Jump to content

markgixer6

Members
  • Posts

    13
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thank you for all your help, much appreciated. My system appears to be clean now.
  2. Apologies for the delay. I have removed the 2 entries you suggested. The ESET scan is included below. There still seems to be an infection on the C:\ C:\Users\Game-SSD-256\AppData\Roaming\Adobe\color.vbe VBS/TrojanDownloader.Agent.NHN trojan
  3. Sorry, forgot to do the Java uninstall bit first. Have now done that, here are the logs again. Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Database version: v2013.05.01.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16540 Game-SSD-256 :: GAME-SSD-256-PC [administrator] Protection: Enabled 01/05/2013 20:04:50 mbam-log-2013-05-01 (20-04-50).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 212983 Time elapsed: 38 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:07:02, on 01/05/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v10.0 (10.00.9200.16537) Boot mode: Normal Running processes: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe C:\Windows\SysWOW64\HsMgr.exe C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Razer\Copperhead\razerhid.exe C:\Program Files (x86)\AVG\AVG2013\avgui.exe C:\Program Files (x86)\Razer\Copperhead\razertra.exe C:\Program Files (x86)\Razer\Copperhead\razerofa.exe C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe C:\Program Files (x86)\ibVPN\ibVPN.service.exe C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFi GO! Server.exe C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelp.exe C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetiCtrlTray.exe C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AsDLNAServerReal.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Users\Game-SSD-256\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\coIEPlg.dll O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\IPS\IPSBHO.DLL O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\coIEPlg.dll O4 - HKLM\..\Run: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Run: [Copperhead] C:\Program Files (x86)\Razer\Copperhead\razerhid.exe O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O17 - HKLM\System\CCS\Services\Tcpip\..\{FA2A45A9-838D-4B41-86CF-27C0B88D5BF2}: NameServer = 208.67.222.222,208.67.220.220,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe O23 - Service: ASUS HM Com Service (asHmComSvc) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe O23 - Service: AsusFanControlService - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.24\AsusFanControlService.exe O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgfws.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe O23 - Service: Bluetooth Radio Control Service (BcmBtRSupport) - Unknown owner - C:\Windows\system32\BtwRSupportService.exe (file missing) O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe O23 - Service: DTSAudioSvc - DTS, Inc - C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: Intel® Integrated Clock Controller Service - Intel® ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: Intel® PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing) O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP5c\RpcAgentSrv.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Broadcom Corporation - C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10646 bytes
  4. Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Database version: v2013.05.01.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16540 Game-SSD-256 :: GAME-SSD-256-PC [administrator] Protection: Enabled 01/05/2013 19:56:45 mbam-log-2013-05-01 (19-56-45).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 213355 Time elapsed: 52 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:58:25, on 01/05/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v10.0 (10.00.9200.16537) Boot mode: Normal Running processes: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe C:\Windows\SysWOW64\HsMgr.exe C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Razer\Copperhead\razerhid.exe C:\Program Files (x86)\AVG\AVG2013\avgui.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Razer\Copperhead\razertra.exe C:\Program Files (x86)\Razer\Copperhead\razerofa.exe C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe C:\Program Files (x86)\ibVPN\ibVPN.service.exe C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFi GO! Server.exe C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelp.exe C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetiCtrlTray.exe C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AsDLNAServerReal.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Users\Game-SSD-256\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\coIEPlg.dll O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\IPS\IPSBHO.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\coIEPlg.dll O4 - HKLM\..\Run: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Run: [Copperhead] C:\Program Files (x86)\Razer\Copperhead\razerhid.exe O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O17 - HKLM\System\CCS\Services\Tcpip\..\{FA2A45A9-838D-4B41-86CF-27C0B88D5BF2}: NameServer = 208.67.222.222,208.67.220.220,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe O23 - Service: ASUS HM Com Service (asHmComSvc) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe O23 - Service: AsusFanControlService - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.24\AsusFanControlService.exe O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgfws.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe O23 - Service: Bluetooth Radio Control Service (BcmBtRSupport) - Unknown owner - C:\Windows\system32\BtwRSupportService.exe (file missing) O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe O23 - Service: DTSAudioSvc - DTS, Inc - C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: Intel® Integrated Clock Controller Service - Intel® ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: Intel® PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing) O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP5c\RpcAgentSrv.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Broadcom Corporation - C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11138 bytes
  5. Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin AI Suite II Asmedia ASM104x USB 3.0 Host Controller Driver Asmedia ASM106x SATA Host Controller Driver BlackFire's Mod 2 Call of Duty: Modern Warfare 3 Call of Duty: Modern Warfare 3 - Dedicated Server Call of Duty: Modern Warfare 3 - Multiplayer Catalyst Control Center Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Crysis® 2 Dishonored DriverScanner EasyBCD 2.2 Far Cry 3 Hitman: Absolution ibVPN Intel® Control Center Intel® Management Engine Components Intel® OpenCL CPU Runtime Intel® Processor Graphics Intel® Rapid Storage Technology Intel® USB 3.0 eXtensible Host Controller Driver Intel® Watchdog Timer Driver (Intel® WDT) Java 7 Update 21 Java Auto Updater Malwarebytes Anti-Malware version 1.75.0.1300 marvell 91xx driver Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Norton Internet Security NVIDIA PhysX OpenAL PunkBuster Services Razer Copperhead Realtek Ethernet Controller Driver Realtek High Definition Audio Driver Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Sleeping Dogs™ Steam The Elder Scrolls V: Skyrim Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Uplay
  6. Internet Explorer is working intermittently. Sometimes it will work ok but it mostly opens and goes blank without being able to connect to any page. ComboFix 13-04-28.01 - Game-SSD-256 29/04/2013 20:12:01.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.16329.13481 [GMT 1:00] Running from: c:\users\Game-SSD-256\Desktop\ComboFix.exe Command switches used :: c:\users\Game-SSD-256\Desktop\CFScript.txt AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\SpeedyPC Software c:\programdata\SpeedyPC Software\SpeedyPC Pro\License_Time.rdat c:\programdata\SpeedyPC Software\SpeedyPC Pro\RB.rdat c:\programdata\SpeedyPC Software\SpeedyPC Pro\tfn.xml c:\users\Game-SSD-256\AppData\Roaming\DriverCure c:\users\Game-SSD-256\AppData\Roaming\DriverCure\LogFile.txt c:\users\Game-SSD-256\AppData\Roaming\SpeedyPC Software . . ((((((((((((((((((((((((( Files Created from 2013-03-28 to 2013-04-29 ))))))))))))))))))))))))))))))) . . 2013-04-29 19:14 . 2013-04-29 19:14 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-04-29 17:34 . 2013-04-29 17:34 -------- d-----w- c:\users\Game-SSD-256\AppData\Local\Deployment 2013-04-29 17:34 . 2013-04-29 17:34 -------- d-----w- c:\users\Game-SSD-256\AppData\Local\Apps 2013-04-28 16:53 . 2013-04-28 16:53 -------- d-----w- c:\programdata\ATI 2013-04-28 16:53 . 2013-04-28 16:53 -------- d-----w- c:\program files (x86)\AMD AVT 2013-04-28 16:43 . 2013-04-28 16:43 -------- d-----w- c:\program files (x86)\Common Files\Java 2013-04-28 16:43 . 2013-04-28 16:43 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-04-28 16:43 . 2013-04-28 16:43 -------- d-----w- c:\program files (x86)\Java 2013-04-28 16:42 . 2013-04-28 16:42 -------- d-----w- c:\programdata\McAfee 2013-04-28 16:10 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-23 19:32 . 2013-04-23 19:32 -------- d-----w- c:\users\Game-SSD-256\AppData\Roaming\AVG2013 2013-04-23 19:31 . 2013-04-23 19:31 -------- d-----w- c:\users\Game-SSD-256\AppData\Roaming\TuneUp Software 2013-04-23 19:31 . 2013-04-23 19:31 -------- d-----w- c:\programdata\AVG2013 2013-04-23 19:31 . 2013-04-23 19:31 -------- d-----w- C:\$AVG 2013-04-23 19:31 . 2013-04-23 19:31 -------- d-----w- c:\program files (x86)\AVG 2013-04-23 19:29 . 2013-04-29 19:08 -------- d-----w- c:\programdata\MFAData 2013-04-23 19:29 . 2013-04-23 19:39 -------- d-----w- c:\users\Game-SSD-256\AppData\Local\Avg2013 2013-04-23 19:29 . 2013-04-23 19:29 -------- d--h--w- c:\programdata\Common Files 2013-04-23 19:29 . 2013-04-23 19:29 -------- d-----w- c:\users\Game-SSD-256\AppData\Local\MFAData 2013-04-23 19:24 . 2013-04-23 19:24 207968 ----a-w- c:\windows\system32\drivers\90070457.sys 2013-04-23 18:47 . 2013-04-23 18:47 -------- d-----w- c:\program files\Enigma Software Group 2013-04-23 18:47 . 2013-04-23 19:03 -------- d-----w- c:\windows\6B6C4C461B7E4A419E70ACFBB22B1D81.TMP 2013-04-23 18:47 . 2013-04-23 18:47 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard 2013-04-23 18:28 . 2013-04-23 18:28 -------- d-----w- c:\program files\Common Files\EPSON 2013-04-23 18:27 . 2009-10-01 02:01 88064 ----a-w- c:\windows\system32\E_IBCBGYE.DLL 2013-04-23 18:27 . 2008-11-12 02:00 118784 ----a-w- c:\windows\system32\E_ILMGYE.DLL 2013-04-23 18:27 . 2007-04-10 00:06 10752 ----a-w- c:\windows\system32\E_GCINST.DLL 2013-04-23 18:27 . 2013-04-23 18:28 -------- d-----w- c:\programdata\EPSON 2013-04-23 18:15 . 2013-04-23 18:15 32000 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys 2013-04-23 18:09 . 2013-04-23 18:14 -------- d-----w- c:\programdata\HitmanPro 2013-04-23 17:17 . 2013-04-23 17:17 208216 ----a-w- c:\windows\system32\drivers\97758180.sys 2013-04-21 20:03 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-04-21 20:03 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll 2013-04-21 20:03 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-04-21 20:03 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-04-21 20:03 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll 2013-04-21 20:03 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe 2013-04-21 20:03 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys 2013-04-21 20:03 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys 2013-04-21 19:14 . 2013-04-21 20:08 -------- d-----w- c:\windows\system32\drivers\NISx64\1403010.016 2013-04-16 14:54 . 2013-04-16 14:54 78432 ----a-w- c:\windows\system32\atimpc64.dll 2013-04-16 14:54 . 2013-04-16 14:54 78432 ----a-w- c:\windows\system32\amdpcom64.dll 2013-04-16 14:54 . 2013-04-16 14:54 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll 2013-04-16 14:54 . 2013-04-16 14:54 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll 2013-04-16 14:53 . 2013-04-16 14:53 112440 ----a-w- c:\windows\system32\atiu9p64.dll 2013-04-16 14:53 . 2013-04-16 14:53 7285360 ----a-w- c:\windows\SysWow64\atidxx32.dll 2013-04-16 14:53 . 2013-04-16 14:53 4997736 ----a-w- c:\windows\system32\atiumd6a.dll 2013-04-16 14:53 . 2013-04-16 14:53 6983040 ----a-w- c:\windows\system32\atiumd64.dll 2013-04-16 14:51 . 2013-04-16 14:51 11653632 ----a-w- c:\windows\system32\drivers\atikmdag.sys 2013-04-16 14:37 . 2013-04-16 14:37 222720 ----a-w- c:\windows\system32\clinfo.exe 2013-04-16 14:37 . 2013-04-16 14:37 1187342 ----a-w- c:\windows\system32\amdocl_as64.exe 2013-04-16 14:37 . 2013-04-16 14:37 1061902 ----a-w- c:\windows\system32\amdocl_ld64.exe 2013-04-16 14:37 . 2013-04-16 14:37 995342 ----a-w- c:\windows\SysWow64\amdocl_as32.exe 2013-04-16 14:37 . 2013-04-16 14:37 798734 ----a-w- c:\windows\SysWow64\amdocl_ld32.exe 2013-04-16 14:37 . 2013-04-16 14:37 76288 ----a-w- c:\windows\system32\OpenVideo64.dll 2013-04-16 14:37 . 2013-04-16 14:37 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll 2013-04-16 14:37 . 2013-04-16 14:37 64000 ----a-w- c:\windows\system32\OVDecode64.dll 2013-04-16 14:36 . 2013-04-16 14:36 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll 2013-04-16 14:36 . 2013-04-16 14:36 29150208 ----a-w- c:\windows\system32\amdocl64.dll 2013-04-16 14:35 . 2013-04-16 14:35 23593984 ----a-w- c:\windows\system32\atio6axx.dll 2013-04-16 14:34 . 2013-04-16 14:34 23810560 ----a-w- c:\windows\SysWow64\amdocl.dll 2013-04-16 14:33 . 2013-04-16 14:33 54784 ----a-w- c:\windows\system32\OpenCL.dll 2013-04-16 14:33 . 2013-04-16 14:33 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll 2013-04-16 14:27 . 2013-04-16 14:27 163840 ----a-w- c:\windows\system32\atiapfxx.exe 2013-04-16 14:24 . 2013-04-16 14:24 51200 ----a-w- c:\windows\system32\aticalrt64.dll 2013-04-16 14:24 . 2013-04-16 14:24 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll 2013-04-16 14:24 . 2013-04-16 14:24 44544 ----a-w- c:\windows\system32\aticalcl64.dll 2013-04-16 14:24 . 2013-04-16 14:24 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll 2013-04-16 14:24 . 2013-04-16 14:24 16082944 ----a-w- c:\windows\system32\aticaldd64.dll 2013-04-16 14:24 . 2013-04-16 14:24 76800 ----a-w- c:\windows\system32\coinst_12.102.3.dll 2013-04-16 14:20 . 2013-04-16 14:20 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll 2013-04-16 14:16 . 2013-04-16 14:16 19772416 ----a-w- c:\windows\SysWow64\atioglxx.dll 2013-04-16 14:03 . 2013-04-16 14:03 442368 ----a-w- c:\windows\system32\atidemgy.dll 2013-04-16 14:02 . 2013-04-16 14:02 562688 ----a-w- c:\windows\system32\atieclxx.exe 2013-04-16 14:01 . 2013-04-16 14:01 241152 ----a-w- c:\windows\system32\atiesrxx.exe 2013-04-16 14:00 . 2013-04-16 14:00 120320 ----a-w- c:\windows\system32\atitmm64.dll 2013-04-16 14:00 . 2013-04-16 14:00 26112 ----a-w- c:\windows\system32\atimuixx.dll 2013-04-16 14:00 . 2013-04-16 14:00 59392 ----a-w- c:\windows\system32\atiedu64.dll 2013-04-16 14:00 . 2013-04-16 14:00 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll 2013-04-16 13:36 . 2013-04-16 13:36 635392 ----a-w- c:\windows\system32\atiadlxx.dll 2013-04-16 13:36 . 2013-04-16 13:36 430080 ----a-w- c:\windows\SysWow64\atiadlxy.dll 2013-04-16 13:35 . 2013-04-16 13:35 17920 ----a-w- c:\windows\system32\atig6pxx.dll 2013-04-16 13:35 . 2013-04-16 13:35 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll 2013-04-16 13:35 . 2013-04-16 13:35 14848 ----a-w- c:\windows\system32\atiglpxx.dll 2013-04-16 13:35 . 2013-04-16 13:35 44032 ----a-w- c:\windows\system32\atig6txx.dll 2013-04-16 13:35 . 2013-04-16 13:35 34816 ----a-w- c:\windows\SysWow64\atigktxx.dll 2013-04-16 13:35 . 2013-04-16 13:35 581120 ----a-w- c:\windows\system32\drivers\atikmpag.sys 2013-04-16 13:35 . 2013-04-16 13:35 79360 ----a-w- c:\windows\system32\amdave64.dll 2013-04-16 13:34 . 2013-04-16 13:34 78336 ----a-w- c:\windows\SysWow64\amdave32.dll 2013-04-16 13:34 . 2013-04-16 13:34 74240 ----a-w- c:\windows\system32\atisamu64.dll 2013-04-16 13:34 . 2013-04-16 13:34 71168 ----a-w- c:\windows\SysWow64\atisamu32.dll 2013-04-16 13:31 . 2013-04-16 13:31 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-04-28 16:43 . 2012-11-19 22:56 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-04-28 16:43 . 2012-11-19 22:56 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-04-28 16:42 . 2012-11-11 19:16 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-04-28 16:42 . 2012-11-11 19:16 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-04-21 20:06 . 2012-10-31 15:58 72702784 ----a-w- c:\windows\system32\MRT.exe 2013-04-16 14:54 . 2013-03-14 21:19 118584 ----a-w- c:\windows\SysWow64\atiuxpag.dll 2013-04-16 14:54 . 2012-09-28 01:11 139696 ----a-w- c:\windows\system32\atiuxp64.dll 2013-04-16 14:53 . 2013-03-14 21:19 92304 ----a-w- c:\windows\SysWow64\atiu9pag.dll 2013-04-16 14:53 . 2013-03-14 21:19 970912 ----a-w- c:\windows\SysWow64\aticfx32.dll 2013-04-16 14:53 . 2012-09-28 01:41 1154240 ----a-w- c:\windows\system32\aticfx64.dll 2013-04-16 14:53 . 2012-09-28 01:22 8322576 ----a-w- c:\windows\system32\atidxx64.dll 2013-04-16 14:53 . 2013-03-14 21:19 4448216 ----a-w- c:\windows\SysWow64\atiumdva.dll 2013-04-16 14:53 . 2013-03-14 21:19 5941680 ----a-w- c:\windows\SysWow64\atiumdag.dll 2013-04-04 13:50 . 2013-03-25 21:25 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-14 16:55 . 2013-03-14 16:55 5067264 ----a-w- c:\windows\system32\amdsc64.dll 2013-03-14 16:55 . 2013-03-14 16:55 4083200 ----a-w- c:\windows\SysWow64\amdsc.dll 2013-03-13 22:33 . 2013-03-13 22:33 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2013-03-13 22:33 . 2013-03-13 22:33 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2013-03-13 22:33 . 2013-03-13 22:33 61952 ----a-w- c:\windows\SysWow64\tdc.ocx 2013-03-13 22:33 . 2013-03-13 22:33 523264 ----a-w- c:\windows\SysWow64\vbscript.dll 2013-03-13 22:33 . 2013-03-13 22:33 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2013-03-13 22:33 . 2013-03-13 22:33 38400 ----a-w- c:\windows\SysWow64\imgutil.dll 2013-03-13 22:33 . 2013-03-13 22:33 361984 ----a-w- c:\windows\SysWow64\html.iec 2013-03-13 22:33 . 2013-03-13 22:33 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll 2013-03-13 22:33 . 2013-03-13 22:33 226304 ----a-w- c:\windows\system32\elshyph.dll 2013-03-13 22:33 . 2013-03-13 22:33 185344 ----a-w- c:\windows\SysWow64\elshyph.dll 2013-03-13 22:33 . 2013-03-13 22:33 158720 ----a-w- c:\windows\SysWow64\msls31.dll 2013-03-13 22:33 . 2013-03-13 22:33 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2013-03-13 22:33 . 2013-03-13 22:33 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2013-03-13 22:33 . 2013-03-13 22:33 138752 ----a-w- c:\windows\SysWow64\wextract.exe 2013-03-13 22:33 . 2013-03-13 22:33 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2013-03-13 22:33 . 2013-03-13 22:33 12800 ----a-w- c:\windows\SysWow64\mshta.exe 2013-03-13 22:33 . 2013-03-13 22:33 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2013-03-13 22:33 . 2013-03-13 22:33 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2013-03-13 22:33 . 2013-03-13 22:33 97280 ----a-w- c:\windows\system32\mshtmled.dll 2013-03-13 22:33 . 2013-03-13 22:33 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-03-13 22:33 . 2013-03-13 22:33 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll 2013-03-13 22:33 . 2013-03-13 22:33 81408 ----a-w- c:\windows\system32\icardie.dll 2013-03-13 22:33 . 2013-03-13 22:33 77312 ----a-w- c:\windows\system32\tdc.ocx 2013-03-13 22:33 . 2013-03-13 22:33 762368 ----a-w- c:\windows\system32\ieapfltr.dll 2013-03-13 22:33 . 2013-03-13 22:33 62976 ----a-w- c:\windows\system32\pngfilt.dll 2013-03-13 22:33 . 2013-03-13 22:33 599552 ----a-w- c:\windows\system32\vbscript.dll 2013-03-13 22:33 . 2013-03-13 22:33 52224 ----a-w- c:\windows\system32\msfeedsbs.dll 2013-03-13 22:33 . 2013-03-13 22:33 51200 ----a-w- c:\windows\system32\imgutil.dll 2013-03-13 22:33 . 2013-03-13 22:33 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-03-13 22:33 . 2013-03-13 22:33 452096 ----a-w- c:\windows\system32\dxtmsft.dll 2013-03-13 22:33 . 2013-03-13 22:33 441856 ----a-w- c:\windows\system32\html.iec 2013-03-13 22:33 . 2013-03-13 22:33 281600 ----a-w- c:\windows\system32\dxtrans.dll 2013-03-13 22:33 . 2013-03-13 22:33 27648 ----a-w- c:\windows\system32\licmgr10.dll 2013-03-13 22:33 . 2013-03-13 22:33 270848 ----a-w- c:\windows\system32\iedkcs32.dll 2013-03-13 22:33 . 2013-03-13 22:33 247296 ----a-w- c:\windows\system32\webcheck.dll 2013-03-13 22:33 . 2013-03-13 22:33 235008 ----a-w- c:\windows\system32\url.dll 2013-03-13 22:33 . 2013-03-13 22:33 216064 ----a-w- c:\windows\system32\msls31.dll 2013-03-13 22:33 . 2013-03-13 22:33 197120 ----a-w- c:\windows\system32\msrating.dll 2013-03-13 22:33 . 2013-03-13 22:33 173568 ----a-w- c:\windows\system32\ieUnatt.exe 2013-03-13 22:33 . 2013-03-13 22:33 167424 ----a-w- c:\windows\system32\iexpress.exe 2013-03-13 22:33 . 2013-03-13 22:33 1509376 ----a-w- c:\windows\system32\inetcpl.cpl 2013-03-13 22:33 . 2013-03-13 22:33 149504 ----a-w- c:\windows\system32\occache.dll 2013-03-13 22:33 . 2013-03-13 22:33 144896 ----a-w- c:\windows\system32\wextract.exe 2013-03-13 22:33 . 2013-03-13 22:33 1400416 ----a-w- c:\windows\system32\ieapfltr.dat 2013-03-13 22:33 . 2013-03-13 22:33 13824 ----a-w- c:\windows\system32\mshta.exe 2013-03-13 22:33 . 2013-03-13 22:33 136192 ----a-w- c:\windows\system32\iepeers.dll 2013-03-13 22:33 . 2013-03-13 22:33 135680 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-03-13 22:33 . 2013-03-13 22:33 12800 ----a-w- c:\windows\system32\msfeedssync.exe 2013-03-13 22:33 . 2013-03-13 22:33 102912 ----a-w- c:\windows\system32\inseng.dll 2013-03-09 18:32 . 2013-03-09 18:32 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2013-03-09 18:04 . 2013-03-09 18:04 418632 ----a-w- c:\windows\system32\drivers\asmtxhci.sys 2013-03-09 18:04 . 2013-03-09 18:04 139592 ----a-w- c:\windows\system32\drivers\asmthub3.sys 2013-03-09 18:03 . 2013-03-09 18:03 20024 ----a-w- c:\windows\system32\drivers\iusb3hcs.sys 2013-03-09 18:03 . 2013-03-09 18:03 44344 ----a-w- c:\windows\system32\drivers\Smb_driver_Intel.sys 2013-03-09 18:03 . 2013-03-09 18:03 9888912 ----a-w- c:\windows\SysWow64\RtsUStoricon.dll 2013-03-09 18:03 . 2013-03-09 18:03 422544 ----a-w- c:\windows\system32\RtsUStor.dll 2013-03-09 18:03 . 2013-03-09 18:03 252048 ----a-w- c:\windows\system32\drivers\RtsUStor.sys 2013-03-09 18:03 . 2013-03-09 18:03 791608 ----a-w- c:\windows\system32\drivers\iusb3xhc.sys 2013-03-09 18:03 . 2013-03-09 18:03 358456 ----a-w- c:\windows\system32\drivers\iusb3hub.sys 2013-03-09 18:03 . 2013-03-09 18:03 49560 ----a-w- c:\windows\system32\drivers\asahci64.sys 2013-03-09 18:03 . 2013-03-09 18:03 41984 ----a-w- c:\windows\system32\ahcipp64.dll 2013-03-09 18:03 . 2013-03-09 18:03 769168 ----a-w- c:\windows\system32\drivers\Rt64win7.sys 2013-03-09 18:03 . 2013-03-09 18:03 74344 ----a-w- c:\windows\system32\RtNicProp64.dll 2013-03-09 18:03 . 2012-10-31 13:54 107552 ----a-w- c:\windows\system32\RTNUninst64.dll 2013-03-09 18:03 . 2013-03-09 18:03 1721576 ----a-w- c:\windows\system32\drivers\wdfcoinstaller01009.dll 2013-03-09 18:03 . 2013-03-09 18:03 15344 ----a-w- c:\windows\system32\drivers\wacomrouterfilter.sys 2013-03-09 18:03 . 2013-03-09 18:03 62784 ----a-w- c:\windows\system32\drivers\HECIx64.sys 2013-03-09 18:02 . 2013-03-09 18:02 28008 ----a-w- c:\windows\system32\drivers\mv91cons.sys 2013-03-09 18:02 . 2013-03-09 18:02 35840 ----a-w- c:\windows\system32\mv91xxm.dll 2013-03-09 18:02 . 2013-03-09 18:02 322920 ----a-w- c:\windows\system32\drivers\mvs91xx.sys 2013-03-09 18:02 . 2013-03-09 18:02 14696 ----a-w- c:\windows\system32\drivers\mvxxmm.sys 2013-02-26 22:40 . 2013-02-26 22:40 246072 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys 2013-02-19 03:57 . 2013-03-09 18:20 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{674ED40D-C9F1-49DA-8B14-2E820885EDEB}\mpengine.dll 2013-02-14 11:41 . 2013-02-14 11:41 96768 ----a-w- c:\windows\system32\drivers\AtihdW76.sys 2013-02-14 11:40 . 2013-02-14 11:40 110080 ----a-w- c:\windows\system32\DelayAPO.dll 2013-02-14 02:52 . 2013-02-14 02:52 239416 ----a-w- c:\windows\system32\drivers\avgtdia.sys 2013-02-12 05:45 . 2013-03-13 22:21 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45 . 2013-03-13 22:21 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45 . 2013-03-13 22:21 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45 . 2013-03-13 22:21 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48 . 2013-03-13 22:21 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-02-12 04:48 . 2013-03-13 22:21 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-02-12 04:12 . 2013-03-13 22:20 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-02-08 03:37 . 2013-02-08 03:37 116536 ----a-w- c:\windows\system32\drivers\avgmfx64.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-04 291608] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440] "Copperhead"="c:\program files (x86)\Razer\Copperhead\razerhid.exe" [2009-11-19 135168] "AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-03-13 4394032] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-04-16 642656] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "HideSCAHealth"= 1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll . R2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [2011-10-29 918448] R2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2013\avgfws.exe [2013-02-19 1418184] R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2013-02-27 4937264] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512] R3 ASUSstpt;ASUS USB 3.0 Boost Storage Driver (Storage Driver);c:\windows\system32\DRIVERS\ASUSstpt.sys [2011-09-15 24648] R3 ASUSumsc;ASUS USB 3.0 Boost Storage Driver (WDM);c:\windows\system32\DRIVERS\ASUSumsc.sys [2011-09-15 141896] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-02-13 39976] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-19 102368] R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2013-04-23 32000] R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-05 331264] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2012.SP5c\RpcAgentSrv.exe [2008-09-05 68760] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-19 203104] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-10-31 1255736] S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys [2013-03-09 49560] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2013-02-08 71480] S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2013-02-08 311096] S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2013-02-08 116536] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2013-02-08 45880] S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys [2013-01-12 647736] S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys [2013-01-12 28216] S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2013-03-09 20024] S0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\DRIVERS\mv91cons.sys [2013-03-09 28008] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1403010.016\SYMDS64.SYS [2013-01-22 493656] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1403010.016\SYMEFA64.SYS [2013-01-31 1139800] S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x] S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2012-09-04 50296] S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2013-02-26 246072] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2013-02-08 206136] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2013-02-14 239416] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20130412.001\BHDrvx64.sys [2013-04-12 1390680] S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1403010.016\ccSetx64.sys [2012-11-16 168096] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20130426.001\IDSvia64.sys [2013-03-08 513184] S1 ndisrd;WinpkFilter LightWeight Filter;c:\windows\system32\DRIVERS\ndisrd.sys [2011-08-12 32360] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1403010.016\Ironx64.SYS [2012-11-16 224416] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1403010.016\SYMNETS.SYS [2013-01-31 432800] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2013-04-16 241152] S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [2012-02-02 951936] S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880] S2 AsusFanControlService;AsusFanControlService;c:\program files (x86)\ASUS\AsusFanControlService\1.00.24\AsusFanControlService.exe [2012-02-01 1489024] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-02-19 282624] S2 BcmBtRSupport;Bluetooth Radio Control Service;c:\windows\system32\BtwRSupportService.exe [2013-01-12 2252088] S2 DTSAudioSvc;DTSAudioSvc;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [2012-12-17 233328] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-29 13592] S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-01-10 627936] S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-08-15 178344] S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2012-01-20 161560] S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe [2012-12-24 144520] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-01-20 363800] S3 AiCharger;AiCharger;SysWow64\drivers\AiCharger.sys [x] S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2013-03-09 139592] S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2013-03-09 418632] S3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2013-02-14 96768] S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys [2013-01-12 165688] S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [2013-01-12 21568] S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [2011-09-20 620584] S3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys [2013-01-13 89640] S3 cmudaxp;ASUS Xonar D2X Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [2011-03-10 2725376] S3 copperhd;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [2006-05-24 13824] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-03-08 138912] S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2011-05-27 160768] S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [2010-08-17 26136] S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2013-03-09 358456] S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2013-03-09 791608] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2013-03-09 252048] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2013-03-09 769168] S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys [2013-03-09 44344] S3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys [2013-03-09 15344] . . Contents of the 'Scheduled Tasks' folder . 2013-04-29 c:\windows\Tasks\dsmonitor.job - c:\program files (x86)\Uniblue\DriverScanner\dsmonitor.exe [2012-12-17 14:47] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Broadcom Wireless Manager UI"="c:\program files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe" [2012-10-31 7138816] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-12-21 170264] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-12-21 398104] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-12-21 440600] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-12-17 6468712] "RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-12-17 1158248] "Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704] "Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://google.co.uk/ mLocal Page = c:\windows\SysWOW64\blank.htm IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: Interfaces\{FA2A45A9-838D-4B41-86CF-27C0B88D5BF2}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-BrowserChoice - c:\windows\System32\browserchoice.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\20.3.1.22\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-04-29 20:15:10 ComboFix-quarantined-files.txt 2013-04-29 19:15 ComboFix2.txt 2013-04-29 17:03 . Pre-Run: 99,773,120,512 bytes free Post-Run: 99,688,161,280 bytes free . - - End Of File - - 78675C303B3EFB94268E0315E2CAF4B2
  7. Sorry, ignore the part about IE. I rebooted and that works fine :-)
  8. Hi Gringo, I have run ComboFix and report is below. I did disable all Norton real time scanning even though the log suggests it was on. When my PC rebooted, I could no longer us IE and when I tried too, I got an error message that said the related registry key had been marked for deletion. I am currently unable to browse the web on the infected drive as a result. Hope you can solve this new problem. Thanks. ComboFix 13-04-28.01 - Game-SSD-256 29/04/2013 17:58:40.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.16329.13713 [GMT 1:00] Running from: c:\users\Game-SSD-256\Desktop\ComboFix.exe AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2013-03-28 to 2013-04-29 ))))))))))))))))))))))))))))))) . . 2013-04-28 16:53 . 2013-04-28 16:53 -------- d-----w- c:\programdata\ATI 2013-04-28 16:53 . 2013-04-28 16:53 -------- d-----w- c:\program files (x86)\AMD AVT 2013-04-28 16:43 . 2013-04-28 16:43 -------- d-----w- c:\program files (x86)\Common Files\Java 2013-04-28 16:43 . 2013-04-28 16:43 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-04-28 16:43 . 2013-04-28 16:43 -------- d-----w- c:\program files (x86)\Java 2013-04-28 16:42 . 2013-04-28 16:42 -------- d-----w- c:\programdata\McAfee 2013-04-28 16:10 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-23 19:32 . 2013-04-23 19:32 -------- d-----w- c:\users\Game-SSD-256\AppData\Roaming\AVG2013 2013-04-23 19:31 . 2013-04-23 19:31 -------- d-----w- c:\users\Game-SSD-256\AppData\Roaming\TuneUp Software 2013-04-23 19:31 . 2013-04-23 19:31 -------- d-----w- c:\programdata\AVG2013 2013-04-23 19:31 . 2013-04-23 19:31 -------- d-----w- C:\$AVG 2013-04-23 19:31 . 2013-04-23 19:31 -------- d-----w- c:\program files (x86)\AVG 2013-04-23 19:29 . 2013-04-29 16:53 -------- d-----w- c:\programdata\MFAData 2013-04-23 19:29 . 2013-04-23 19:39 -------- d-----w- c:\users\Game-SSD-256\AppData\Local\Avg2013 2013-04-23 19:29 . 2013-04-23 19:29 -------- d--h--w- c:\programdata\Common Files 2013-04-23 19:29 . 2013-04-23 19:29 -------- d-----w- c:\users\Game-SSD-256\AppData\Local\MFAData 2013-04-23 19:24 . 2013-04-23 19:24 207968 ----a-w- c:\windows\system32\drivers\90070457.sys 2013-04-23 18:47 . 2013-04-23 18:47 -------- d-----w- c:\program files\Enigma Software Group 2013-04-23 18:47 . 2013-04-23 19:03 -------- d-----w- c:\windows\6B6C4C461B7E4A419E70ACFBB22B1D81.TMP 2013-04-23 18:47 . 2013-04-23 18:47 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard 2013-04-23 18:39 . 2013-04-23 18:39 -------- d-----w- c:\users\Game-SSD-256\AppData\Roaming\SpeedyPC Software 2013-04-23 18:39 . 2013-04-23 18:39 -------- d-----w- c:\users\Game-SSD-256\AppData\Roaming\DriverCure 2013-04-23 18:39 . 2013-04-23 19:04 -------- d-----w- c:\programdata\SpeedyPC Software 2013-04-23 18:28 . 2013-04-23 18:28 -------- d-----w- c:\program files\Common Files\EPSON 2013-04-23 18:27 . 2009-10-01 02:01 88064 ----a-w- c:\windows\system32\E_IBCBGYE.DLL 2013-04-23 18:27 . 2008-11-12 02:00 118784 ----a-w- c:\windows\system32\E_ILMGYE.DLL 2013-04-23 18:27 . 2007-04-10 00:06 10752 ----a-w- c:\windows\system32\E_GCINST.DLL 2013-04-23 18:27 . 2013-04-23 18:28 -------- d-----w- c:\programdata\EPSON 2013-04-23 18:15 . 2013-04-23 18:15 32000 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys 2013-04-23 18:09 . 2013-04-23 18:14 -------- d-----w- c:\programdata\HitmanPro 2013-04-23 17:17 . 2013-04-23 17:17 208216 ----a-w- c:\windows\system32\drivers\97758180.sys 2013-04-21 20:03 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-04-21 20:03 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll 2013-04-21 20:03 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-04-21 20:03 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-04-21 20:03 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll 2013-04-21 20:03 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe 2013-04-21 20:03 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys 2013-04-21 20:03 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys 2013-04-21 19:14 . 2013-04-21 20:08 -------- d-----w- c:\windows\system32\drivers\NISx64\1403010.016 2013-04-16 14:54 . 2013-04-16 14:54 78432 ----a-w- c:\windows\system32\atimpc64.dll 2013-04-16 14:54 . 2013-04-16 14:54 78432 ----a-w- c:\windows\system32\amdpcom64.dll 2013-04-16 14:54 . 2013-04-16 14:54 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll 2013-04-16 14:54 . 2013-04-16 14:54 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll 2013-04-16 14:53 . 2013-04-16 14:53 112440 ----a-w- c:\windows\system32\atiu9p64.dll 2013-04-16 14:53 . 2013-04-16 14:53 7285360 ----a-w- c:\windows\SysWow64\atidxx32.dll 2013-04-16 14:53 . 2013-04-16 14:53 4997736 ----a-w- c:\windows\system32\atiumd6a.dll 2013-04-16 14:53 . 2013-04-16 14:53 6983040 ----a-w- c:\windows\system32\atiumd64.dll 2013-04-16 14:51 . 2013-04-16 14:51 11653632 ----a-w- c:\windows\system32\drivers\atikmdag.sys 2013-04-16 14:37 . 2013-04-16 14:37 222720 ----a-w- c:\windows\system32\clinfo.exe 2013-04-16 14:37 . 2013-04-16 14:37 1187342 ----a-w- c:\windows\system32\amdocl_as64.exe 2013-04-16 14:37 . 2013-04-16 14:37 1061902 ----a-w- c:\windows\system32\amdocl_ld64.exe 2013-04-16 14:37 . 2013-04-16 14:37 995342 ----a-w- c:\windows\SysWow64\amdocl_as32.exe 2013-04-16 14:37 . 2013-04-16 14:37 798734 ----a-w- c:\windows\SysWow64\amdocl_ld32.exe 2013-04-16 14:37 . 2013-04-16 14:37 76288 ----a-w- c:\windows\system32\OpenVideo64.dll 2013-04-16 14:37 . 2013-04-16 14:37 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll 2013-04-16 14:37 . 2013-04-16 14:37 64000 ----a-w- c:\windows\system32\OVDecode64.dll 2013-04-16 14:36 . 2013-04-16 14:36 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll 2013-04-16 14:36 . 2013-04-16 14:36 29150208 ----a-w- c:\windows\system32\amdocl64.dll 2013-04-16 14:35 . 2013-04-16 14:35 23593984 ----a-w- c:\windows\system32\atio6axx.dll 2013-04-16 14:34 . 2013-04-16 14:34 23810560 ----a-w- c:\windows\SysWow64\amdocl.dll 2013-04-16 14:33 . 2013-04-16 14:33 54784 ----a-w- c:\windows\system32\OpenCL.dll 2013-04-16 14:33 . 2013-04-16 14:33 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll 2013-04-16 14:27 . 2013-04-16 14:27 163840 ----a-w- c:\windows\system32\atiapfxx.exe 2013-04-16 14:24 . 2013-04-16 14:24 51200 ----a-w- c:\windows\system32\aticalrt64.dll 2013-04-16 14:24 . 2013-04-16 14:24 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll 2013-04-16 14:24 . 2013-04-16 14:24 44544 ----a-w- c:\windows\system32\aticalcl64.dll 2013-04-16 14:24 . 2013-04-16 14:24 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll 2013-04-16 14:24 . 2013-04-16 14:24 16082944 ----a-w- c:\windows\system32\aticaldd64.dll 2013-04-16 14:24 . 2013-04-16 14:24 76800 ----a-w- c:\windows\system32\coinst_12.102.3.dll 2013-04-16 14:20 . 2013-04-16 14:20 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll 2013-04-16 14:16 . 2013-04-16 14:16 19772416 ----a-w- c:\windows\SysWow64\atioglxx.dll 2013-04-16 14:03 . 2013-04-16 14:03 442368 ----a-w- c:\windows\system32\atidemgy.dll 2013-04-16 14:02 . 2013-04-16 14:02 562688 ----a-w- c:\windows\system32\atieclxx.exe 2013-04-16 14:01 . 2013-04-16 14:01 241152 ----a-w- c:\windows\system32\atiesrxx.exe 2013-04-16 14:00 . 2013-04-16 14:00 120320 ----a-w- c:\windows\system32\atitmm64.dll 2013-04-16 14:00 . 2013-04-16 14:00 26112 ----a-w- c:\windows\system32\atimuixx.dll 2013-04-16 14:00 . 2013-04-16 14:00 59392 ----a-w- c:\windows\system32\atiedu64.dll 2013-04-16 14:00 . 2013-04-16 14:00 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll 2013-04-16 13:36 . 2013-04-16 13:36 635392 ----a-w- c:\windows\system32\atiadlxx.dll 2013-04-16 13:36 . 2013-04-16 13:36 430080 ----a-w- c:\windows\SysWow64\atiadlxy.dll 2013-04-16 13:35 . 2013-04-16 13:35 17920 ----a-w- c:\windows\system32\atig6pxx.dll 2013-04-16 13:35 . 2013-04-16 13:35 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll 2013-04-16 13:35 . 2013-04-16 13:35 14848 ----a-w- c:\windows\system32\atiglpxx.dll 2013-04-16 13:35 . 2013-04-16 13:35 44032 ----a-w- c:\windows\system32\atig6txx.dll 2013-04-16 13:35 . 2013-04-16 13:35 34816 ----a-w- c:\windows\SysWow64\atigktxx.dll 2013-04-16 13:35 . 2013-04-16 13:35 581120 ----a-w- c:\windows\system32\drivers\atikmpag.sys 2013-04-16 13:35 . 2013-04-16 13:35 79360 ----a-w- c:\windows\system32\amdave64.dll 2013-04-16 13:34 . 2013-04-16 13:34 78336 ----a-w- c:\windows\SysWow64\amdave32.dll 2013-04-16 13:34 . 2013-04-16 13:34 74240 ----a-w- c:\windows\system32\atisamu64.dll 2013-04-16 13:34 . 2013-04-16 13:34 71168 ----a-w- c:\windows\SysWow64\atisamu32.dll 2013-04-16 13:31 . 2013-04-16 13:31 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-04-28 16:43 . 2012-11-19 22:56 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-04-28 16:43 . 2012-11-19 22:56 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-04-28 16:42 . 2012-11-11 19:16 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-04-28 16:42 . 2012-11-11 19:16 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-04-21 20:06 . 2012-10-31 15:58 72702784 ----a-w- c:\windows\system32\MRT.exe 2013-04-16 14:54 . 2013-03-14 21:19 118584 ----a-w- c:\windows\SysWow64\atiuxpag.dll 2013-04-16 14:54 . 2012-09-28 01:11 139696 ----a-w- c:\windows\system32\atiuxp64.dll 2013-04-16 14:53 . 2013-03-14 21:19 92304 ----a-w- c:\windows\SysWow64\atiu9pag.dll 2013-04-16 14:53 . 2013-03-14 21:19 970912 ----a-w- c:\windows\SysWow64\aticfx32.dll 2013-04-16 14:53 . 2012-09-28 01:41 1154240 ----a-w- c:\windows\system32\aticfx64.dll 2013-04-16 14:53 . 2012-09-28 01:22 8322576 ----a-w- c:\windows\system32\atidxx64.dll 2013-04-16 14:53 . 2013-03-14 21:19 4448216 ----a-w- c:\windows\SysWow64\atiumdva.dll 2013-04-16 14:53 . 2013-03-14 21:19 5941680 ----a-w- c:\windows\SysWow64\atiumdag.dll 2013-04-04 13:50 . 2013-03-25 21:25 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-14 16:55 . 2013-03-14 16:55 5067264 ----a-w- c:\windows\system32\amdsc64.dll 2013-03-14 16:55 . 2013-03-14 16:55 4083200 ----a-w- c:\windows\SysWow64\amdsc.dll 2013-03-13 22:33 . 2013-03-13 22:33 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2013-03-13 22:33 . 2013-03-13 22:33 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2013-03-13 22:33 . 2013-03-13 22:33 61952 ----a-w- c:\windows\SysWow64\tdc.ocx 2013-03-13 22:33 . 2013-03-13 22:33 523264 ----a-w- c:\windows\SysWow64\vbscript.dll 2013-03-13 22:33 . 2013-03-13 22:33 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2013-03-13 22:33 . 2013-03-13 22:33 38400 ----a-w- c:\windows\SysWow64\imgutil.dll 2013-03-13 22:33 . 2013-03-13 22:33 361984 ----a-w- c:\windows\SysWow64\html.iec 2013-03-13 22:33 . 2013-03-13 22:33 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll 2013-03-13 22:33 . 2013-03-13 22:33 226304 ----a-w- c:\windows\system32\elshyph.dll 2013-03-13 22:33 . 2013-03-13 22:33 185344 ----a-w- c:\windows\SysWow64\elshyph.dll 2013-03-13 22:33 . 2013-03-13 22:33 158720 ----a-w- c:\windows\SysWow64\msls31.dll 2013-03-13 22:33 . 2013-03-13 22:33 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2013-03-13 22:33 . 2013-03-13 22:33 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2013-03-13 22:33 . 2013-03-13 22:33 138752 ----a-w- c:\windows\SysWow64\wextract.exe 2013-03-13 22:33 . 2013-03-13 22:33 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2013-03-13 22:33 . 2013-03-13 22:33 12800 ----a-w- c:\windows\SysWow64\mshta.exe 2013-03-13 22:33 . 2013-03-13 22:33 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2013-03-13 22:33 . 2013-03-13 22:33 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2013-03-13 22:33 . 2013-03-13 22:33 97280 ----a-w- c:\windows\system32\mshtmled.dll 2013-03-13 22:33 . 2013-03-13 22:33 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-03-13 22:33 . 2013-03-13 22:33 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll 2013-03-13 22:33 . 2013-03-13 22:33 81408 ----a-w- c:\windows\system32\icardie.dll 2013-03-13 22:33 . 2013-03-13 22:33 77312 ----a-w- c:\windows\system32\tdc.ocx 2013-03-13 22:33 . 2013-03-13 22:33 762368 ----a-w- c:\windows\system32\ieapfltr.dll 2013-03-13 22:33 . 2013-03-13 22:33 62976 ----a-w- c:\windows\system32\pngfilt.dll 2013-03-13 22:33 . 2013-03-13 22:33 599552 ----a-w- c:\windows\system32\vbscript.dll 2013-03-13 22:33 . 2013-03-13 22:33 52224 ----a-w- c:\windows\system32\msfeedsbs.dll 2013-03-13 22:33 . 2013-03-13 22:33 51200 ----a-w- c:\windows\system32\imgutil.dll 2013-03-13 22:33 . 2013-03-13 22:33 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-03-13 22:33 . 2013-03-13 22:33 452096 ----a-w- c:\windows\system32\dxtmsft.dll 2013-03-13 22:33 . 2013-03-13 22:33 441856 ----a-w- c:\windows\system32\html.iec 2013-03-13 22:33 . 2013-03-13 22:33 281600 ----a-w- c:\windows\system32\dxtrans.dll 2013-03-13 22:33 . 2013-03-13 22:33 27648 ----a-w- c:\windows\system32\licmgr10.dll 2013-03-13 22:33 . 2013-03-13 22:33 270848 ----a-w- c:\windows\system32\iedkcs32.dll 2013-03-13 22:33 . 2013-03-13 22:33 247296 ----a-w- c:\windows\system32\webcheck.dll 2013-03-13 22:33 . 2013-03-13 22:33 235008 ----a-w- c:\windows\system32\url.dll 2013-03-13 22:33 . 2013-03-13 22:33 216064 ----a-w- c:\windows\system32\msls31.dll 2013-03-13 22:33 . 2013-03-13 22:33 197120 ----a-w- c:\windows\system32\msrating.dll 2013-03-13 22:33 . 2013-03-13 22:33 173568 ----a-w- c:\windows\system32\ieUnatt.exe 2013-03-13 22:33 . 2013-03-13 22:33 167424 ----a-w- c:\windows\system32\iexpress.exe 2013-03-13 22:33 . 2013-03-13 22:33 1509376 ----a-w- c:\windows\system32\inetcpl.cpl 2013-03-13 22:33 . 2013-03-13 22:33 149504 ----a-w- c:\windows\system32\occache.dll 2013-03-13 22:33 . 2013-03-13 22:33 144896 ----a-w- c:\windows\system32\wextract.exe 2013-03-13 22:33 . 2013-03-13 22:33 1400416 ----a-w- c:\windows\system32\ieapfltr.dat 2013-03-13 22:33 . 2013-03-13 22:33 13824 ----a-w- c:\windows\system32\mshta.exe 2013-03-13 22:33 . 2013-03-13 22:33 136192 ----a-w- c:\windows\system32\iepeers.dll 2013-03-13 22:33 . 2013-03-13 22:33 135680 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-03-13 22:33 . 2013-03-13 22:33 12800 ----a-w- c:\windows\system32\msfeedssync.exe 2013-03-13 22:33 . 2013-03-13 22:33 102912 ----a-w- c:\windows\system32\inseng.dll 2013-03-09 18:32 . 2013-03-09 18:32 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2013-03-09 18:04 . 2013-03-09 18:04 418632 ----a-w- c:\windows\system32\drivers\asmtxhci.sys 2013-03-09 18:04 . 2013-03-09 18:04 139592 ----a-w- c:\windows\system32\drivers\asmthub3.sys 2013-03-09 18:03 . 2013-03-09 18:03 20024 ----a-w- c:\windows\system32\drivers\iusb3hcs.sys 2013-03-09 18:03 . 2013-03-09 18:03 44344 ----a-w- c:\windows\system32\drivers\Smb_driver_Intel.sys 2013-03-09 18:03 . 2013-03-09 18:03 9888912 ----a-w- c:\windows\SysWow64\RtsUStoricon.dll 2013-03-09 18:03 . 2013-03-09 18:03 422544 ----a-w- c:\windows\system32\RtsUStor.dll 2013-03-09 18:03 . 2013-03-09 18:03 252048 ----a-w- c:\windows\system32\drivers\RtsUStor.sys 2013-03-09 18:03 . 2013-03-09 18:03 791608 ----a-w- c:\windows\system32\drivers\iusb3xhc.sys 2013-03-09 18:03 . 2013-03-09 18:03 358456 ----a-w- c:\windows\system32\drivers\iusb3hub.sys 2013-03-09 18:03 . 2013-03-09 18:03 49560 ----a-w- c:\windows\system32\drivers\asahci64.sys 2013-03-09 18:03 . 2013-03-09 18:03 41984 ----a-w- c:\windows\system32\ahcipp64.dll 2013-03-09 18:03 . 2013-03-09 18:03 769168 ----a-w- c:\windows\system32\drivers\Rt64win7.sys 2013-03-09 18:03 . 2013-03-09 18:03 74344 ----a-w- c:\windows\system32\RtNicProp64.dll 2013-03-09 18:03 . 2012-10-31 13:54 107552 ----a-w- c:\windows\system32\RTNUninst64.dll 2013-03-09 18:03 . 2013-03-09 18:03 1721576 ----a-w- c:\windows\system32\drivers\wdfcoinstaller01009.dll 2013-03-09 18:03 . 2013-03-09 18:03 15344 ----a-w- c:\windows\system32\drivers\wacomrouterfilter.sys 2013-03-09 18:03 . 2013-03-09 18:03 62784 ----a-w- c:\windows\system32\drivers\HECIx64.sys 2013-03-09 18:02 . 2013-03-09 18:02 28008 ----a-w- c:\windows\system32\drivers\mv91cons.sys 2013-03-09 18:02 . 2013-03-09 18:02 35840 ----a-w- c:\windows\system32\mv91xxm.dll 2013-03-09 18:02 . 2013-03-09 18:02 322920 ----a-w- c:\windows\system32\drivers\mvs91xx.sys 2013-03-09 18:02 . 2013-03-09 18:02 14696 ----a-w- c:\windows\system32\drivers\mvxxmm.sys 2013-02-26 22:40 . 2013-02-26 22:40 246072 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys 2013-02-19 03:57 . 2013-03-09 18:20 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{674ED40D-C9F1-49DA-8B14-2E820885EDEB}\mpengine.dll 2013-02-14 11:41 . 2013-02-14 11:41 96768 ----a-w- c:\windows\system32\drivers\AtihdW76.sys 2013-02-14 11:40 . 2013-02-14 11:40 110080 ----a-w- c:\windows\system32\DelayAPO.dll 2013-02-14 02:52 . 2013-02-14 02:52 239416 ----a-w- c:\windows\system32\drivers\avgtdia.sys 2013-02-12 05:45 . 2013-03-13 22:21 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45 . 2013-03-13 22:21 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45 . 2013-03-13 22:21 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45 . 2013-03-13 22:21 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48 . 2013-03-13 22:21 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-02-12 04:48 . 2013-03-13 22:21 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-02-12 04:12 . 2013-03-13 22:20 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-02-08 03:37 . 2013-02-08 03:37 116536 ----a-w- c:\windows\system32\drivers\avgmfx64.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-04 291608] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440] "Copperhead"="c:\program files (x86)\Razer\Copperhead\razerhid.exe" [2009-11-19 135168] "AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-03-13 4394032] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-04-16 642656] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "HideSCAHealth"= 1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-29 13592] R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-01-20 363800] R3 ASUSstpt;ASUS USB 3.0 Boost Storage Driver (Storage Driver);c:\windows\system32\DRIVERS\ASUSstpt.sys [2011-09-15 24648] R3 ASUSumsc;ASUS USB 3.0 Boost Storage Driver (WDM);c:\windows\system32\DRIVERS\ASUSumsc.sys [2011-09-15 141896] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-02-13 39976] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-19 102368] R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2013-04-23 32000] R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2011-05-27 160768] R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-05 331264] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2012.SP5c\RpcAgentSrv.exe [2008-09-05 68760] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-19 203104] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-10-31 1255736] S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys [2013-03-09 49560] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2013-02-08 71480] S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2013-02-08 311096] S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2013-02-08 116536] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2013-02-08 45880] S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys [2013-01-12 647736] S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys [2013-01-12 28216] S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2013-03-09 20024] S0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\DRIVERS\mv91cons.sys [2013-03-09 28008] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1403010.016\SYMDS64.SYS [2013-01-22 493656] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1403010.016\SYMEFA64.SYS [2013-01-31 1139800] S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x] S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2012-09-04 50296] S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2013-02-26 246072] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2013-02-08 206136] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2013-02-14 239416] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20130412.001\BHDrvx64.sys [2013-04-12 1390680] S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1403010.016\ccSetx64.sys [2012-11-16 168096] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20130426.001\IDSvia64.sys [2013-03-08 513184] S1 ndisrd;WinpkFilter LightWeight Filter;c:\windows\system32\DRIVERS\ndisrd.sys [2011-08-12 32360] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1403010.016\Ironx64.SYS [2012-11-16 224416] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1403010.016\SYMNETS.SYS [2013-01-31 432800] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2013-04-16 241152] S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [2011-10-29 918448] S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [2012-02-02 951936] S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880] S2 AsusFanControlService;AsusFanControlService;c:\program files (x86)\ASUS\AsusFanControlService\1.00.24\AsusFanControlService.exe [2012-02-01 1489024] S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2013\avgfws.exe [2013-02-19 1418184] S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2013-02-27 4937264] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-02-19 282624] S2 BcmBtRSupport;Bluetooth Radio Control Service;c:\windows\system32\BtwRSupportService.exe [2013-01-12 2252088] S2 DTSAudioSvc;DTSAudioSvc;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [2012-12-17 233328] S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-01-10 627936] S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-08-15 178344] S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2012-01-20 161560] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512] S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe [2012-12-24 144520] S3 AiCharger;AiCharger;SysWow64\drivers\AiCharger.sys [x] S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2013-03-09 139592] S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2013-03-09 418632] S3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2013-02-14 96768] S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys [2013-01-12 165688] S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [2013-01-12 21568] S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [2011-09-20 620584] S3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys [2013-01-13 89640] S3 cmudaxp;ASUS Xonar D2X Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [2011-03-10 2725376] S3 copperhd;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [2006-05-24 13824] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-03-08 138912] S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [2010-08-17 26136] S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2013-03-09 358456] S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2013-03-09 791608] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2013-03-09 252048] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2013-03-09 769168] S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys [2013-03-09 44344] S3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys [2013-03-09 15344] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2013-04-29 c:\windows\Tasks\dsmonitor.job - c:\program files (x86)\Uniblue\DriverScanner\dsmonitor.exe [2012-12-17 14:47] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Broadcom Wireless Manager UI"="c:\program files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe" [2012-10-31 7138816] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-12-21 170264] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-12-21 398104] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-12-21 440600] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-12-17 6468712] "RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-12-17 1158248] "Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704] "Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://google.co.uk/ mLocal Page = c:\windows\SysWOW64\blank.htm IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: Interfaces\{FA2A45A9-838D-4B41-86CF-27C0B88D5BF2}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKU-Default-Run-Norton Download Manager{N360202019-SHPD-FSD31014} - c:\program files (x86)\Norton One\Engine\3.2.0.19\ccSvcHst.exe SafeBoot-15050442.sys HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\20.3.1.22\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\ibVPN\ibVPN.service.exe c:\program files (x86)\ASUS\AI Suite II\AsRoutineController.exe c:\program files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe c:\windows\SysWOW64\PnkBstrA.exe . ************************************************************************** . Completion time: 2013-04-29 18:03:13 - machine was rebooted ComboFix-quarantined-files.txt 2013-04-29 17:03 . Pre-Run: 99,796,221,952 bytes free Post-Run: 99,633,213,440 bytes free . - - End Of File - - 762C62E6A993B83946E43AD49071F7A4
  9. RogueKiller V8.5.4 [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Game-SSD-256 [Admin rights] Mode : Remove -- Date : 04/28/2013 17:33:50 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 2 ¤¤¤ [DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{FA2A45A9-838D-4B41-86CF-27C0B88D5BF2} : NameServer (8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1) -> NOT REMOVED, USE DNSFIX [DNS] HKLM\[...]\ControlSet003\Services\Tcpip\Interfaces\{FA2A45A9-838D-4B41-86CF-27C0B88D5BF2} : NameServer (8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1) -> NOT REMOVED, USE DNSFIX ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Extern Hives: ¤¤¤ -> G:\windows\system32\config\SOFTWARE -> G:\windows\system32\config\SYSTEM -> G:\Users\Default\NTUSER.DAT -> G:\Users\Default User\NTUSER.DAT -> G:\Users\Main-Drive\NTUSER.DAT -> G:\Users\Public\NTUSER.DAT -> G:\Documents and Settings\Default\NTUSER.DAT -> G:\Documents and Settings\Default User\NTUSER.DAT -> H:\windows\system32\config\SOFTWARE -> H:\windows\system32\config\SYSTEM -> H:\Users\Default\NTUSER.DAT -> H:\Users\Default User\NTUSER.DAT -> H:\Users\Mark\NTUSER.DAT -> H:\Documents and Settings\Default\NTUSER.DAT -> H:\Documents and Settings\Default User\NTUSER.DAT ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: OCZ-VERT EX4 SCSI Disk Device +++++ --- User --- [MBR] 9111075785e11e95cd398f43fd9f9abb [bSP] cc57b9db1f778a10ae5ff98f9e0f5a41 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 244096 Mo User = LL1 ... OK! Error reading LL2 MBR! +++++ PhysicalDrive1: WDC WD15 EADS-00P8B0 SCSI Disk Device +++++ --- User --- [MBR] 1a42b657799daaa728a96a15d113e8bc [bSP] 1441e9f0c44801762616e070161eaf60 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1430696 Mo User = LL1 ... OK! Error reading LL2 MBR! +++++ PhysicalDrive2: ATA WDC WD1500ADFD-0 SCSI Disk Device +++++ --- User --- [MBR] 07d39e842648c252ff86f39c2b3500ff [bSP] d9dc1cd6794a344efdd9fa2f66b9f44d : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 143085 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive3: ATA WDC WD5000AAKS-0 SCSI Disk Device +++++ --- User --- [MBR] 45881bb4b7b442b3b1ba14beb66c23f9 [bSP] 442c5281690904715c37fa2c51e713c1 : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476936 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2]_D_04282013_02d1733.txt >> RKreport[1]_S_04282013_02d1733.txt ; RKreport[2]_D_04282013_02d1733.txt
  10. # AdwCleaner v2.300 - Logfile created 04/28/2013 at 17:25:18 # Updated 28/04/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Game-SSD-256 - GAME-SSD-256-PC # Boot Mode : Normal # Running from : C:\Users\Game-SSD-256\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16537 [OK] Registry is clean. ************************* AdwCleaner[R1].txt - [664 octets] - [24/04/2013 22:48:10] AdwCleaner[R2].txt - [723 octets] - [24/04/2013 22:48:45] AdwCleaner[s1].txt - [782 octets] - [24/04/2013 22:48:56] AdwCleaner[s2].txt - [714 octets] - [28/04/2013 17:25:18] ########## EOF - C:\AdwCleaner[s2].txt - [773 octets] ##########
  11. Hi Gringo, Many thanks for your help. Sorry for delay as I have been away. I may have cleared this up myself. I have a dual boot system and ran MBAM from another drive which seems to have got rid of this problem. I will include the logs as you have requested to make sure. Results of screen317's Security Check version 0.99.63 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! Norton Internet Security WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 9 Java version out of Date! Adobe Flash Player 11.5.502.110 Flash Player out of Date! ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe AVG avgwdsvc.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 2% ````````````````````End of Log``````````````````````
  12. Hi, My PC is infected and I can't seem to remove this beast. MBAM calls is 'PUP.Bitcoinminer' and SAS finds 'trojan.dropper/SVCHost-Fake.Process'. Not sure if it's the same thing or different infections. I've run paid for versions of SAS and MBAM, Norton IS 2013, HitmanPro and AVG IS 2013. Each time I reboot they are back. AVG seems to be the only one that stops it from trying to fry my graphics card. Without this it runs the card up to 100% load and the card temp goes way up. If I block all internet access the card goes back to normal. AVG has been the only security suite that is able to block this activity on startup, but it never fully removes it. Please help if you can. Logs are:- DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.9.2 Run by Game-SSD-256 at 21:15:08 on 2013-04-24 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.16329.13229 [GMT 1:00] . AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE C:\Windows\system32\WLANExt.exe C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.24\AsusFanControlService.exe C:\Program Files (x86)\AVG\AVG2013\avgfws.exe C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe C:\Windows\system32\BtwRSupportService.exe C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe C:\Program Files\Intel\iCLS Client\HeciServer.exe C:\Windows\system32\IProsetMonitor.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe C:\Program Files (x86)\ibVPN\ibVPN.service.exe C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe C:\Program Files (x86)\AVG\AVG2013\avgemca.exe C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFi GO! Server.exe C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe C:\Windows\SysWOW64\HsMgr.exe C:\Windows\system\HsMgr64.exe C:\Windows\System32\spool\drivers\x64\3\E_IATIGYE.EXE C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\ASUS Xonar D2X Audio\Customapp\ASUSAUDIOCENTER.EXE C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Razer\Copperhead\razerhid.exe C:\Program Files (x86)\AVG\AVG2013\avgui.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\Razer\Copperhead\razertra.exe C:\Program Files (x86)\Razer\Copperhead\razerofa.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelp.exe C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetiCtrlTray.exe C:\Windows\system32\Macromed\Flash\FlashUtil64_11_7_700_169_ActiveX.exe C:\Windows\sysWOW64\wbem\wmiprvse.exe C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AsDLNAServerReal.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\servicing\TrustedInstaller.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\system32\wuauclt.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Windows\system32\svchost.exe -k SDRSVC C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://google.co.uk/ mWinlogon: Userinit = userinit.exe, BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\coieplg.dll BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ips\ipsbho.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\coieplg.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\coieplg.dll uRun: [EPSON PX720WD Series] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIGYE.EXE /FU "C:\Windows\TEMP\E_S6F65.tmp" /EF "HKCU" uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [Copperhead] C:\Program Files (x86)\Razer\Copperhead\razerhid.exe mRun: [Adobe] C:\Users\Game-SSD-256\AppData\Roaming\Adobe\color.vbe mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY dRun: [Norton Download Manager{N360202019-SHPD-FSD31014}] C:\Program Files (x86)\Norton One\Engine\3.2.0.19\ccSvcHst.exe /m mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: HideSCAHealth = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: Interfaces\{FA2A45A9-838D-4B41-86CF-27C0B88D5BF2} : NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 SSODL: WebCheck - <orphaned> LSA: Notification Packages = scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll x64-Run: [broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s x64-Run: [RtHDVBg_DTS] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /DTSU2P x64-Run: [Cmaudio8788] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd x64-Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe Envoke x64-Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe Envoke x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2013-3-9 49560] R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-2-8 71480] R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-2-8 311096] R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-2-8 116536] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-2-8 45880] R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2013-1-12 647736] R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2013-1-12 28216] R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-3-9 20024] R0 mv91cons;Marvell 91xx Config Device Driver;C:\Windows\System32\drivers\mv91cons.sys [2013-3-9 28008] R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1403010.016\symds64.sys [2013-4-21 493656] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1403010.016\symefa64.sys [2013-4-21 1139800] R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2012-9-4 50296] R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-2-26 246072] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-2-8 206136] R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-2-14 239416] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20130412.001\BHDrvx64.sys [2013-4-13 1390680] R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1403010.016\ccsetx64.sys [2013-4-21 168096] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20130420.001\IDSviA64.sys [2013-4-23 513184] R1 ndisrd;WinpkFilter LightWeight Filter;C:\Windows\System32\drivers\ndisrd.sys [2012-10-31 32360] R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1403010.016\ironx64.sys [2013-4-21 224416] R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1403010.016\symnets.sys [2013-4-21 432800] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-3-14 240640] R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [2011-10-29 918448] R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [2012-2-2 951936] R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2012-10-31 586880] R2 AsusFanControlService;AsusFanControlService;C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.24\AsusFanControlService.exe [2012-10-31 1489024] R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [2013-2-19 1418184] R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-2-27 4937264] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-2-19 282624] R2 BcmBtRSupport;Bluetooth Radio Control Service;C:\Windows\System32\BtwRSupportService.exe [2013-1-12 2252088] R2 DTSAudioSvc;DTSAudioSvc;C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [2012-12-17 233328] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-10-31 13592] R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-1-10 627936] R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-10-31 178344] R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-10-31 161560] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-3-25 418376] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-3-25 701512] R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccsvchst.exe [2013-4-21 144520] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-10-31 363800] R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2013-3-9 139592] R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2013-3-9 418632] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-1-15 96768] R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\System32\drivers\bcbtums.sys [2013-1-12 165688] R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\System32\drivers\bcmvwl64.sys [2013-1-12 21568] R3 btwampfl;btwampfl Bluetooth filter driver;C:\Windows\System32\drivers\btwampfl.sys [2012-10-31 620584] R3 BTWDPAN;Bluetooth Personal Area Network;C:\Windows\System32\drivers\btwdpan.sys [2013-1-13 89640] R3 cmudaxp;ASUS Xonar D2X Audio Interface;C:\Windows\System32\drivers\cmudaxp.sys [2012-11-8 2725376] R3 copperhd;Razer Copperhead Driver;C:\Windows\System32\drivers\copperhd.sys [2006-5-24 13824] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-3-9 138912] R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2012-10-31 160768] R3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);C:\Windows\System32\drivers\ICCWDT.sys [2010-8-17 26136] R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-3-9 358456] R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-3-9 791608] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-3-25 25928] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2013-3-9 252048] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-3-9 769168] R3 SmbDrvI;SmbDrvI;C:\Windows\System32\drivers\Smb_driver_Intel.sys [2013-3-9 44344] R3 wacomrouterfilter;Wacom Router Filter Driver;C:\Windows\System32\drivers\wacomrouterfilter.sys [2013-3-9 15344] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 ASUSstpt;ASUS USB 3.0 Boost Storage Driver (Storage Driver);C:\Windows\System32\drivers\ASUSstpt.sys [2012-10-31 24648] S3 ASUSumsc;ASUS USB 3.0 Boost Storage Driver (WDM);C:\Windows\System32\drivers\ASUSumsc.sys [2012-10-31 141896] S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-10-31 39976] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-9-19 102368] S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\Windows\System32\drivers\hitmanpro37.sys [2013-4-23 32000] S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-10-31 331264] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-1 19456] S3 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP5c\RpcAgentSrv.exe [2012-10-31 68760] S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2012-9-19 203104] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-1 57856] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-31 1255736] . =============== Created Last 30 ================ . 2013-04-23 19:32:07 -------- d-----w- C:\Users\Game-SSD-256\AppData\Roaming\AVG2013 2013-04-23 19:31:46 -------- d-----w- C:\Users\Game-SSD-256\AppData\Roaming\TuneUp Software 2013-04-23 19:31:39 -------- d--h--w- C:\$AVG 2013-04-23 19:31:39 -------- d-----w- C:\ProgramData\AVG2013 2013-04-23 19:31:35 -------- d-----w- C:\Program Files (x86)\AVG 2013-04-23 19:29:17 -------- d--h--w- C:\ProgramData\Common Files 2013-04-23 19:29:17 -------- d-----w- C:\Users\Game-SSD-256\AppData\Local\MFAData 2013-04-23 19:29:17 -------- d-----w- C:\Users\Game-SSD-256\AppData\Local\Avg2013 2013-04-23 19:29:17 -------- d-----w- C:\ProgramData\MFAData 2013-04-23 19:24:18 207968 ----a-w- C:\Windows\System32\drivers\90070457.sys 2013-04-23 18:47:35 -------- d-----w- C:\Program Files\Enigma Software Group 2013-04-23 18:47:25 -------- d-----w- C:\Windows\6B6C4C461B7E4A419E70ACFBB22B1D81.TMP 2013-04-23 18:47:25 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard 2013-04-23 18:39:40 -------- d-----w- C:\Users\Game-SSD-256\AppData\Roaming\SpeedyPC Software 2013-04-23 18:39:40 -------- d-----w- C:\Users\Game-SSD-256\AppData\Roaming\DriverCure 2013-04-23 18:39:33 -------- d-----w- C:\ProgramData\SpeedyPC Software 2013-04-23 18:28:34 -------- d-----w- C:\Program Files\Common Files\EPSON 2013-04-23 18:27:56 88064 ----a-w- C:\Windows\System32\E_IBCBGYE.DLL 2013-04-23 18:27:56 118784 ----a-w- C:\Windows\System32\E_ILMGYE.DLL 2013-04-23 18:27:56 10752 ----a-w- C:\Windows\System32\E_GCINST.DLL 2013-04-23 18:27:44 -------- d-----w- C:\ProgramData\EPSON 2013-04-23 18:15:22 32000 ----a-w- C:\Windows\System32\drivers\hitmanpro37.sys 2013-04-23 18:09:16 -------- d-----w- C:\ProgramData\HitmanPro 2013-04-23 17:17:49 208216 ----a-w- C:\Windows\System32\drivers\97758180.sys 2013-04-21 20:03:08 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll 2013-04-21 20:03:08 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-04-21 20:03:08 43520 ----a-w- C:\Windows\System32\csrsrv.dll 2013-04-21 20:03:08 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-04-21 20:03:08 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-04-21 20:03:08 3153408 ----a-w- C:\Windows\System32\win32k.sys 2013-04-21 20:03:08 112640 ----a-w- C:\Windows\System32\smss.exe 2013-04-21 20:03:07 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys 2013-04-21 19:14:10 432800 ----a-w- C:\Windows\System32\drivers\NISx64\1403010.016\symnets.sys 2013-04-21 19:14:09 796248 ----a-w- C:\Windows\System32\drivers\NISx64\1403010.016\srtsp64.sys 2013-04-21 19:14:09 493656 ----a-w- C:\Windows\System32\drivers\NISx64\1403010.016\symds64.sys 2013-04-21 19:14:09 36952 ----a-w- C:\Windows\System32\drivers\NISx64\1403010.016\srtspx64.sys 2013-04-21 19:14:09 23448 ----a-r- C:\Windows\System32\drivers\NISx64\1403010.016\symelam.sys 2013-04-21 19:14:09 224416 ----a-w- C:\Windows\System32\drivers\NISx64\1403010.016\ironx64.sys 2013-04-21 19:14:09 168096 ----a-w- C:\Windows\System32\drivers\NISx64\1403010.016\ccsetx64.sys 2013-04-21 19:14:09 1139800 ----a-w- C:\Windows\System32\drivers\NISx64\1403010.016\symefa64.sys 2013-04-21 19:14:06 -------- d-----w- C:\Windows\System32\drivers\NISx64\1403010.016 2013-03-29 15:01:51 -------- d-----w- C:\Program Files (x86)\AMD AVT 2013-03-29 15:01:50 -------- d-----w- C:\Program Files (x86)\AMD APP 2013-03-25 21:26:22 -------- d-----w- C:\Users\Game-SSD-256\AppData\Local\Programs 2013-03-25 21:25:56 -------- d-----w- C:\Users\Game-SSD-256\AppData\Roaming\Malwarebytes 2013-03-25 21:25:53 -------- d-----w- C:\ProgramData\Malwarebytes 2013-03-25 21:25:52 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-03-25 21:25:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware . ==================== Find3M ==================== . 2013-04-23 16:57:42 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-04-23 16:57:42 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-03-14 21:17:16 11613184 ----a-w- C:\Windows\System32\drivers\atikmdag.sys 2013-03-14 20:47:54 24090112 ----a-w- C:\Windows\System32\atio6axx.dll 2013-03-14 20:47:08 77312 ----a-w- C:\Windows\System32\coinst_12.10.17.dll 2013-03-14 20:44:30 163840 ----a-w- C:\Windows\System32\atiapfxx.exe 2013-03-14 20:42:10 51200 ----a-w- C:\Windows\System32\aticalrt64.dll 2013-03-14 20:42:08 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll 2013-03-14 20:42:02 44544 ----a-w- C:\Windows\System32\aticalcl64.dll 2013-03-14 20:42:02 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll 2013-03-14 20:41:50 16082944 ----a-w- C:\Windows\System32\aticaldd64.dll 2013-03-14 20:37:36 13703168 ----a-w- C:\Windows\SysWow64\aticaldd.dll 2013-03-14 20:31:50 19864064 ----a-w- C:\Windows\SysWow64\atioglxx.dll 2013-03-14 20:21:40 442368 ----a-w- C:\Windows\System32\atidemgy.dll 2013-03-14 20:21:30 561152 ----a-w- C:\Windows\System32\atieclxx.exe 2013-03-14 20:20:42 240640 ----a-w- C:\Windows\System32\atiesrxx.exe 2013-03-14 20:19:22 120320 ----a-w- C:\Windows\System32\atitmm64.dll 2013-03-14 20:19:08 25600 ----a-w- C:\Windows\System32\atimuixx.dll 2013-03-14 20:19:04 59392 ----a-w- C:\Windows\System32\atiedu64.dll 2013-03-14 20:18:58 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll 2013-03-14 19:56:46 630272 ----a-w- C:\Windows\System32\atiadlxx.dll 2013-03-14 19:56:36 425984 ----a-w- C:\Windows\SysWow64\atiadlxy.dll 2013-03-14 19:56:34 79360 ----a-w- C:\Windows\System32\amdave64.dll 2013-03-14 19:56:28 78336 ----a-w- C:\Windows\SysWow64\amdave32.dll 2013-03-14 19:56:20 17920 ----a-w- C:\Windows\System32\atig6pxx.dll 2013-03-14 19:56:18 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll 2013-03-14 19:56:18 14848 ----a-w- C:\Windows\System32\atiglpxx.dll 2013-03-14 19:56:16 74240 ----a-w- C:\Windows\System32\atisamu64.dll 2013-03-14 19:56:14 44032 ----a-w- C:\Windows\System32\atig6txx.dll 2013-03-14 19:56:10 71168 ----a-w- C:\Windows\SysWow64\atisamu32.dll 2013-03-14 19:56:06 34816 ----a-w- C:\Windows\SysWow64\atigktxx.dll 2013-03-14 19:55:58 576000 ----a-w- C:\Windows\System32\drivers\atikmpag.sys 2013-03-14 19:51:54 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll 2013-03-14 17:06:10 222720 ----a-w- C:\Windows\System32\clinfo.exe 2013-03-14 17:05:50 76288 ----a-w- C:\Windows\System32\OpenVideo64.dll 2013-03-14 17:05:46 65536 ----a-w- C:\Windows\SysWow64\OpenVideo.dll 2013-03-14 17:05:42 64000 ----a-w- C:\Windows\System32\OVDecode64.dll 2013-03-14 17:05:38 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll 2013-03-14 17:05:28 29149696 ----a-w- C:\Windows\System32\amdocl64.dll 2013-03-14 17:03:32 23810048 ----a-w- C:\Windows\SysWow64\amdocl.dll 2013-03-14 17:01:46 54784 ----a-w- C:\Windows\System32\OpenCL.dll 2013-03-14 17:01:42 50176 ----a-w- C:\Windows\SysWow64\OpenCL.dll 2013-03-14 16:55:26 5067264 ----a-w- C:\Windows\System32\amdsc64.dll 2013-03-14 16:55:22 4083200 ----a-w- C:\Windows\SysWow64\amdsc.dll 2013-03-09 18:32:01 177312 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS 2013-03-09 18:04:12 418632 ----a-w- C:\Windows\System32\drivers\asmtxhci.sys 2013-03-09 18:04:11 139592 ----a-w- C:\Windows\System32\drivers\asmthub3.sys 2013-03-09 18:02:47 110080 ----a-w- C:\Windows\System32\DelayAPO.dll 2013-03-09 18:02:28 28008 ----a-w- C:\Windows\System32\drivers\mv91cons.sys 2013-03-09 18:02:27 35840 ----a-w- C:\Windows\System32\mv91xxm.dll 2013-03-09 18:02:27 322920 ----a-w- C:\Windows\System32\drivers\mvs91xx.sys 2013-03-09 18:02:27 14696 ----a-w- C:\Windows\System32\drivers\mvxxmm.sys 2013-02-26 22:40:46 246072 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys 2013-02-21 10:30:16 1766912 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-02-21 10:29:39 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-02-21 10:29:37 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2013-02-21 10:29:37 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2013-02-21 10:15:07 2240512 ----a-w- C:\Windows\System32\wininet.dll 2013-02-21 10:14:09 3958784 ----a-w- C:\Windows\System32\jscript9.dll 2013-02-21 10:14:05 67072 ----a-w- C:\Windows\System32\iesetup.dll 2013-02-21 10:14:05 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2013-02-19 12:01:03 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-02-19 11:42:14 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-02-19 11:10:53 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe 2013-02-19 10:51:18 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-02-14 02:52:46 239416 ----a-w- C:\Windows\System32\drivers\avgtdia.sys 2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll 2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll 2013-02-12 04:12:05 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys 2013-02-08 03:37:56 116536 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys 2013-02-08 03:37:54 311096 ----a-w- C:\Windows\System32\drivers\avgloga.sys 2013-02-08 03:37:50 71480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys 2013-02-08 03:37:42 206136 ----a-w- C:\Windows\System32\drivers\avgldx64.sys 2013-02-08 03:37:40 45880 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys . ============= FINISH: 21:15:18.05 ===============
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.