2012-09-26 00:56 205984 ----a-w- c:\programdata\Microsoft\VBExpress\10.0\1033\ResourceCache.dll 2012-11-13 01:44 . 2012-06-03 21:03 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2012-10-25 06:50 . 2012-04-08 03:18 4444672 ----a-w- c:\windows\system32\stlang64.dll 2012-10-25 06:50 . 2012-04-08 03:18 1425408 ----a-w- c:\windows\sttray64.exe 2012-10-25 06:50 . 2012-04-08 03:18 223744 ----a-w- c:\windows\system32\HPToneCtrls64.dll 2012-10-25 06:50 . 2012-04-08 03:18 6344704 ----a-w- c:\windows\system32\IDTNGUI.exe 2012-10-25 06:50 . 2012-04-08 03:18 5298688 ----a-w- c:\windows\system32\IDTNHP.dll 2012-10-25 06:50 . 2012-04-08 03:18 249344 ----a-w- c:\windows\system32\IDTNJ.exe 2012-10-25 06:50 . 2012-04-08 03:18 1819136 ----a-w- c:\windows\system32\IDTNC64.cpl 2012-10-25 06:50 . 2012-04-08 03:18 1085440 ----a-w- c:\windows\system32\IDTNX.dll 2012-10-25 06:50 . 2012-04-08 03:17 251904 ----a-w- c:\windows\system32\staco64.dll 2012-10-25 06:50 . 2012-04-08 03:18 68608 ----a-w- c:\windows\system32\AESTAR64.dll 2012-10-25 06:50 . 2012-04-08 03:18 442368 ----a-w- c:\windows\system32\AESTEC64.dll 2012-10-25 06:50 . 2012-04-08 03:18 162304 ----a-w- c:\windows\system32\AESTAC64.dll 2012-10-25 06:50 . 2012-04-08 03:18 90624 ----a-w- c:\windows\system32\AESTCo64.dll 2012-10-09 20:05 . 2012-06-03 22:14 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-10-09 20:05 . 2011-11-09 18:53 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-09 20:05 . 2012-10-09 20:05 10220472 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-09-30 02:54 . 2012-09-22 21:45 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-25 21:49 . 2012-08-01 21:12 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-09-25 21:49 . 2012-08-01 21:12 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-09-25 21:39 . 2012-08-20 15:42 916456 ----a-w- c:\windows\system32\deployJava1.dll 2012-09-25 21:39 . 2012-08-20 15:42 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-09-01 18:06 . 2012-09-01 18:06 3847762 ----a-w- C:\DeamonPackage.zip . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{AB4C7833-A6EC-433f-B9FE-6B14B1A2F836}] 2012-10-18 17:57 498584 ----a-r- c:\program files (x86)\Norton Identity Safe\Engine\2013.2.0.18\CoIEPlg.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{A13C2648-91D4-4bf3-BC6D-0079707C4389}"= "c:\program files (x86)\Norton Identity Safe\Engine\2013.2.0.18\coIEPlg.dll" [2012-10-18 498584] . [HKEY_CLASSES_ROOT\clsid\{a13c2648-91d4-4bf3-bc6d-0079707c4389}] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-28 343168] "HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-10-08 169528] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960] "HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-08-26 1342008] "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-02-15 577408] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-11-06 51712] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-05 1255736] R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-04-16 79488] S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-04-16 40064] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1402000.013\SYMDS64.SYS [2012-10-04 493216] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1402000.013\SYMEFA64.SYS [2012-10-04 1133216] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\BASHDefs\20121106.001_565\BHDrvx64.sys [2012-11-07 1384608] S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAVx64\1402000.013\ccSetx64.sys [2012-10-04 168096] S1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NSTx64\7DD02000.012\ccSetx64.sys [2012-10-04 168096] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-06-09 283200] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\IPSDefs\20121121.001\IDSvia64.sys [2012-11-11 513184] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1402000.013\Ironx64.SYS [2012-09-07 224416] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1402000.013\SYMNETS.SYS [2012-09-07 432800] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2012-10-25 89600] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-09-29 204288] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-09-28 361984] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2012\TrueSuiteService.exe [2011-08-26 260424] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-04-25 197504] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-27 30520] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-02-15 34872] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432] S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe [2012-10-11 143928] S2 NCO;Norton Identity Safe;c:\program files (x86)\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe [2012-10-11 143928] S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2012-01-12 74872] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys [2011-07-16 96896] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136] S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys [2011-07-16 214144] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-12 138912] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-05-31 338536] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-17 428136] S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-07-19 1145448] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] . . Contents of the 'Scheduled Tasks' folder . 2012-11-22 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-03 20:05] . 2012-11-13 c:\windows\Tasks\HPCeeScheduleForBin.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 12:43] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-09-30 43320] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-10-25 1425408] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 192.168.1.1 75.75.76.76 75.75.75.75 FF - ProfilePath - c:\users\Bin\AppData\Roaming\Mozilla\Firefox\Profiles\2726zvtm.default\ FF - prefs.js: browser.startup.homepage - www.msn.com FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: 2012-10-08 08:37; {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}; c:\users\Bin\AppData\Roaming\Mozilla\Firefox\Profiles\2726zvtm.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} FF - ExtSQL: 2012-11-12 17:46; {F04D2D30-776C-4d02-8627-8E4385ECA58D}; c:\programdata\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.2.0.18\coFFPlgn FF - ExtSQL: 2012-11-14 13:02; {e001c731-5e37-4538-a5cb-8168736a2360}; c:\users\Bin\AppData\Roaming\Mozilla\Firefox\Profiles\2726zvtm.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} FF - user.js: network.protocol-handler.warn-external.dnupdate - false . - - - - ORPHANS REMOVED - - - - . AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NAV] "ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\20.2.0.19\diMaster.dll\" /prefetch:1" -- . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NCO] "ImagePath"="\"c:\program files (x86)\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe\" /s \"NCO\" /m \"c:\program files (x86)\Norton Identity Safe\Engine\2013.2.0.18\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{49C795C2-604A-4D18-AEB1-B3EBA27E5EA2}"=hex:51,66,7a,6c,4c,1d,38,12,ac,96,d4, 4d,78,2e,76,08,d1,a7,f0,ab,a7,20,1a,b6 "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}"=hex:51,66,7a,6c,4c,1d,38,12,c0,08,7b, 68,6e,2b,53,0b,f0,d2,a5,e5,25,9d,9d,3c "{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40, 69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18 "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07, 72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57 "{8590886E-EC8C-43C1-A32C-E4C2B0B6395B}"=hex:51,66,7a,6c,4c,1d,38,12,00,8b,83, 81,be,a2,af,06,dc,3a,a7,82,b5,e8,7d,4f "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:24,8a,e6,21,f2,91,cd,01 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,24,72,f4,ce,d0,f0,7a,4d,88,1f,b4,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,24,72,f4,ce,d0,f0,7a,4d,88,1f,b4,\ . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-11-22 09:08:54 ComboFix-quarantined-files.txt 2012-11-22 17:08 ComboFix2.txt 2012-11-19 11:31 . Pre-Run: 531,266,633,728 bytes free Post-Run: 530,860,998,656 bytes free . - - End Of File - - EC9E3A3288862C34817FC3E534084DC6
  7. BinDong
    https://www.virustotal.com/file/520cabff6d04c255c143e2ef3b0b2525340bcc961a650e39f185b359d77b5840/analysis/
  8. BinDong
    It says that the application cannot be open in windows in Win32 mode.. my computer is 64 bit so i dont see why it doesnt run.
  9. BinDong
    Are there anywhere wrong with my computer with the post i posted?
  10. BinDong
    ComboFix 12-11-16.02 - Bin 11/19/2012 3:21.2.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.5610.3376 [GMT -8:00] Running from: c:\users\Bin\Downloads\ComboFix.exe AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Bin\AppData\Local\Temp\22abac685128.tmp c:\users\Bin\AppData\Local\Temp\8b03d16a82ce.tmp c:\users\Bin\AppData\Local\Temp\8eb5bac196cd.tmp c:\users\Bin\AppData\Local\Temp\a044da55a52a.tmp c:\users\Bin\AppData\Local\Temp\ad73b50bbd3d.tmp c:\users\Bin\AppData\Local\Temp\b588cce39dd0.tmp c:\users\Bin\AppData\Local\Temp\c940d5224159.tmp . . ((((((((((((((((((((((((( Files Created from 2012-10-19 to 2012-11-19 ))))))))))))))))))))))))))))))) . . 2012-11-19 11:29 . 2012-11-19 11:29 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-18 23:20 . 2012-11-18 23:20 -------- d-----w- c:\users\Bin\Documentscode.client.directory.cache 2012-11-18 04:02 . 2012-11-18 04:02 -------- d-----w- c:\users\Bin\AppData\Local\AIM 2012-11-18 01:33 . 2012-10-30 05:04 66395536 ----a-w- c:\windows\system32\MRT.exe 2012-11-18 01:32 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll 2012-11-18 01:32 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-11-18 01:32 . 2012-10-18 18:25 3149824 ----a-w- c:\windows\system32\win32k.sys 2012-11-18 01:32 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-11-18 01:32 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-11-18 01:32 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-11-18 01:32 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll 2012-11-18 01:32 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-11-18 01:31 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll 2012-11-18 01:31 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll 2012-11-18 01:30 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll 2012-11-18 01:30 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll 2012-11-18 01:30 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-11-18 01:30 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-11-18 01:30 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll 2012-11-18 01:30 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-11-18 01:30 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-11-18 01:30 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-11-17 23:11 . 2012-01-12 16:28 74872 ----a-r- c:\windows\system32\drivers\sbapifs.sys 2012-11-17 23:10 . 2012-01-19 17:22 45936 ------w- c:\windows\system32\SBBD.EXE 2012-11-16 23:08 . 2012-11-16 23:08 -------- d-----w- c:\program files (x86)\ESET 2012-11-14 21:03 . 2012-11-15 02:24 -------- d-----w- c:\users\Bin\AppData\Roaming\QuickScan 2012-11-13 01:46 . 2012-11-13 01:46 -------- d-----w- c:\windows\system32\drivers\NSTx64 2012-11-13 01:46 . 2012-11-13 01:46 -------- d-----w- c:\program files (x86)\Norton Identity Safe 2012-11-13 01:43 . 2012-11-16 02:34 -------- d-----w- c:\windows\system32\drivers\NAVx64\1402000.013 2012-11-12 01:34 . 2011-12-16 04:29 31232 ----a-w- c:\windows\system32\drivers\tap0901.sys 2012-11-06 21:44 . 2012-11-06 21:44 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys 2012-11-06 21:44 . 2012-11-06 21:44 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll 2012-10-25 06:50 . 2012-10-25 06:50 535552 ----a-w- c:\windows\system32\drivers\stwrt64.sys 2012-10-25 06:50 . 2012-10-25 06:50 654336 ------w- c:\windows\system32\stapi64.dll 2012-10-25 06:50 . 2012-10-25 06:50 448512 ----a-w- c:\windows\system32\stcplx64.dll 2012-10-25 06:50 . 2012-10-25 06:50 1987072 ----a-w- c:\windows\system32\stapo64.dll 2012-10-25 06:50 . 2012-10-25 06:52 -------- d-----w- c:\program files\IDT 2012-10-23 00:11 . 2012-10-23 00:11 -------- d-----w- c:\users\Bin\AppData\Roaming\Unity 2012-10-22 23:00 . 2012-11-18 04:00 -------- d-----w- c:\users\Bin\AppData\Local\Unity 2012-10-21 03:19 . 2012-10-21 03:21 -------- d-----w- c:\users\Bin\AppData\Roaming\Notepad++ 2012-10-21 03:19 . 2012-10-21 03:19 -------- d-----w- c:\program files (x86)\Notepad++ . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-18 01:43 . 2012-09-26 00:56 205984 ----a-w- c:\programdata\Microsoft\VBExpress\10.0\1033\ResourceCache.dll 2012-11-13 01:44 . 2012-06-03 21:03 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2012-10-25 06:50 . 2012-04-08 03:18 4444672 ----a-w- c:\windows\system32\stlang64.dll 2012-10-25 06:50 . 2012-04-08 03:18 1425408 ----a-w- c:\windows\sttray64.exe 2012-10-25 06:50 . 2012-04-08 03:18 223744 ----a-w- c:\windows\system32\HPToneCtrls64.dll 2012-10-25 06:50 . 2012-04-08 03:18 6344704 ----a-w- c:\windows\system32\IDTNGUI.exe 2012-10-25 06:50 . 2012-04-08 03:18 5298688 ----a-w- c:\windows\system32\IDTNHP.dll 2012-10-25 06:50 . 2012-04-08 03:18 249344 ----a-w- c:\windows\system32\IDTNJ.exe 2012-10-25 06:50 . 2012-04-08 03:18 1819136 ----a-w- c:\windows\system32\IDTNC64.cpl 2012-10-25 06:50 . 2012-04-08 03:18 1085440 ----a-w- c:\windows\system32\IDTNX.dll 2012-10-25 06:50 . 2012-04-08 03:17 251904 ----a-w- c:\windows\system32\staco64.dll 2012-10-25 06:50 . 2012-04-08 03:18 68608 ----a-w- c:\windows\system32\AESTAR64.dll 2012-10-25 06:50 . 2012-04-08 03:18 442368 ----a-w- c:\windows\system32\AESTEC64.dll 2012-10-25 06:50 . 2012-04-08 03:18 162304 ----a-w- c:\windows\system32\AESTAC64.dll 2012-10-25 06:50 . 2012-04-08 03:18 90624 ----a-w- c:\windows\system32\AESTCo64.dll 2012-10-09 20:05 . 2012-06-03 22:14 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-10-09 20:05 . 2011-11-09 18:53 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-09 20:05 . 2012-10-09 20:05 10220472 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-09-30 02:54 . 2012-09-22 21:45 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-25 21:49 . 2012-08-01 21:12 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-09-25 21:49 . 2012-08-01 21:12 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-09-25 21:39 . 2012-08-20 15:42 916456 ----a-w- c:\windows\system32\deployJava1.dll 2012-09-25 21:39 . 2012-08-20 15:42 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-09-01 18:06 . 2012-09-01 18:06 3847762 ----a-w- C:\DeamonPackage.zip 2012-08-25 04:40 . 2012-08-25 04:40 1148272 ----a-w- c:\users\Bin\unofficial tiaras moonshine mod g16s2-v118c(1).exe.part 2012-08-22 18:12 . 2012-09-21 23:19 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-08-22 18:12 . 2012-09-21 23:19 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-08-22 18:12 . 2012-09-21 23:19 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-08-21 20:01 . 2012-09-25 18:35 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-08-21 20:01 . 2012-06-21 04:58 125872 ----a-w- c:\windows\system32\GEARAspi64.dll 2012-08-21 20:01 . 2012-06-21 04:58 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{AB4C7833-A6EC-433f-B9FE-6B14B1A2F836}] 2012-10-18 17:57 498584 ----a-r- c:\program files (x86)\Norton Identity Safe\Engine\2013.2.0.18\CoIEPlg.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{A13C2648-91D4-4bf3-BC6D-0079707C4389}"= "c:\program files (x86)\Norton Identity Safe\Engine\2013.2.0.18\coIEPlg.dll" [2012-10-18 498584] . [HKEY_CLASSES_ROOT\clsid\{a13c2648-91d4-4bf3-bc6d-0079707c4389}] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-28 343168] "HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-10-08 169528] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960] "HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-08-26 1342008] "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-02-15 577408] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-11-06 51712] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-05 1255736] R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-04-16 79488] S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-04-16 40064] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1402000.013\SYMDS64.SYS [2012-10-04 493216] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1402000.013\SYMEFA64.SYS [2012-10-04 1133216] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\BASHDefs\20121106.001_565\BHDrvx64.sys [2012-11-07 1384608] S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAVx64\1402000.013\ccSetx64.sys [2012-10-04 168096] S1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NSTx64\7DD02000.012\ccSetx64.sys [2012-10-04 168096] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-06-09 283200] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\IPSDefs\20121116.001\IDSvia64.sys [2012-11-11 513184] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1402000.013\Ironx64.SYS [2012-09-07 224416] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1402000.013\SYMNETS.SYS [2012-09-07 432800] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2012-10-25 89600] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-09-29 204288] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-09-28 361984] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2012\TrueSuiteService.exe [2011-08-26 260424] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-04-25 197504] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-27 30520] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-02-15 34872] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432] S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe [2012-10-11 143928] S2 NCO;Norton Identity Safe;c:\program files (x86)\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe [2012-10-11 143928] S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2012-01-12 74872] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys [2011-07-16 96896] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136] S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys [2011-07-16 214144] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088] S3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-12 138912] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-05-31 338536] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-17 428136] S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-07-19 1145448] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] . . Contents of the 'Scheduled Tasks' folder . 2012-11-19 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-03 20:05] . 2012-11-13 c:\windows\Tasks\HPCeeScheduleForBin.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 12:43] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-09-30 43320] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-10-25 1425408] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 192.168.1.1 75.75.76.76 75.75.75.75 FF - ProfilePath - c:\users\Bin\AppData\Roaming\Mozilla\Firefox\Profiles\2726zvtm.default\ FF - prefs.js: browser.startup.homepage - www.msn.com FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: 2012-10-08 08:37; {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}; c:\users\Bin\AppData\Roaming\Mozilla\Firefox\Profiles\2726zvtm.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} FF - ExtSQL: 2012-11-12 17:46; {F04D2D30-776C-4d02-8627-8E4385ECA58D}; c:\programdata\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.2.0.18\coFFPlgn FF - ExtSQL: 2012-11-14 13:02; {e001c731-5e37-4538-a5cb-8168736a2360}; c:\users\Bin\AppData\Roaming\Mozilla\Firefox\Profiles\2726zvtm.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} FF - user.js: network.protocol-handler.warn-external.dnupdate - false . - - - - ORPHANS REMOVED - - - - . SafeBoot-36575894.sys SafeBoot-74869095.sys HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NAV] "ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\20.2.0.19\diMaster.dll\" /prefetch:1" -- . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NCO] "ImagePath"="\"c:\program files (x86)\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe\" /s \"NCO\" /m \"c:\program files (x86)\Norton Identity Safe\Engine\2013.2.0.18\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{49C795C2-604A-4D18-AEB1-B3EBA27E5EA2}"=hex:51,66,7a,6c,4c,1d,38,12,ac,96,d4, 4d,78,2e,76,08,d1,a7,f0,ab,a7,20,1a,b6 "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}"=hex:51,66,7a,6c,4c,1d,38,12,c0,08,7b, 68,6e,2b,53,0b,f0,d2,a5,e5,25,9d,9d,3c "{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40, 69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18 "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07, 72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57 "{8590886E-EC8C-43C1-A32C-E4C2B0B6395B}"=hex:51,66,7a,6c,4c,1d,38,12,00,8b,83, 81,be,a2,af,06,dc,3a,a7,82,b5,e8,7d,4f "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:24,8a,e6,21,f2,91,cd,01 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,24,72,f4,ce,d0,f0,7a,4d,88,1f,b4,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,24,72,f4,ce,d0,f0,7a,4d,88,1f,b4,\ . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-11-19 03:31:54 ComboFix-quarantined-files.txt 2012-11-19 11:31 . Pre-Run: 531,878,350,848 bytes free Post-Run: 533,010,345,984 bytes free . - - End Of File - - D6EB31A6D11811C08534E08A6560980E
  11. BinDong
    2 days no reply. Are you still with me Maniac?
  12. BinDong
    Forgot to mention.. my computer seems to be slower than usual.. If we can't do anything about this virus or trojan that is hidden.. Im deciding to do a reformat to get rid of it and start off new.
  13. BinDong
    My google is still redirecting me to YQL. It'll stop in like about 20-30 minutes and continue whenever it wants.
  14. BinDong
    When I login after typing my password on the login screen, sometimes my screen turns black. Sometimes nothing appears just the background and sometimes its normal. I wonder if this is the virus or trojan's doing. Can you check into it or does the report tells you that im fine? I also ran the ESET once more and got this result.. esets_scanner_update returned -1 esets_gle=53251
  15. BinDong
    ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK
  16. BinDong
    ComboFix 12-11-16.02 - Bin 11/16/2012 11:55:53.1.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.5610.3841 [GMT -8:00] Running from: c:\users\Bin\Downloads\ComboFix.exe AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-10-16 to 2012-11-16 ))))))))))))))))))))))))))))))) . . 2012-11-16 20:04 . 2012-11-16 20:04 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-14 21:03 . 2012-11-15 02:24 -------- d-----w- c:\users\Bin\AppData\Roaming\QuickScan 2012-11-13 01:46 . 2012-11-13 01:46 -------- d-----w- c:\windows\system32\drivers\NSTx64 2012-11-13 01:46 . 2012-11-13 01:46 -------- d-----w- c:\program files (x86)\Norton Identity Safe 2012-11-13 01:43 . 2012-11-16 02:34 -------- d-----w- c:\windows\system32\drivers\NAVx64\1402000.013 2012-11-12 01:34 . 2011-12-16 04:29 31232 ----a-w- c:\windows\system32\drivers\tap0901.sys 2012-11-06 21:44 . 2012-11-06 21:44 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys 2012-11-06 21:44 . 2012-11-06 21:44 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll 2012-10-25 06:50 . 2012-10-25 06:50 535552 ----a-w- c:\windows\system32\drivers\stwrt64.sys 2012-10-25 06:50 . 2012-10-25 06:50 654336 ------w- c:\windows\system32\stapi64.dll 2012-10-25 06:50 . 2012-10-25 06:50 448512 ----a-w- c:\windows\system32\stcplx64.dll 2012-10-25 06:50 . 2012-10-25 06:50 1987072 ----a-w- c:\windows\system32\stapo64.dll 2012-10-25 06:50 . 2012-10-25 06:52 -------- d-----w- c:\program files\IDT 2012-10-23 00:17 . 2012-10-23 00:17 -------- d-----w- C:\_OTM 2012-10-23 00:11 . 2012-10-23 00:11 -------- d-----w- c:\users\Bin\AppData\Roaming\Unity 2012-10-22 23:00 . 2012-10-22 23:00 -------- d-----w- c:\users\Bin\AppData\Local\Unity 2012-10-21 03:19 . 2012-10-21 03:21 -------- d-----w- c:\users\Bin\AppData\Roaming\Notepad++ 2012-10-21 03:19 . 2012-10-21 03:19 -------- d-----w- c:\program files (x86)\Notepad++ . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-13 01:44 . 2012-06-03 21:03 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2012-10-25 06:50 . 2012-04-08 03:18 4444672 ----a-w- c:\windows\system32\stlang64.dll 2012-10-25 06:50 . 2012-04-08 03:18 1425408 ----a-w- c:\windows\sttray64.exe 2012-10-25 06:50 . 2012-04-08 03:18 223744 ----a-w- c:\windows\system32\HPToneCtrls64.dll 2012-10-25 06:50 . 2012-04-08 03:18 6344704 ----a-w- c:\windows\system32\IDTNGUI.exe 2012-10-25 06:50 . 2012-04-08 03:18 5298688 ----a-w- c:\windows\system32\IDTNHP.dll 2012-10-25 06:50 . 2012-04-08 03:18 249344 ----a-w- c:\windows\system32\IDTNJ.exe 2012-10-25 06:50 . 2012-04-08 03:18 1819136 ----a-w- c:\windows\system32\IDTNC64.cpl 2012-10-25 06:50 . 2012-04-08 03:18 1085440 ----a-w- c:\windows\system32\IDTNX.dll 2012-10-25 06:50 . 2012-04-08 03:17 251904 ----a-w- c:\windows\system32\staco64.dll 2012-10-25 06:50 . 2012-04-08 03:18 68608 ----a-w- c:\windows\system32\AESTAR64.dll 2012-10-25 06:50 . 2012-04-08 03:18 442368 ----a-w- c:\windows\system32\AESTEC64.dll 2012-10-25 06:50 . 2012-04-08 03:18 162304 ----a-w- c:\windows\system32\AESTAC64.dll 2012-10-25 06:50 . 2012-04-08 03:18 90624 ----a-w- c:\windows\system32\AESTCo64.dll 2012-10-09 20:05 . 2012-06-03 22:14 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-10-09 20:05 . 2011-11-09 18:53 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-09 20:05 . 2012-10-09 20:05 10220472 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-09-30 02:54 . 2012-09-22 21:45 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-26 00:58 . 2012-09-26 00:56 205984 ----a-w- c:\programdata\Microsoft\VBExpress\10.0\1033\ResourceCache.dll 2012-09-25 21:49 . 2012-08-01 21:12 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-09-25 21:49 . 2012-08-01 21:12 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-09-25 21:39 . 2012-08-20 15:42 916456 ----a-w- c:\windows\system32\deployJava1.dll 2012-09-25 21:39 . 2012-08-20 15:42 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-09-01 18:06 . 2012-09-01 18:06 3847762 ----a-w- C:\DeamonPackage.zip 2012-08-25 04:40 . 2012-08-25 04:40 1148272 ----a-w- c:\users\Bin\unofficial tiaras moonshine mod g16s2-v118c(1).exe.part 2012-08-22 18:12 . 2012-09-21 23:19 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-08-22 18:12 . 2012-09-21 23:19 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-08-22 18:12 . 2012-09-21 23:19 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-08-21 20:01 . 2012-09-25 18:35 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-08-21 20:01 . 2012-06-21 04:58 125872 ----a-w- c:\windows\system32\GEARAspi64.dll 2012-08-21 20:01 . 2012-06-21 04:58 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{AB4C7833-A6EC-433f-B9FE-6B14B1A2F836}] 2012-10-18 17:57 498584 ----a-r- c:\program files (x86)\Norton Identity Safe\Engine\2013.2.0.18\CoIEPlg.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{A13C2648-91D4-4bf3-BC6D-0079707C4389}"= "c:\program files (x86)\Norton Identity Safe\Engine\2013.2.0.18\coIEPlg.dll" [2012-10-18 498584] . [HKEY_CLASSES_ROOT\clsid\{a13c2648-91d4-4bf3-bc6d-0079707c4389}] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-28 343168] "HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-10-08 169528] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960] "HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-08-26 1342008] "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-02-15 577408] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 EraserSvc11220;Symantec Eraser Service;c:\program files (x86)\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe [2012-10-11 143928] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-11-06 51712] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-05 1255736] R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-04-16 79488] S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-04-16 40064] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1402000.013\SYMDS64.SYS [2012-10-04 493216] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1402000.013\SYMEFA64.SYS [2012-10-04 1133216] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\BASHDefs\20121106.001_565\BHDrvx64.sys [2012-11-07 1384608] S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAVx64\1402000.013\ccSetx64.sys [2012-10-04 168096] S1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NSTx64\7DD02000.012\ccSetx64.sys [2012-10-04 168096] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-06-09 283200] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\IPSDefs\20121115.001\IDSvia64.sys [2012-11-11 513184] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1402000.013\Ironx64.SYS [2012-09-07 224416] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1402000.013\SYMNETS.SYS [2012-09-07 432800] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2012-10-25 89600] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-09-29 204288] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-09-28 361984] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2012\TrueSuiteService.exe [2011-08-26 260424] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-04-25 197504] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-27 30520] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-02-15 34872] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432] S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe [2012-10-11 143928] S2 NCO;Norton Identity Safe;c:\program files (x86)\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe [2012-10-11 143928] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys [2011-07-16 96896] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136] S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys [2011-07-16 214144] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-12 138912] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-05-31 338536] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-17 428136] S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-07-19 1145448] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] . . Contents of the 'Scheduled Tasks' folder . 2012-11-16 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-03 20:05] . 2012-11-13 c:\windows\Tasks\HPCeeScheduleForBin.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 12:43] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-09-30 43320] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-10-25 1425408] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 192.168.1.1 75.75.76.76 75.75.75.75 FF - ProfilePath - c:\users\Bin\AppData\Roaming\Mozilla\Firefox\Profiles\2726zvtm.default\ FF - prefs.js: browser.startup.homepage - www.msn.com FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: 2012-10-08 08:37; {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}; c:\users\Bin\AppData\Roaming\Mozilla\Firefox\Profiles\2726zvtm.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} FF - ExtSQL: 2012-11-12 17:46; {F04D2D30-776C-4d02-8627-8E4385ECA58D}; c:\programdata\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.2.0.18\coFFPlgn FF - ExtSQL: 2012-11-14 13:02; {e001c731-5e37-4538-a5cb-8168736a2360}; c:\users\Bin\AppData\Roaming\Mozilla\Firefox\Profiles\2726zvtm.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} FF - user.js: network.protocol-handler.warn-external.dnupdate - false . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{49c795c2-604a-4d18-aeb1-b3eba27e5ea2} - (no file) SafeBoot-06028505.sys SafeBoot-36849809.sys SafeBoot-61076567.sys SafeBoot-70517719.sys HKLM_Wow6432Node-ActiveSetup-{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec WebBrowser-{49C795C2-604A-4D18-AEB1-B3EBA27E5EA2} - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NAV] "ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\20.2.0.19\diMaster.dll\" /prefetch:1" -- . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NCO] "ImagePath"="\"c:\program files (x86)\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe\" /s \"NCO\" /m \"c:\program files (x86)\Norton Identity Safe\Engine\2013.2.0.18\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{49C795C2-604A-4D18-AEB1-B3EBA27E5EA2}"=hex:51,66,7a,6c,4c,1d,38,12,ac,96,d4, 4d,78,2e,76,08,d1,a7,f0,ab,a7,20,1a,b6 "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}"=hex:51,66,7a,6c,4c,1d,38,12,c0,08,7b, 68,6e,2b,53,0b,f0,d2,a5,e5,25,9d,9d,3c "{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40, 69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18 "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07, 72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57 "{8590886E-EC8C-43C1-A32C-E4C2B0B6395B}"=hex:51,66,7a,6c,4c,1d,38,12,00,8b,83, 81,be,a2,af,06,dc,3a,a7,82,b5,e8,7d,4f "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:24,8a,e6,21,f2,91,cd,01 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,24,72,f4,ce,d0,f0,7a,4d,88,1f,b4,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,24,72,f4,ce,d0,f0,7a,4d,88,1f,b4,\ . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-11-16 12:06:08 ComboFix-quarantined-files.txt 2012-11-16 20:06 . Pre-Run: 535,314,632,704 bytes free Post-Run: 535,014,555,648 bytes free . - - End Of File - - E90E2EF6174462633716520D32082CE4
  17. BinDong
    --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1009 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, Q:\ DRIVE_FIXED CPU speed: 1.597000 GHz Memory total: 5882413056, free: 2215432192 ------------ Kernel report ------------ 11/15/2012 13:57:07 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_AuthenticAMD.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\compbatt.sys \SystemRoot\system32\drivers\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\system32\drivers\pciide.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\msahci.sys \SystemRoot\system32\DRIVERS\amd_sata.sys \SystemRoot\system32\DRIVERS\storport.sys \SystemRoot\system32\DRIVERS\amd_xata.sys \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\NAVx64\1402000.013\SYMDS64.SYS \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\system32\drivers\NAVx64\1402000.013\SYMEFA64.SYS \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\system32\DRIVERS\hpdskflt.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\drivers\disk.sys \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\dtsoftbus01.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\drivers\NAVx64\1402000.013\ccSetx64.sys \SystemRoot\system32\drivers\NSTx64\7DD02000.012\ccSetx64.sys \SystemRoot\System32\Drivers\NAVx64\1402000.013\SRTSP64.SYS \SystemRoot\system32\drivers\NAVx64\1402000.013\SRTSPX64.SYS \SystemRoot\system32\drivers\NAVx64\1402000.013\Ironx64.SYS \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\VirusDefs\20121114.008\EX64.SYS \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\VirusDefs\20121114.008\ENG64.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\System32\Drivers\NAVx64\1402000.013\SYMNETS.SYS \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\IPSDefs\20121114.001\IDSvia64.sys \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\drivers\blbdrive.sys \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\BASHDefs\20121106.001_565\BHDrvx64.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\amdppm.sys \SystemRoot\system32\DRIVERS\atikmpag.sys \SystemRoot\system32\DRIVERS\atikmdag.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\Rt64win7.sys \SystemRoot\system32\DRIVERS\rtl8192Ce.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\system32\DRIVERS\RtsPStor.sys \SystemRoot\system32\DRIVERS\sdbus.sys \SystemRoot\system32\DRIVERS\amdxhc.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\usbohci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\SynTP.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\drivers\CmBatt.sys \SystemRoot\system32\DRIVERS\Accelerometer.sys \SystemRoot\system32\drivers\wmiacpi.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\clwvd.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\rdpbus.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\DRIVERS\amdiox64.sys \SystemRoot\system32\DRIVERS\circlass.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\AtihdW76.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\DRIVERS\amdhub30.sys \SystemRoot\system32\DRIVERS\stwrt64.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_diskdump.sys \SystemRoot\System32\Drivers\dump_amd_sata.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\luafv.sys \??\C:\Windows\system32\drivers\mbam.sys \SystemRoot\system32\DRIVERS\Sftvollh.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\WinUSB.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\system32\DRIVERS\Sftfslh.sys \SystemRoot\system32\DRIVERS\Sftplaylh.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\DRIVERS\Sftredirlh.sys \??\C:\Windows\system32\drivers\EagleX64.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\setupapi.dll \Windows\System32\wininet.dll \Windows\System32\nsi.dll \Windows\System32\advapi32.dll \Windows\System32\msctf.dll \Windows\System32\iertutil.dll \Windows\System32\urlmon.dll \Windows\System32\ws2_32.dll \Windows\System32\kernel32.dll \Windows\System32\gdi32.dll \Windows\System32\ole32.dll \Windows\System32\psapi.dll \Windows\System32\msvcrt.dll \Windows\System32\shell32.dll \Windows\System32\comdlg32.dll \Windows\System32\clbcatq.dll \Windows\System32\Wldap32.dll \Windows\System32\sechost.dll \Windows\System32\difxapi.dll \Windows\System32\oleaut32.dll \Windows\System32\user32.dll \Windows\System32\shlwapi.dll \Windows\System32\normaliz.dll \Windows\System32\imagehlp.dll \Windows\System32\lpk.dll \Windows\System32\imm32.dll \Windows\System32\rpcrt4.dll \Windows\System32\usp10.dll \Windows\System32\comctl32.dll \Windows\System32\wintrust.dll \Windows\System32\crypt32.dll \Windows\System32\devobj.dll \Windows\System32\cfgmgr32.dll \Windows\System32\KernelBase.dll \Windows\System32\msasn1.dll \Windows\SysWOW64\normaliz.dll ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8005c98060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000075\ Lower Device Object: 0xfffffa800597e620 Lower Device Driver Name: \Driver\amd_sata\ Driver name found: amd_sata DriverEntry returned 0x0 Function returned 0x0 Downloaded database version: v2012.11.15.08 Downloaded database version: v2012.11.14.03 Initializing... Done! Scanning directory: C:\Windows\system32\drivers... <<<2>>> Device number: 0, partition: 2 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8005c98060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8005b05870, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8005c98060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8005b06b10, DeviceName: Unknown, DriverName: \Driver\hpdskflt\ DevicePointer: 0xfffffa800597a6c0, DeviceName: Unknown, DriverName: \Driver\amd_xata\ DevicePointer: 0xfffffa800597f5f0, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xfffffa800597e620, DeviceName: \Device\00000075\, DriverName: \Driver\amd_sata\ ------------ End ---------- Upper DeviceData: 0xfffff8a012574ad0, 0xfffffa8005c98060, 0xfffffa800a308790 Lower DeviceData: 0xfffff8a01d16ecf0, 0xfffffa800597e620, 0xfffffa800970a640 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: E871E610 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 407552 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 409600 Numsec = 1196263424 Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 1196673024 Numsec = 45266944 Partition 3 type is Other (0xc) Partition is NOT ACTIVE. Partition starts at LBA: 1241939968 Numsec = 8321024 Disk Size: 640135028736 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1250243728-1250263728)... Done! Performing system, memory and registry scan... Done! Scan finished =======================================
  18. BinDong
    Malwarebytes Anti-Rootkit 1.1.0.1009 www.malwarebytes.org Database version: v2012.11.15.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Bin :: BIN-HP [administrator] 11/15/2012 2:17:58 PM mbar-log-2012-11-15 (14-17-58).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: PUP | PUM | P2P Objects scanned: 27155 Time elapsed: 20 minute(s), 36 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  19. BinDong
    DDS (Ver_2012-11-07.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16455 Run by Bin at 15:28:31 on 2012-11-14 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.5610.3022 [GMT -8:00] . AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV64.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\Hpservice.exe C:\Windows\system32\atieclxx.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k WbioSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\IDT\WDM\AESTSr64.exe C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\HP SimplePass 2012\TouchControl.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\HP SimplePass 2012\BioMonitor.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files (x86)\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe Q:\140066.enu\Office14\WINWORDC.EXE C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Windows\splwow64.exe Q:\140066.enu\Office14\OffSpon.EXE C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uURLSearchHooks: {49c795c2-604a-4d18-aeb1-b3eba27e5ea2} - <orphaned> mWinlogon: Userinit = userinit.exe, BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\20.2.0.19\IPS\IPSBHO.dll BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Norton Identity Protection: {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.0.18\CoIEPlg.dll TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.0.18\CoIEPlg.dll mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll TCP: NameServer = 192.168.1.1 75.75.76.76 75.75.75.75 TCP: Interfaces\{AF16A3B6-4D5B-4C46-BBDD-ED7990CC6C75} : DHCPNameServer = 192.168.1.1 75.75.76.76 75.75.75.75 TCP: Interfaces\{AF16A3B6-4D5B-4C46-BBDD-ED7990CC6C75}\33054395C4 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{AF16A3B6-4D5B-4C46-BBDD-ED7990CC6C75}\4514C4C495D20534F5E4564777F627B63716373797 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{AF16A3B6-4D5B-4C46-BBDD-ED7990CC6C75}\452554E444E65647635323 : DHCPNameServer = 192.168.10.1 TCP: Interfaces\{AF16A3B6-4D5B-4C46-BBDD-ED7990CC6C75}\5436F6E6F623 : DHCPNameServer = 172.23.223.1 TCP: Interfaces\{AF16A3B6-4D5B-4C46-BBDD-ED7990CC6C75}\5436F6E6F6245796C64696E67623 : DHCPNameServer = 172.23.223.1 192.168.160.1 TCP: Interfaces\{AF16A3B6-4D5B-4C46-BBDD-ED7990CC6C75}\749414E445541474C454 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{AF16A3B6-4D5B-4C46-BBDD-ED7990CC6C75}\B4566796E6 : DHCPNameServer = 192.168.1.1 Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\x64\IEBHO.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [setDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> x64-mASetup: {6032497A-4479-462B-ADB8-A0A372BB9A23} - msiexec /fu {6032497A-4479-462B-ADB8-A0A372BB9A23} /qn . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Bin\AppData\Roaming\Mozilla\Firefox\Profiles\2726zvtm.default\ FF - prefs.js: browser.startup.homepage - www.msn.com FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll FF - plugin: C:\Users\Bin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Users\Bin\AppData\Roaming\Mozilla\Firefox\Profiles\2726zvtm.default\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\plugins\np-mswmp.dll FF - plugin: C:\Users\Bin\AppData\Roaming\Mozilla\Firefox\Profiles\2726zvtm.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll FF - plugin: C:\Windows\System32\npDeployJava1.dll FF - plugin: C:\Windows\System32\npmproxy.dll FF - plugin: C:\Windows\System32\npOGPPlugin.dll FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - plugin: C:\Windows\SysWOW64\npOGPPlugin.dll FF - ExtSQL: 2012-10-08 08:37; {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}; C:\Users\Bin\AppData\Roaming\Mozilla\Firefox\Profiles\2726zvtm.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} FF - ExtSQL: 2012-11-12 17:46; {F04D2D30-776C-4d02-8627-8E4385ECA58D}; C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.2.0.18\coFFPlgn FF - ExtSQL: 2012-11-14 13:02; {e001c731-5e37-4538-a5cb-8168736a2360}; C:\Users\Bin\AppData\Roaming\Mozilla\Firefox\Profiles\2726zvtm.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} FF - ExtSQL: 2012-11-14 13:44; {cb84136f-9c44-433a-9048-c5cd9df1dc16}; C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox . ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - false ============= SERVICES / DRIVERS =============== . R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-4-16 79488] R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-4-16 40064] R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NAVx64\1402000.013\SymDS64.sys [2012-11-12 493216] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NAVx64\1402000.013\SymEFA64.sys [2012-11-12 1133216] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\BASHDefs\20121106.001\BHDrvx64.sys [2012-10-23 1384608] R1 ccSet_NAV;Norton AntiVirus Settings Manager;C:\Windows\System32\drivers\NAVx64\1402000.013\ccSetx64.sys [2012-11-12 168096] R1 ccSet_NST;Norton Identity Safe Settings Manager;C:\Windows\System32\drivers\NSTx64\7DD02000.012\ccSetx64.sys [2012-11-12 168096] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-6-9 283200] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\IPSDefs\20121113.003\IDSviA64.sys [2012-11-13 513184] R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NAVx64\1402000.013\Ironx64.sys [2012-11-12 224416] R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NAVx64\1402000.013\symnets.sys [2012-11-12 432800] R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-10-24 89600] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-9-28 204288] R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-9-28 361984] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe [2011-8-26 260424] R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072] R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-4-25 197504] R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-27 30520] R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-2-15 34872] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-22 399432] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-22 676936] R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe [2012-11-12 143928] R2 NCO;Norton Identity Safe;C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe [2012-11-12 143928] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\System32\drivers\amdhub30.sys [2011-7-16 96896] R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-4-7 46136] R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\amdxhc.sys [2011-7-16 214144] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-11-17 115216] R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-12 138912] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-9-22 25928] R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-4-7 338536] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-4-7 428136] R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192ce.sys [2012-4-7 1145448] R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264] R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648] R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960] R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] R4 PCTSD;PC Tools Spyware Doctor Driver;C:\Windows\System32\drivers\PCTSD64.sys [2012-9-28 253256] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-3 160944] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864] S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-11-6 51712] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-6-5 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== File Associations =============== . FileExt: .js: js_auto_file=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice] . =============== Created Last 30 ================ . 2012-11-14 21:10:27 208216 ----a-w- C:\Windows\System32\drivers\61313175.sys 2012-11-14 21:03:11 -------- d-----w- C:\Users\Bin\AppData\Roaming\QuickScan 2012-11-14 19:53:29 3149824 ----a-w- C:\Windows\System32\win32k.sys 2012-11-14 19:53:29 220160 ----a-w- C:\Windows\System32\wintrust.dll 2012-11-14 19:53:29 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll 2012-11-14 19:53:28 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-11-14 19:53:28 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-11-14 19:53:27 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-11-14 19:53:22 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-11-14 19:53:22 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-11-14 19:52:56 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-11-14 19:52:56 1464320 ----a-w- C:\Windows\System32\crypt32.dll 2012-11-14 19:52:56 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-11-14 19:52:56 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-11-14 19:52:56 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-11-14 19:52:56 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2012-11-14 19:52:42 715776 ----a-w- C:\Windows\System32\kerberos.dll 2012-11-14 19:52:42 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll 2012-11-14 19:50:55 95744 ----a-w- C:\Windows\System32\synceng.dll 2012-11-14 19:50:55 78336 ----a-w- C:\Windows\SysWow64\synceng.dll 2012-11-13 01:46:31 168096 ----a-r- C:\Windows\System32\drivers\NSTx64\7DD02000.012\ccSetx64.sys 2012-11-13 01:46:27 -------- d-----w- C:\Windows\System32\drivers\NSTx64\7DD02000.012 2012-11-13 01:46:27 -------- d-----w- C:\Windows\System32\drivers\NSTx64 2012-11-13 01:46:26 -------- d-----w- C:\Program Files (x86)\Norton Identity Safe 2012-11-13 01:43:39 432800 ----a-r- C:\Windows\System32\drivers\NAVx64\1402000.013\symnets.sys 2012-11-13 01:43:39 23448 ----a-r- C:\Windows\System32\drivers\NAVx64\1402000.013\SymELAM.sys 2012-11-13 01:43:39 1133216 ----a-r- C:\Windows\System32\drivers\NAVx64\1402000.013\SymEFA64.sys 2012-11-13 01:43:38 776864 ----a-r- C:\Windows\System32\drivers\NAVx64\1402000.013\srtsp64.sys 2012-11-13 01:43:38 493216 ----a-r- C:\Windows\System32\drivers\NAVx64\1402000.013\SymDS64.sys 2012-11-13 01:43:38 37496 ----a-r- C:\Windows\System32\drivers\NAVx64\1402000.013\srtspx64.sys 2012-11-13 01:43:38 224416 ----a-r- C:\Windows\System32\drivers\NAVx64\1402000.013\Ironx64.sys 2012-11-13 01:43:38 168096 ----a-r- C:\Windows\System32\drivers\NAVx64\1402000.013\ccSetx64.sys 2012-11-13 01:43:27 -------- d-----w- C:\Windows\System32\drivers\NAVx64\1402000.013 2012-11-12 01:34:06 31232 ----a-w- C:\Windows\System32\drivers\tap0901.sys 2012-11-06 21:44:40 51712 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys 2012-11-06 21:44:40 4517664 ----a-w- C:\Windows\System32\usbaaplrc.dll 2012-10-25 06:50:52 654336 ------w- C:\Windows\System32\stapi64.dll 2012-10-25 06:50:52 535552 ----a-w- C:\Windows\System32\drivers\stwrt64.sys 2012-10-25 06:50:52 448512 ----a-w- C:\Windows\System32\stcplx64.dll 2012-10-25 06:50:52 1987072 ----a-w- C:\Windows\System32\stapo64.dll 2012-10-25 06:50:47 -------- d-----w- C:\Program Files\IDT 2012-10-23 00:17:12 -------- d-----w- C:\_OTM 2012-10-23 00:11:10 -------- d-----w- C:\Users\Bin\AppData\Roaming\Unity 2012-10-22 23:00:30 -------- d-----w- C:\Users\Bin\AppData\Local\Unity . ==================== Find3M ==================== . 2012-11-13 01:44:05 177312 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS 2012-11-01 23:35:14 253256 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys 2012-10-09 20:05:24 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-09 20:05:24 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-10-09 20:05:13 10220472 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe 2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-09-30 02:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-09-25 21:49:10 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-09-25 21:49:10 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-09-25 21:39:10 916456 ----a-w- C:\Windows\System32\deployJava1.dll 2012-09-25 21:39:10 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll 2012-08-25 04:40:29 1148272 ----a-w- C:\Users\Bin\unofficial tiaras moonshine mod g16s2-v118c(1).exe.part 2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys 2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2012-08-21 20:01:20 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys 2012-08-21 20:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll 2012-08-21 20:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll . ============= FINISH: 15:29:46.86 ===============
  20. BinDong
    . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-07.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 6/3/2012 4:05:32 PM System Uptime: 11/14/2012 1:41:58 PM (2 hours ago) . Motherboard: Hewlett-Packard | | 1805 Processor: AMD A8-3520M APU with Radeon HD Graphics | Socket FS1 | 1600/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 570 GiB total, 499.805 GiB free. D: is FIXED (NTFS) - 22 GiB total, 2.063 GiB free. E: is FIXED (FAT32) - 4 GiB total, 1.078 GiB free. F: is CDROM () G: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP132: 11/4/2012 7:00:08 PM - Windows Backup RP133: 11/11/2012 5:34:29 PM - Device Driver Package Install: TAP-Win32 Provider V9 Network adapters RP134: 11/11/2012 7:00:06 PM - Windows Backup RP135: 11/14/2012 11:53:42 AM - Windows Update . ==== Installed Programs ====================== . Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.4) MUI Adobe Shockwave Player 11.6 AIM 7 AMD APP SDK Runtime AMD Catalyst Install Manager AMD Fuel AMD Steady Video Plug-In AMD System Monitor AMD VISION Engine Control Center Apple Application Support Apple Mobile Device Support Apple Software Update AuthenTec TrueAPI Bejeweled 3 Blackhawk Striker 2 Bonjour Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Chuzzle Deluxe Cradle of Rome 2 CyberLink YouCam D3DX10 DAEMON Tools Lite DigitalPersona WBF Fingerprint Support Dora's World Adventure ESU for Microsoft Windows 7 SP1 Farm Frenzy Farmscapes FATE Final Drive Fury Hewlett-Packard ACLM.NET v1.1.2.0 Hoyle Card Games HP 3D DriveGuard HP Application Assistant HP Auto HP Client Services HP CoolSense HP Customer Experience Enhancements HP Documentation HP DVB-T TV Tuner 8.0.64.43 HP Games HP Launch Box HP MovieStore HP On Screen Display HP Power Manager HP Quick Launch HP QuickWeb HP Recovery Manager HP Security Assistant HP Setup HP Setup Manager HP SimplePass 2012 HP Software Framework HP Support Assistant IDT Audio iTunes Jewel Match 3 Jewel Quest Mysteries: The Seventh Gate Collector's Edition John Deere Drive Green Junk Mail filter update Letters from Nowhere 2 Luxor HD Mabinogi Macromedia Dreamweaver 8 Macromedia Extension Manager Mah Jong Medley Malwarebytes Anti-Malware version 1.65.1.1000 MapleStory Mesh Runtime Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft .NET Framework 4 Multi-Targeting Pack Microsoft Age of Empires II Microsoft Application Error Reporting Microsoft Help Viewer 1.0 Microsoft Office Click-to-Run 2010 Microsoft Office Starter 2010 - English Microsoft Silverlight Microsoft SQL Server 2008 R2 Management Objects Microsoft SQL Server Compact 3.5 SP2 ENU Microsoft SQL Server Compact 3.5 SP2 x64 ENU Microsoft SQL Server System CLR Types Microsoft Visual Basic 2010 Express - ENU Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU Microsoft WSE 3.0 Runtime Mozilla Firefox 16.0.2 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 Nexon Game Manager Norton AntiVirus Norton Identity Safe Notepad++ OGPlanet Game Launcher OpenOffice.org 3.4.1 opensource Pando Media Booster Penguins! Plants vs. Zombies - Game of the Year PlayReady PC Runtime x86 Poker Superstars III Polar Bowler Polar Golfer Python 2.7.3 Realtek Ethernet Controller Driver Realtek PCIE Card Reader REALTEK Wireless LAN Driver RollerCoaster Tycoon 3: Platinum Rumble Fighter Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Skype™ 5.10 swMSM Synaptics TouchPad Driver The Treasures of Mystery Island: The Ghost Ship Torchlight Unity Web Player Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update Installer for WildTangent Games App Validity WBF DDK Virtual Villagers 4 - The Tree of Life Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU WildTangent Games App (HP Games) Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinRAR 4.11 (32-bit) Zuma's Revenge . ==== Event Viewer Messages From Past Week ======== . 11/14/2012 12:18:39 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting. 11/14/2012 11:44:25 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service. 11/14/2012 11:43:55 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service. 11/14/2012 1:41:02 PM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 11/14/2012 1:41:02 PM, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not start due to a logon failure. 11/14/2012 1:41:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56} 11/14/2012 1:24:37 PM, Error: PCTCore [280] - 11/10/2012 7:45:39 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SDRSVC service. . ==== End Of File ===========================
  21. BinDong
    attach.txtdds.txt
  22. BinDong
    I also ran TDSKILLER. I know it is dangerous to run it by yourself and such. I ran it with everything checked and it did not detect anything. I also ran RougeKiller just to see what shows up. It shows up 3 stuff. I'm not sure if im infected or not but My google been redirecting me to YQL for like.. 20 minutes.
  23. BinDong
    My malware-bytes wont detect any malwares but i'm sure there are malware since i ran Spyware Doctor and they said I have malware. Please help me out or at least check if i have any malwares.
  24. BinDong
    There are 2 types of plugs. In this case, the one for computer is the HDMI wire and the monitor I have requires a different plug.
  25. BinDong
    I mean like the computer fell by accident. I do not have any means to use the keys illegally. What I'm wondering is lets say I was carrying my computer and it fell. The screen cracked and I cannot see it but the computer still starts up. How will I be able to remove the keys? Even if i do try to reformat it, I won't know how due to the fact I'm unable to see whats on my screen.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.