robinsons

Members

View Profile See their activity

Posts
16
Joined
May 8, 2013
Last visited
May 22, 2013

Reputation

0 Neutral

Need help with constant IP-BLOCK & Process: svchost.exe

robinsons replied to robinsons's topic in Resolved Malware Removal Logs

It did not take long. 2013/05/17 08:04:39 +0900 THOR Dave MESSAGE IP Protection started successfully 2013/05/17 08:47:36 +0900 THOR Dave IP-BLOCK 218.10.163.106 (Type: outgoing, Port: 49563, Process: svchost.exe) 2013/05/17 08:47:36 +0900 THOR Dave IP-BLOCK 218.10.163.106 (Type: incoming, Port: 49563, Process: svchost.exe) 2013/05/17 08:47:36 +0900 THOR Dave IP-BLOCK 218.10.163.106 (Type: outgoing, Port: 49563, Process: svchost.exe) 2013/05/17 08:47:36 +0900 THOR Dave IP-BLOCK 218.10.163.106 (Type: outgoing, Port: 49563, Process: svchost.exe) 2013/05/17 08:47:44 +0900 THOR Dave IP-BLOCK 218.10.163.106 (Type: outgoing, Port: 49563, Process: svchost.exe) 2013/05/17 08:47:44 +0900 THOR Dave IP-BLOCK 218.10.163.106 (Type: incoming, Port: 49563, Process: svchost.exe) 2013/05/17 08:47:44 +0900 THOR Dave IP-BLOCK 218.10.163.106 (Type: outgoing, Port: 49563, Process: svchost.exe) 2013/05/17 08:47:44 +0900 THOR Dave IP-BLOCK 218.10.163.106 (Type: incoming, Port: 49563, Process: svchost.exe) 2013/05/17 08:47:44 +0900 THOR Dave IP-BLOCK 218.10.163.106 (Type: outgoing, Port: 49563, Process: svchost.exe) 2013/05/17 08:47:44 +0900 THOR Dave IP-BLOCK 218.10.163.106 (Type: incoming, Port: 49563, Process: svchost.exe)
- May 17, 2013
- 30 replies
Need help with constant IP-BLOCK & Process: svchost.exe

robinsons replied to robinsons's topic in Resolved Malware Removal Logs

I know what two of those processes are, but not the raid tool. That may be the problem. I'll get back to you after I get home from work and I'll let you know what happens.
- May 16, 2013
- 30 replies
Need help with constant IP-BLOCK & Process: svchost.exe

robinsons replied to robinsons's topic in Resolved Malware Removal Logs

OTL logfile created on: 5/17/2013 6:02:19 AM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dave\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.95 Gb Total Physical Memory | 5.69 Gb Available Physical Memory | 71.57% Memory free 15.89 Gb Paging File | 13.36 Gb Available in Paging File | 84.06% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 111.69 Gb Total Space | 10.41 Gb Free Space | 9.32% Space Free | Partition Type: NTFS Drive E: | 1863.01 Gb Total Space | 1589.84 Gb Free Space | 85.34% Space Free | Partition Type: NTFS Drive F: | 931.51 Gb Total Space | 299.07 Gb Free Space | 32.11% Space Free | Partition Type: NTFS Drive G: | 465.76 Gb Total Space | 413.75 Gb Free Space | 88.83% Space Free | Partition Type: NTFS Drive H: | 2794.39 Gb Total Space | 2558.29 Gb Free Space | 91.55% Space Free | Partition Type: NTFS Computer Name: THOR | User Name: Dave | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/05/15 22:32:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dave\Desktop\OTL.exe PRC - [2013/05/10 16:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013/05/09 17:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2013/05/09 17:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2013/04/02 14:21:54 | 002,220,784 | ---- | M] (AgileBits) -- C:\Program Files (x86)\1Password\Agile1pAgent.exe PRC - [2013/04/02 14:21:46 | 000,768,752 | ---- | M] (AgileBits) -- C:\Program Files (x86)\1Password\Agile1pService.exe PRC - [2013/03/12 16:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\Dave\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2013/02/26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2013/02/19 08:28:08 | 014,800,896 | ---- | M] () -- C:\Program Files (x86)\FAHClient\FAHClient.exe PRC - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012/04/11 16:00:04 | 002,040,136 | ---- | M] (Gainward Co. Ltd.) -- C:\Program Files (x86)\EXPERTool\TBPanel.exe PRC - [2012/03/01 22:03:12 | 001,376,896 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFile\WiFileTransfer.exe PRC - [2012/03/01 22:03:10 | 003,979,904 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFi GO! Server.exe PRC - [2012/03/01 20:12:40 | 000,658,048 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AsDLNAServerReal.exe PRC - [2012/02/29 06:02:52 | 001,154,176 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe PRC - [2012/02/22 14:59:18 | 001,493,120 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.25\AsusFanControlService.exe PRC - [2012/02/17 15:26:00 | 000,149,120 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe PRC - [2012/02/08 03:10:34 | 001,111,680 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe PRC - [2012/02/07 17:53:32 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe PRC - [2012/02/02 18:56:36 | 000,951,936 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe PRC - [2012/01/10 09:39:40 | 001,501,824 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe PRC - [2012/01/05 04:59:50 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2012/01/03 22:13:24 | 001,256,576 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe PRC - [2011/11/29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011/11/29 20:04:54 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe PRC - [2011/10/31 09:57:48 | 000,465,536 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe PRC - [2011/10/29 09:59:26 | 000,918,448 | ---- | M] () -- C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe PRC - [2011/09/08 21:29:12 | 001,112,704 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe PRC - [2011/05/27 11:07:36 | 000,160,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe PRC - [2010/11/26 21:50:04 | 002,931,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe PRC - [2010/11/25 16:12:56 | 000,252,544 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe PRC - [2010/08/23 09:11:28 | 000,206,240 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe PRC - [2010/05/10 11:04:16 | 000,465,536 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe PRC - [2009/07/09 16:10:24 | 000,681,256 | ---- | M] (CyberLink Corporation.) -- C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe PRC - [2009/06/03 20:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe ========== Modules (No Company Name) ========== MOD - [2013/05/15 17:38:39 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll MOD - [2013/05/15 17:38:28 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll MOD - [2013/05/15 17:38:26 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll MOD - [2013/02/19 08:28:08 | 014,800,896 | ---- | M] () -- C:\Program Files (x86)\FAHClient\FAHClient.exe MOD - [2013/01/14 21:54:22 | 000,487,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\7ffdaee3a54ffd1a5e3b008a5bde5ecf\IAStorUtil.ni.dll MOD - [2013/01/14 21:54:22 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\389a1832a3da11e1b409cd6ae60cb9fa\IAStorCommon.ni.dll MOD - [2013/01/14 20:24:13 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013/01/14 20:23:56 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013/01/14 20:23:46 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1a66b44c4780c039576eaf18f4cd8dc\System.Xml.ni.dll MOD - [2013/01/14 20:23:43 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013/01/14 20:23:40 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2012/11/21 12:20:16 | 000,376,832 | ---- | M] () -- C:\Program Files (x86)\1Password\js3215R.dll MOD - [2012/03/01 20:32:00 | 001,498,624 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\WiFiGO.dll MOD - [2012/02/24 18:57:56 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\MirrorOpSender.dll MOD - [2012/02/22 10:53:58 | 000,184,320 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\DLCapPP.dll MOD - [2012/02/15 10:25:02 | 000,712,704 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiMoveHelp.dll MOD - [2012/02/13 09:53:06 | 000,883,712 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll MOD - [2012/02/10 11:29:44 | 001,047,040 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll MOD - [2012/02/09 17:09:38 | 001,118,208 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\Network iControl.dll MOD - [2012/02/06 21:08:30 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFile\pngio.dll MOD - [2012/01/19 09:39:30 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\USB BIOS Flashback\PEInfo.dll MOD - [2012/01/18 22:39:26 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\IsSupported.dll MOD - [2012/01/12 16:44:02 | 000,475,136 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFiGO_HookKey.dll MOD - [2011/12/29 20:45:12 | 001,296,384 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll MOD - [2011/12/29 02:13:20 | 000,043,520 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll MOD - [2011/12/04 01:28:36 | 000,655,360 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\PhoneCtrlAPI.dll MOD - [2011/10/14 20:03:22 | 000,885,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/09/26 19:36:24 | 000,869,376 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\AI Charger+\AIChargerPlus.dll MOD - [2011/09/26 18:37:26 | 001,616,384 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll MOD - [2011/09/20 18:11:28 | 000,985,600 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll MOD - [2011/09/19 20:18:20 | 001,243,136 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll MOD - [2011/09/07 23:23:54 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll MOD - [2011/08/16 19:31:36 | 000,229,376 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\AudioProjection.dll MOD - [2011/08/09 14:52:50 | 000,425,984 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\awiscale.dll MOD - [2011/07/21 09:06:44 | 000,846,848 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll MOD - [2011/07/12 19:14:52 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll MOD - [2010/12/14 17:46:32 | 000,067,584 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\CoreAudioCap.dll MOD - [2010/10/05 08:22:50 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll MOD - [2010/10/05 08:22:50 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll MOD - [2010/09/23 11:51:36 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\USB BIOS Flashback\AsIdxParser.dll MOD - [2010/08/23 11:17:40 | 000,662,016 | R--- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMLib.dll MOD - [2010/02/25 14:01:30 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\USB BIOS Flashback\AsZip.dll MOD - [2009/08/12 20:15:52 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\pngio.dll MOD - [2009/06/03 20:59:14 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009/06/03 20:59:02 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2008/09/12 12:06:04 | 007,775,528 | ---- | M] () -- C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\Res.dll ========== Services (SafeList) ========== SRV:64bit: - [2013/05/09 17:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV:64bit: - [2012/01/23 23:30:22 | 000,233,328 | ---- | M] (DTS, Inc) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe -- (DTSAudioSvc) SRV:64bit: - [2011/09/28 04:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV:64bit: - [2011/08/15 17:38:50 | 000,178,344 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel® SRV:64bit: - [2009/07/14 10:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/07/14 10:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013/05/15 18:41:05 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/05/10 16:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013/05/04 08:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013/04/13 22:45:53 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2013/04/02 14:21:46 | 000,768,752 | ---- | M] (AgileBits) [Auto | Running] -- C:\Program Files (x86)\1Password\Agile1pService.exe -- (Agile1Password) SRV - [2013/02/26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012/10/10 02:22:26 | 000,277,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012/04/26 15:03:36 | 000,135,584 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service) SRV - [2012/02/22 14:59:18 | 001,493,120 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.25\AsusFanControlService.exe -- (AsusFanControlService) SRV - [2012/02/17 15:26:00 | 000,149,120 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe -- (AsSysCtrlService) SRV - [2012/02/07 17:53:32 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012/02/02 18:56:36 | 000,951,936 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe -- (asHmComSvc) SRV - [2011/11/29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2011/10/29 09:59:26 | 000,918,448 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe -- (asComSvc) SRV - [2011/09/19 16:59:40 | 000,278,336 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService) SRV - [2011/08/07 21:40:00 | 003,804,120 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc) SRV - [2011/05/27 11:07:36 | 000,160,768 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe -- (ICCS) SRV - [2011/03/13 10:58:30 | 000,074,912 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc) SRV - [2010/12/02 11:34:52 | 000,258,688 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\Disk Unlocker\ASPFSVS64.exe -- (ASDiskUnlocker) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/11 06:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2005/02/09 12:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Auto | Stopped] -- C:\Windows\SysWOW64\drivers\Pclepci.sys -- (PCLEPCI) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013/05/09 17:59:07 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2013/05/09 17:59:07 | 000,378,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2013/05/09 17:59:07 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm) DRV:64bit: - [2013/05/09 17:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2013/05/09 17:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt) DRV:64bit: - [2013/05/09 17:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2013/05/09 17:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2013/05/09 17:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2013/03/28 12:12:04 | 001,605,760 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw89.sys -- (hcw89) DRV:64bit: - [2013/02/18 09:22:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012/10/10 02:22:28 | 005,343,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012/08/23 23:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012/08/23 23:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012/08/23 23:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012/08/06 16:02:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2012/03/01 15:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/01/06 10:44:12 | 000,049,760 | ---- | M] (Asmedia Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\asahci64.sys -- (asahci64) DRV:64bit: - [2012/01/05 04:58:50 | 000,786,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012/01/05 04:58:50 | 000,355,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012/01/05 04:58:50 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2011/12/29 08:57:26 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss) DRV:64bit: - [2011/12/06 04:23:08 | 000,331,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2011/11/29 19:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011/11/03 11:10:42 | 000,395,752 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci) DRV:64bit: - [2011/11/03 11:10:42 | 000,130,536 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3) DRV:64bit: - [2011/10/27 15:34:32 | 002,791,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011/09/02 15:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2011/09/02 15:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2011/08/12 19:13:36 | 000,032,360 | R--- | M] (NT Kernel Resources) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ndisrd.sys -- (ndisrd) DRV:64bit: - [2011/08/02 17:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl) DRV:64bit: - [2011/07/20 10:37:56 | 000,342,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) DRV:64bit: - [2011/03/13 10:58:44 | 000,280,224 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:64bit: - [2011/03/13 10:58:44 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:64bit: - [2011/03/13 10:58:44 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP) DRV:64bit: - [2011/03/13 10:58:44 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV:64bit: - [2011/03/13 10:58:42 | 000,298,656 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:64bit: - [2011/03/13 10:58:42 | 000,051,872 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU) DRV:64bit: - [2011/03/13 10:58:42 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort) DRV:64bit: - [2011/03/13 10:58:42 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS) DRV:64bit: - [2011/03/11 15:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 15:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/21 12:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010/11/21 12:23:48 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2010/11/21 12:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/11 01:11:52 | 000,141,384 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdserd.sys -- (sscdserd) DRV:64bit: - [2010/11/11 01:11:50 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm) DRV:64bit: - [2010/11/11 01:11:50 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) DRV:64bit: - [2010/11/11 01:11:50 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl) DRV:64bit: - [2010/09/21 11:29:36 | 000,043,136 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\VDiskBus64.sys -- (VDiskBus) DRV:64bit: - [2010/08/18 02:28:32 | 000,026,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ICCWDT.sys -- (ICCWDT) DRV:64bit: - [2010/08/10 18:29:15 | 000,120,920 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV:64bit: - [2010/05/05 16:38:26 | 000,014,592 | ---- | M] (ASUSTek Computer Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AiCharger.sys -- (AiCharger) DRV:64bit: - [2009/09/17 07:05:02 | 000,145,448 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\sentinel64.sys -- (Sentinel64) DRV:64bit: - [2009/09/15 13:59:30 | 000,042,088 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvoclk64.sys -- (nvoclk64) DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009/07/14 10:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 10:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 10:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/07 21:04:08 | 000,024,560 | ---- | M] (Cyberlink Co.,Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CLBStor.sys -- (CLBStor) DRV:64bit: - [2009/07/07 21:04:06 | 000,372,720 | ---- | M] (CyberLink Corporation.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\CLBUDF.sys -- (CLBUDF) DRV:64bit: - [2009/06/11 05:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/11 05:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/11 05:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/11 05:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2007/08/14 10:36:58 | 000,035,328 | ---- | M] (Belkin Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcgame.sys -- (bcgame) DRV:64bit: - [2005/09/23 22:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus) DRV - [2010/10/20 20:05:18 | 000,014,592 | ---- | M] (ASUSTek Computer Inc.) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\AiCharger.sys -- (AiCharger) DRV - [2010/09/16 20:56:06 | 000,016,512 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\ASUS\Disk Unlocker\ASFLTDrv64.sys -- (ASFLTDrv.sys) DRV - [2009/07/14 10:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2005/01/02 03:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1138959340-716816467-326597263-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://acsc.blackboard.com/webapps/login/ IE - HKU\S-1-5-21-1138959340-716816467-326597263-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKU\S-1-5-21-1138959340-716816467-326597263-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BB D2 92 6D EF 3B CD 01 [binary data] IE - HKU\S-1-5-21-1138959340-716816467-326597263-1000\..\SearchScopes,DefaultScope = {966A047C-5387-4F5F-BBA7-7104B9B61A4D} IE - HKU\S-1-5-21-1138959340-716816467-326597263-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1138959340-716816467-326597263-1000\..\SearchScopes\{966A047C-5387-4F5F-BBA7-7104B9B61A4D}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKU\S-1-5-21-1138959340-716816467-326597263-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1138959340-716816467-326597263-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local> IE - HKU\S-1-5-21-1138959340-716816467-326597263-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.my.af.mil/gcss-af/USAF/ep/globalTab.do?channelPageId=s6925EC1356510FB5E044080020E329A9 IE - HKU\S-1-5-21-1138959340-716816467-326597263-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1138959340-716816467-326597263-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKU\S-1-5-21-1138959340-716816467-326597263-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BB D2 92 6D EF 3B CD 01 [binary data] IE - HKU\S-1-5-21-1138959340-716816467-326597263-1012\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1138959340-716816467-326597263-1012\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1138959340-716816467-326597263-1012\..\SearchScopes\{966A047C-5387-4F5F-BBA7-7104B9B61A4D}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKU\S-1-5-21-1138959340-716816467-326597263-1012\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1138959340-716816467-326597263-1012\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local> ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..extensions.enabledAddons: %7Be968fc70-8f95-4ab9-9e79-304de2a71ee1%7D:0.7.3 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: ietab@ip.cn:1.98.20110322 FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.7 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: forcetls@sid.stamm:3.0.0 FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.608 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: F:\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/05/14 07:12:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/13 22:45:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/05/16 13:23:03 | 000,000,000 | ---D | M] [2011/11/21 21:54:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dave\AppData\Roaming\Mozilla\Extensions [2013/05/09 16:52:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\t63g7kua.default\extensions [2013/04/16 15:54:03 | 001,553,209 | ---- | M] () (No name found) -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\t63g7kua.default\extensions\onepassword@agilebits.com.xpi [2013/05/09 16:52:36 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\t63g7kua.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012/10/21 16:55:46 | 000,042,336 | ---- | M] () (No name found) -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\t63g7kua.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2013/02/23 15:17:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/10/22 19:32:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012/10/22 19:32:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012/11/02 20:33:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013/04/13 22:45:53 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011/11/23 18:20:16 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll [2012/09/07 21:00:14 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013/02/21 18:56:41 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2013/05/16 13:02:32 | 000,447,028 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 15377 more lines... O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2:64bit: - BHO: (avast! Ad Blocker) - {FFCB3198-32F3-4E8B-9539-4324694ED663} - C:\Program Files (x86)\AVAST Software\avast! Ad Blocker IE\Adblocker64.dll (AVAST Software) O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found. O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (1Password) - {CB1A24DA-7416-4921-A0CF-5AA1160AAE2A} - C:\Program Files (x86)\1Password\Agile1pIE.dll (AgileBits) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (avast! Ad Blocker) - {FFCB3198-32F3-4E8B-9539-4324694ED663} - C:\Program Files (x86)\AVAST Software\avast! Ad Blocker IE\Adblocker32.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKU\S-1-5-21-1138959340-716816467-326597263-1012\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg_DTS] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Agile1pAgent] C:\Program Files (x86)\1Password\Agile1pAgent.exe (AgileBits) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [ASUS ShellProcess Execute] C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [ASUS WiFi GO! FileTransfer Execute] C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFile\WiFileTransfer.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [iJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.) O4 - HKLM..\Run: [instantBurn] C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe (CyberLink Corporation.) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [spybotSnD] C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited) O4 - HKLM..\Run: [updateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [uSB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKU\S-1-5-21-1138959340-716816467-326597263-1000..\Run: [TBPanel] C:\Program Files (x86)\EXPERTool\TBPanel.exe (Gainward Co. Ltd.) O4 - HKU\S-1-5-21-1138959340-716816467-326597263-1012..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found O4 - HKU\S-1-5-21-1138959340-716816467-326597263-1012..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1138959340-716816467-326597263-1012..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-21-1138959340-716816467-326597263-1012..\Run: [TBPanel] C:\Program Files (x86)\EXPERTool\TBPanel.exe (Gainward Co. Ltd.) O4 - HKU\S-1-5-21-1138959340-716816467-326597263-1012..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Dave\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1138959340-716816467-326597263-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1138959340-716816467-326597263-1012\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found O9 - Extra Button: 1Password - {00FAC6C9-C494-4AD8-B3C0-DE677AFDDBD8} - C:\Program Files (x86)\1Password\Agile1pIE.dll (AgileBits) O9 - Extra 'Tools' menuitem : 1Password Ctrl+\ - {00FAC6C9-C494-4AD8-B3C0-DE677AFDDBD8} - C:\Program Files (x86)\1Password\Agile1pIE.dll (AgileBits) O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{84CEE7B0-FFA9-4522-BDCD-EED95C22DDB9}: DhcpNameServer = 111.87.221.145 111.87.221.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC9273AD-01FF-40B7-9E87-FBF50B0F36B8}: DhcpNameServer = 192.168.0.20 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F3B12DFE-FF59-4668-BCE2-7F803D3F0D50}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\x-excid - No CLSID value found O18:64bit: - Protocol\Handler\x-owacid2 - No CLSID value found O18 - Protocol\Handler\x-excid {9D6CC632-1337-4a33-9214-2DA092E776F4} - C:\Windows\Downloaded Program Files\mimectl.dll (Microsoft Corporation) O18 - Protocol\Handler\x-owacid2 {5B290518-830E-4C57-A66B-E4F748900C27} - C:\Program Files (x86)\Microsoft\SMIME Client (2010)\mimectl.dll (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found O20 - Winlogon\Notify\LBTWlgn: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found O20 - Winlogon\Notify\ScCertProp: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011/12/11 21:33:06 | 000,000,107 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/05/15 22:32:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dave\Desktop\OTL.exe [2013/05/15 17:32:18 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys [2013/05/15 17:32:18 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2013/05/15 17:32:12 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll [2013/05/15 17:32:12 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll [2013/05/15 17:32:12 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll [2013/05/15 17:32:12 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe [2013/05/15 17:32:07 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll [2013/05/15 17:32:03 | 000,735,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013/05/15 17:32:02 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013/05/15 17:32:02 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013/05/15 17:32:02 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013/05/15 17:32:02 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013/05/15 17:32:02 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013/05/15 17:32:02 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013/05/14 20:45:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2013/05/14 07:09:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVAST Software [2013/05/13 08:35:25 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2013/05/11 23:53:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013/05/11 23:53:55 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013/05/11 23:53:54 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013/05/11 23:53:54 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013/05/11 23:53:54 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013/05/11 23:53:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013/05/11 23:51:49 | 000,311,200 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2013/05/11 23:51:47 | 000,188,832 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2013/05/11 23:51:47 | 000,188,320 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2013/05/11 23:51:47 | 000,108,448 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [2013/05/11 23:51:43 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013/05/11 23:37:05 | 001,092,512 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2013/05/11 23:37:05 | 000,971,680 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2013/05/11 08:35:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2013/05/10 19:37:59 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FAHClient [2013/05/10 04:50:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/05/10 04:48:56 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013/05/10 04:44:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013/05/10 04:44:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013/05/10 04:44:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013/05/10 04:44:47 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/05/10 04:44:42 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013/05/09 20:27:28 | 005,067,786 | R--- | C] (Swearware) -- C:\Users\Dave\Desktop\ComboFix.exe [2013/05/09 19:28:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013/05/09 07:43:51 | 000,000,000 | ---D | C] -- C:\Users\Dave\Desktop\RK_Quarantine [2013/05/09 07:32:34 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013/05/09 07:32:17 | 000,000,000 | ---D | C] -- C:\JRT [2013/05/09 07:23:41 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Dave\Desktop\JRT.exe [2013/05/08 21:54:06 | 000,000,000 | ---D | C] -- C:\Users\Dave\Desktop\rkill [2013/05/08 20:54:57 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Dave\Desktop\dds.scr [2013/05/02 20:40:46 | 000,000,000 | ---D | C] -- C:\Windows\pss [2013/04/22 10:15:02 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\Canon_Inc_IC [2013/04/22 10:10:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Canon [2013/04/21 19:07:29 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\CANON_INC [2013/04/21 18:29:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Canon_Inc_IC [2013/04/21 18:29:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities [2013/04/21 18:29:35 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\canon [2013/04/21 18:29:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Canon_Inc_IC ========== Files - Modified Within 30 Days ========== [2013/05/17 05:39:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/05/17 05:11:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/05/16 18:11:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/05/16 13:27:23 | 000,020,480 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/05/16 13:27:23 | 000,020,480 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/05/16 13:26:15 | 003,143,630 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/05/16 13:26:15 | 000,961,532 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/05/16 13:26:15 | 000,006,410 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/05/16 13:26:06 | 000,000,000 | ---- | M] () -- C:\Windows\Path.idx [2013/05/16 13:21:03 | 001,048,576 | ---- | M] () -- C:\Windows\PE_Rom.dll [2013/05/16 13:20:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/05/16 13:19:58 | 2104,754,175 | -HS- | M] () -- C:\hiberfil.sys [2013/05/16 13:02:32 | 000,447,028 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013/05/15 22:32:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dave\Desktop\OTL.exe [2013/05/15 18:41:04 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013/05/15 18:41:04 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013/05/15 18:29:52 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2013/05/15 17:44:46 | 000,487,584 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/05/15 17:36:09 | 000,604,767 | ---- | M] () -- C:\Users\Dave\Desktop\kaspersky.csv [2013/05/11 23:53:51 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013/05/11 23:53:51 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013/05/11 23:53:51 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013/05/11 23:53:51 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013/05/11 23:53:50 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll [2013/05/11 23:53:50 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013/05/11 23:51:44 | 001,092,512 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2013/05/11 23:51:44 | 000,971,680 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2013/05/11 23:51:44 | 000,311,200 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2013/05/11 23:51:44 | 000,188,832 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2013/05/11 23:51:44 | 000,188,320 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2013/05/11 23:51:44 | 000,108,448 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [2013/05/10 20:26:43 | 000,000,285 | ---- | M] () -- C:\Users\Dave\AppData\Roaming\GPU MeterV2_Settings.ini [2013/05/10 19:37:59 | 000,002,061 | ---- | M] () -- C:\Users\Dave\Desktop\Folding@home.lnk [2013/05/10 04:50:46 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130516-130232.backup [2013/05/09 20:28:35 | 005,067,786 | R--- | M] (Swearware) -- C:\Users\Dave\Desktop\ComboFix.exe [2013/05/09 19:28:10 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013/05/09 17:59:07 | 001,025,808 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2013/05/09 17:59:07 | 000,378,432 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2013/05/09 17:59:07 | 000,189,936 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys [2013/05/09 17:59:07 | 000,072,016 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys [2013/05/09 17:59:07 | 000,065,336 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys [2013/05/09 17:59:07 | 000,064,288 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2013/05/09 17:59:06 | 000,080,816 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2013/05/09 17:59:06 | 000,033,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2013/05/09 17:58:37 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2013/05/09 17:58:11 | 000,287,840 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2013/05/09 07:24:48 | 000,791,040 | ---- | M] () -- C:\Users\Dave\Desktop\RogueKillerX64.exe [2013/05/09 07:24:12 | 000,628,743 | ---- | M] () -- C:\Users\Dave\Desktop\adwcleaner.exe [2013/05/09 07:23:44 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Dave\Desktop\JRT.exe [2013/05/08 20:55:07 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Dave\Desktop\dds.scr [2013/05/02 20:06:02 | 003,666,639 | ---- | M] () -- C:\Users\Dave\Desktop\Manual of DEVO-7.pdf [2013/04/22 10:10:30 | 000,001,132 | ---- | M] () -- C:\Users\Public\Desktop\Digital Photo Professional.lnk [2013/04/21 18:29:52 | 000,001,197 | ---- | M] () -- C:\Users\Public\Desktop\Picture Style Editor.lnk ========== Files Created - No Company Name ========== [2013/05/15 08:44:43 | 000,604,767 | ---- | C] () -- C:\Users\Dave\Desktop\kaspersky.csv [2013/05/10 19:37:59 | 000,002,061 | ---- | C] () -- C:\Users\Dave\Desktop\Folding@home.lnk [2013/05/10 04:44:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013/05/10 04:44:51 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013/05/10 04:44:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013/05/10 04:44:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013/05/10 04:44:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013/05/09 19:28:10 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013/05/09 07:24:46 | 000,791,040 | ---- | C] () -- C:\Users\Dave\Desktop\RogueKillerX64.exe [2013/05/09 07:24:08 | 000,628,743 | ---- | C] () -- C:\Users\Dave\Desktop\adwcleaner.exe [2013/05/02 20:06:01 | 003,666,639 | ---- | C] () -- C:\Users\Dave\Desktop\Manual of DEVO-7.pdf [2013/04/22 10:10:30 | 000,001,132 | ---- | C] () -- C:\Users\Public\Desktop\Digital Photo Professional.lnk [2013/04/21 18:29:52 | 000,001,197 | ---- | C] () -- C:\Users\Public\Desktop\Picture Style Editor.lnk [2013/02/06 18:33:00 | 000,006,007 | ---- | C] () -- C:\Windows\HCWPNP.INI [2013/01/27 20:51:26 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2013/01/10 15:35:11 | 000,000,076 | ---- | C] () -- C:\Windows\SysWow64\dtirc.dll [2013/01/07 18:22:45 | 000,000,806 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\Drives Meter_Settings.ini [2012/12/09 15:06:38 | 007,261,256 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe [2012/12/09 15:06:38 | 000,018,041 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat [2012/11/11 15:43:06 | 000,000,546 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\All CPU MeterV3_Settings.ini [2012/10/11 19:46:49 | 000,000,532 | ---- | C] () -- C:\Users\Dave\AppData\Local\CastleLinkProps.dat [2012/10/10 02:22:34 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012/10/10 02:22:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin [2012/10/10 02:22:20 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin [2012/09/10 21:44:48 | 000,006,204 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/07/30 08:11:16 | 000,000,285 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\GPU MeterV2_Settings.ini [2012/06/27 07:37:40 | 000,000,244 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\GPU Meter_Settings.ini [2012/06/10 09:05:07 | 000,765,952 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2012/06/10 09:05:07 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2012/05/15 07:51:49 | 000,000,017 | ---- | C] () -- C:\Users\Dave\AppData\Local\resmon.resmoncfg [2012/03/19 23:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2012/03/19 23:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012/03/19 23:31:16 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2012/02/15 07:42:50 | 000,006,144 | ---- | C] () -- C:\Users\Dave\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/02/14 22:25:10 | 000,000,877 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\Network Meter_Settings.ini [2012/02/11 02:53:41 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat [2012/01/25 21:11:38 | 000,000,247 | ---- | C] () -- C:\Users\Dave\.octave_hist [2011/11/26 21:28:48 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\NTIDIB4.dll [2011/11/21 19:58:51 | 000,000,412 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\All CPU Meter_Settings.ini [2011/11/21 13:46:56 | 004,715,184 | ---- | C] () -- C:\Windows\PE_File.dll [2011/11/20 20:08:08 | 001,048,576 | ---- | C] () -- C:\Windows\PE_Rom.dll [2011/11/20 19:09:16 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2011/11/20 19:09:11 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2011/11/20 18:56:49 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2011/11/20 18:56:43 | 000,045,290 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2011/08/11 11:06:32 | 000,007,282 | ---- | C] () -- C:\Windows\cadx2.ini ========== ZeroAccess Check ========== [2009/07/14 13:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 14:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 13:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 10:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 12:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 10:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Files - Unicode (All) ========== [2012/04/19 23:09:13 | 000,000,000 | ---D | M](C:\Windows\SysWow64\???h??) -- C:\Windows\SysWow64\ɬⶕh硎癸 [2012/04/19 23:09:13 | 000,000,000 | ---D | C](C:\Windows\SysWow64\???h??) -- C:\Windows\SysWow64\ɬⶕh硎癸 ========== Alternate Data Streams ========== @Alternate Data Stream - 173 bytes -> C:\ProgramData\Temp:B2304460 @Alternate Data Stream - 163 bytes -> C:\ProgramData\Temp:C895616B @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:054203E4 < End of report >
- May 16, 2013
- 30 replies
Need help with constant IP-BLOCK & Process: svchost.exe

robinsons replied to robinsons's topic in Resolved Malware Removal Logs

Yes
- May 16, 2013
- 30 replies
Need help with constant IP-BLOCK & Process: svchost.exe

robinsons replied to robinsons's topic in Resolved Malware Removal Logs

It's a popup notification from malwarebytes in the system tray. Often, I'm not even using the internet, though I am still connected. No blocks yesterday though.
- May 15, 2013
- 30 replies
Need help with constant IP-BLOCK & Process: svchost.exe

robinsons replied to robinsons's topic in Resolved Malware Removal Logs

OTL Extras logfile created on: 5/15/2013 10:33:49 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dave\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.95 Gb Total Physical Memory | 3.26 Gb Available Physical Memory | 40.99% Memory free 15.89 Gb Paging File | 12.03 Gb Available in Paging File | 75.73% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 111.69 Gb Total Space | 12.10 Gb Free Space | 10.83% Space Free | Partition Type: NTFS Drive E: | 1863.01 Gb Total Space | 1591.78 Gb Free Space | 85.44% Space Free | Partition Type: NTFS Drive F: | 931.51 Gb Total Space | 298.84 Gb Free Space | 32.08% Space Free | Partition Type: NTFS Drive G: | 465.76 Gb Total Space | 413.75 Gb Free Space | 88.83% Space Free | Partition Type: NTFS Drive H: | 2794.39 Gb Total Space | 2558.51 Gb Free Space | 91.56% Space Free | Partition Type: NTFS Computer Name: THOR | User Name: Dave | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-1138959340-716816467-326597263-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PeaZip] -- Reg Error: Value error. Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PeaZip] -- Reg Error: Value error. Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02A1A56B-AB5B-4E08-AEEE-C374614A6B7F}" = lport=2869 | protocol=6 | dir=in | name=upnp tcp 2869 | "{09DC42C4-3FD7-4DFF-A0FA-F72378B8734A}" = rport=138 | protocol=17 | dir=out | app=system | "{0A632F5D-CBC8-4DF2-AE43-44A63D8C3EA7}" = lport=3390 | protocol=6 | dir=in | app=system | "{0C5CDDBD-4C31-498A-B040-679E0BE5BDC2}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{12E7D7BD-706C-4A8A-A85F-9C262CC352F0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{18D4DFE3-692C-4151-A8AC-D6ED9EC34DC5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{1D99DB85-393F-4EEF-BCBD-BC6E2C802B59}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{1F3B0BE0-802F-4B72-88F2-24017D9C7C85}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{2005839C-B49F-4634-A104-F79987D66687}" = lport=139 | protocol=6 | dir=in | app=system | "{21B6E834-F0D3-447C-9AE5-E066A95EE652}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{2257E6BF-4D57-4E0E-91B6-FDCA654489E5}" = rport=445 | protocol=6 | dir=out | app=system | "{28B5F2B4-BC06-43CB-B89C-6E1D6BF2E2AB}" = lport=2869 | protocol=6 | dir=in | app=system | "{2CAD1088-83C1-4B79-B3CB-CEE46264D3C0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{30C54EC8-4F08-4EE4-8526-FCF1764B7E5D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{41BEB170-CA17-4D42-B2D7-948319C6AACD}" = lport=10244 | protocol=6 | dir=in | app=system | "{42B0AD12-38F3-4FB4-B5AC-01682FAA9AB2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{45D7D6DC-0F6B-46BC-ADF9-0AAAAAA1F1D1}" = lport=1900 | protocol=17 | dir=in | name=upnp udp 1900 | "{483093F5-B3FD-4918-BBBA-437D3D507E10}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{48BADACD-0261-4C13-9880-08B859CE8542}" = lport=2869 | protocol=6 | dir=in | app=system | "{4AE921FD-FB2F-4553-8044-8F2FB2CEAC41}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{4AFE9C25-BD29-4FB1-A813-4A74D0383245}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4FE60D41-3BFF-42C3-B11C-4944A496C390}" = lport=10243 | protocol=6 | dir=in | app=system | "{69A86C07-6DC8-4AA5-972F-9D75FDAEC93E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{6C8AAFC7-DE6E-4DAE-8B3B-DCDB4D492058}" = rport=10243 | protocol=6 | dir=out | app=system | "{6DC31D3B-2115-41B5-B715-5C4163843524}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{82AAB8EC-CB17-4B17-90BF-2A52F4ABDDDA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{87229D52-80B4-4403-8042-999580797F7F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{88F94122-E316-453F-A8C5-A1E28BBCADAC}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{89E632D0-66D3-47E1-BDD5-A10CB1F64655}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8C44E864-926C-4C2C-957D-EB6A951FFDE0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{8F1316BA-C4A3-4740-9CD2-EA87415A768A}" = lport=445 | protocol=6 | dir=in | app=system | "{9AED0C56-A095-4A9F-A952-CA07F4AA8D58}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{A289438A-8A5D-45F9-9DDF-67D021A99800}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A78BC6B9-5BED-4B79-8964-CAFB9A26B006}" = rport=139 | protocol=6 | dir=out | app=system | "{A8DD4262-5150-4734-BD90-F90C3DB8E20F}" = lport=138 | protocol=17 | dir=in | app=system | "{AB6106EC-36EE-4983-9E75-7DB6207BF271}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{AC0518DF-D132-4194-AF7D-59AB946E578F}" = lport=2869 | protocol=6 | dir=in | app=system | "{B0947118-B734-4EA5-B712-978AE8805568}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B313EAC2-B077-4E00-A194-C77A9F437E5E}" = lport=3390 | protocol=6 | dir=in | app=system | "{BF25F32F-966A-428E-9BD6-B53D3BF3AA9C}" = rport=137 | protocol=17 | dir=out | app=system | "{C229EC0F-7913-4507-A962-480B94F579C3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C22FC7E5-5B8D-4873-AFD6-65FBED050201}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C3DA7C04-628D-4365-9F0E-055936317E0F}" = lport=137 | protocol=17 | dir=in | app=system | "{C723DF72-C911-4184-A6C4-DAFE46F35FE4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D1FF667C-EC06-46B6-A413-2341D3B11AC5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{DADA84E1-A0D9-40C6-84DF-F02D1E28100F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{DDE05921-1E86-417D-82DC-DC49100F1D08}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{EADF6012-5318-4DD2-9877-CB1FC0F004F8}" = lport=10244 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{020B0F8D-2CC2-4F98-BC9F-46C6E9AD6B7D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{031F01BB-F176-4CEF-9807-E5E143550A02}" = protocol=17 | dir=in | app=g:\studio 16\programs\umi.exe | "{064D7A00-6A07-4E74-B007-5536A7BAB91C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{0BB3E6BD-64D0-4C2F-8BE0-84CD35429DB0}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{0F417270-5C9A-4901-9EDA-8724CA3805E0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{12F8F5C6-DEB7-441A-98AB-DB9563A02530}" = protocol=6 | dir=in | app=c:\users\dave\appdata\roaming\dropbox\bin\dropbox.exe | "{148D98BC-2794-47FA-A9DA-2FC65D9F7262}" = dir=in | app=c:\program files (x86)\azurewave\wondergate server\wondergateserver.exe | "{15826A45-DCED-4718-A803-658414375758}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{1EC978A2-0A9E-468A-A6EA-77C7A55D642B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{1EE2C279-F7CC-4AD1-9868-D9A6960CE424}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{2F7653C9-DFA1-4965-98F6-089B7AB5444D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{3CADE4D6-26B7-495E-B451-451D5A16F08D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{3E80D322-AF0B-468B-8751-451E4263127E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{41F3EECE-418F-4B7F-AAD7-43BAEBEDB33A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{45B9A9E4-4219-4F33-AC1F-C4A1E16F2C44}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe | "{48311B25-5974-4D6D-869E-93F20132E78B}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{4B6F9C8C-3543-477F-87D4-5D5C50C899E7}" = protocol=6 | dir=in | app=g:\studio 16\programs\ngstudio.exe | "{4BCC3C2A-2C6D-4F41-9353-B4FF9971E425}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{549C0082-2578-4628-AE66-9703E37E4988}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{55579E1C-5CC5-44F3-A89E-D32FF1DB182A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{58913A8B-723C-422E-8A5E-042CB0DF69D8}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{5B9B7A97-5E51-49A9-8504-2E8A4B06E1F5}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | "{5E8CD8CE-6BEE-4FCA-BD49-70AA161C0284}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{6C1B2E03-9CAC-4285-BA84-0C0A1980CFA1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{7582C827-A2A1-42E0-A641-B3BFD774F1C4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{782D99CB-02B4-4B92-B276-41479B4ABE3B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{7C5FEF20-BD54-4225-BEB7-242A73D27598}" = protocol=6 | dir=in | app=c:\program files (x86)\asus\ai suite ii\wi-fi go!\assisttools\wifi go! server.exe | "{7CF8A5DF-53C3-49D0-BA51-A5940A24930F}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe | "{7F21E45B-45C3-4683-A683-17F1774302FA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{81C8004D-1429-4976-97C3-A45F15A21E7F}" = protocol=6 | dir=in | app=g:\studio 16\programs\umi.exe | "{877D2B62-0D4D-46BC-A75F-3A7279B9758E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{87F257C8-BC03-4B35-A31C-F1A7FC65C77B}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{8A430BFF-70D4-4415-A0E0-6495E7E062DC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{8D259831-B915-476D-8318-4F6E5A20EB7B}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | "{95C9830A-580C-4651-A2F3-C11238B24D54}" = protocol=6 | dir=in | app=g:\studio 16\programs\rm.exe | "{A253BE52-6CA8-44B6-9F58-879CF5F78974}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A279CA37-A3B5-41D6-8CB5-070269A5CA7E}" = protocol=17 | dir=in | app=g:\studio 16\programs\ngstudio.exe | "{A538FEA2-3DA3-4366-8E2B-36FFA29D7252}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{AA4ECAC1-8F6F-4E0E-8757-FE3F94CEE2D0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{AB0E9E8C-A21A-4AA5-AB7B-1ACD507E3A65}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{AC0A65E9-3C21-4175-B000-93A3A074790E}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | "{C13B5336-4842-4180-A725-31555F5B4FCF}" = protocol=17 | dir=in | app=g:\studio 16\programs\rm.exe | "{C40942DA-D01F-4915-9CFB-8D4E527A612D}" = dir=in | app=f:\itunes\itunes.exe | "{C4CB34B4-2022-4FC1-9E7F-40BFE1EA9CF9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C5C7CAF2-39E9-4261-BAA4-A535FC1D576E}" = protocol=17 | dir=in | app=c:\program files (x86)\asus\ai suite ii\wi-fi go!\assisttools\wifi go! server.exe | "{CC743393-0F62-46B1-A447-ADBEB867E868}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{CE81FAA6-82BF-4025-B759-193D5297FD20}" = protocol=17 | dir=in | app=c:\program files (x86)\asus\ai suite ii\ai suite ii.exe | "{DBE4CBBE-D1D4-40D3-A30E-8FEFC728E953}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{DDD3F8A9-AF0E-45B6-8625-D43FF2F7822D}" = protocol=17 | dir=in | app=c:\users\dave\appdata\roaming\dropbox\bin\dropbox.exe | "{E1C4A626-5927-4B8C-BEC9-168E1E11FC93}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{E224F0D7-B776-4CCD-A058-4CB5471D0CB5}" = protocol=6 | dir=out | app=system | "{E5B0ECD9-8978-49DE-9859-A2B78817C7DB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{E5CE8916-8B7D-4A0E-AAF5-E4B95BD313FE}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{EAA71775-EED5-45DF-991D-AC492990632D}" = protocol=6 | dir=in | app=c:\program files (x86)\asus\ai suite ii\ai suite ii.exe | "{EC5E6BE5-3E8E-4509-8950-C81F043BC505}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | "{F615C644-9C23-4898-B9F6-E665565B667E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{FB1139E3-6435-401B-82E7-9D0EC2F97A73}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "TCP Query User{7F649BDF-406C-4C57-8843-78F13B540A54}C:\users\dave\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\dave\appdata\local\akamai\netsession_win.exe | "TCP Query User{ADDD64C4-9990-43EC-BC38-32AA172B19F9}F:\steam\steam.exe" = protocol=6 | dir=in | app=f:\steam\steam.exe | "TCP Query User{B522C477-0587-4AC3-B35B-C22E0CF72495}C:\program files (x86)\asus\ai suite ii\ai suite ii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\asus\ai suite ii\ai suite ii.exe | "TCP Query User{C5625765-B9B0-446C-B9F2-B0E0B0FACD56}C:\program files (x86)\fahclient\fahclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\fahclient\fahclient.exe | "TCP Query User{C6DEFAD5-5937-4B19-BACC-993C89CB287B}C:\program files (x86)\asus\ai suite ii\ai suite ii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\asus\ai suite ii\ai suite ii.exe | "TCP Query User{DDB097DD-A74E-4A45-A05B-1DFE474E1E40}C:\users\dave\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\dave\appdata\roaming\dropbox\bin\dropbox.exe | "TCP Query User{EBB41F91-FADC-4AE5-867B-150D9B450472}C:\users\dave\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\dave\appdata\local\akamai\netsession_win.exe | "TCP Query User{FD561527-5BD4-4B80-95B6-26915ACA3392}C:\program files (x86)\fahclient\fahclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\fahclient\fahclient.exe | "UDP Query User{06B1ED95-4868-4C4F-9602-5F7B3B5C7A8F}C:\users\dave\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\dave\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{09CFBDB3-D5E8-4C56-8FBD-0F46ECBEA984}C:\users\dave\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\dave\appdata\local\akamai\netsession_win.exe | "UDP Query User{18198862-3B93-4BFF-9AE6-4835FCB667E5}C:\program files (x86)\asus\ai suite ii\ai suite ii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\asus\ai suite ii\ai suite ii.exe | "UDP Query User{1B86CECC-E442-4551-8E5C-D9E617AF01F0}C:\program files (x86)\fahclient\fahclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\fahclient\fahclient.exe | "UDP Query User{5FAB9B92-CFEB-4288-967E-E498C16EE345}F:\steam\steam.exe" = protocol=17 | dir=in | app=f:\steam\steam.exe | "UDP Query User{78968493-26C4-4BE0-B678-0DAEEC5968D0}C:\users\dave\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\dave\appdata\local\akamai\netsession_win.exe | "UDP Query User{B2573207-E0D8-48A1-AE95-F051D3A14FCC}C:\program files (x86)\asus\ai suite ii\ai suite ii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\asus\ai suite ii\ai suite ii.exe | "UDP Query User{EDC01CD2-E1F7-4E01-9D0D-C4ADCA95A070}C:\program files (x86)\fahclient\fahclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\fahclient\fahclient.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.7 "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series" = Canon MP560 series MP Drivers "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64) "{26A24AE4-039D-4CA4-87B4-2F86417021FF}" = Java 7 Update 21 (64-bit) "{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support "{357A82F9-B5FF-46C8-ABA2-104695E0F1D1}" = Intel® Network Connections 16.6.126.0 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Driver "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{704C0303-D20C-45AF-BD2B-556EAF31BE09}" = iCloud "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010 "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 311.06 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 311.06 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 311.06 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 296.10 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "0B624A43DD66DBF5CF3EDFA9741A364E688062A4" = Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices (03/07/2012 ) "A31E9CB32B5F6116820FF017563D17C10F59FBF1" = Windows Driver Package - RACELOGIC (usbser) Ports (08/05/2010 6.7.0007.0000) "CCleaner" = CCleaner "CPUID CPU-Z_is1" = CPUID CPU-Z 1.59 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "NVIDIA Drivers" = NVIDIA Drivers "PROSetDX" = Intel® Network Connections 16.6.126.0 "sp6" = Logitech SetPoint 6.32 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{021C6667-63D3-4416-B537-865E77F4DF4F}" = avast! Ad Blocker "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}" = CyberLink InstantBurn "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel® USB 3.0 eXtensible Host Controller Driver "{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21 "{284BFDBC-DAC6-43EC-85A8-E1CEC0D3A114}" = Pinnacle Studio 16 "{34D3688E-A737-44C5-9E2A-FF73618728E1}" = AI Suite II "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg "{3FD0C489-0F02-481a-A3E1-9754CD396761}" = Intel® Watchdog Timer Driver (Intel® WDT) "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support "{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth "{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}" = 3DMark 11 "{491474B4-D683-4A85-BE61-8913B38735A3}" = Racelogic Drivers "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{548C7B77-8B04-427E-ACD0-D0E6E6E59BCF}" = Nostromo "{551D9481-9487-4D0C-9A1D-6BC3E7B6D991}_is1" = EXPERTool v8.1 "{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1" = PeaZip 4.3 "{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7 "{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}" = Asmedia ASM106x SATA Host Controller Driver "{6304587B-3C05-4031-A8E7-7938CB9162E7}_is1" = meta-iPod, the iTunes Cleaner 1.5 "{63CD0BBB-3F57-456A-8405-214E42616A0C}" = Performance Box "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components "{69513CCB-62F8-4343-A7C4-82DE89C9F88B}" = Circuit Tools "{6CF08AD2-00C5-4A63-B74B-2EFFFAFEBE1A}" = Microsoft Outlook Web Access S/MIME "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance "{7D916FA5-DAE9-4A25-B089-655C70EAF607}" = Qualcomm Atheros WiFi Driver Installation "{7FB64E72-9B0E-4460-A821-040C341E414A}" = ASUS Ai Charger "{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7 "{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 "{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 "{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{9653EA4B-D2D7-481D-A5C6-80816E1F75E8}" = WonderGate Server "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6) "{AC76BA86-7AD7-5760-0000-A00000000003}" = Japanese Fonts Support For Adobe Reader X "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime "{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6 "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo "{C7774A58-8B24-4E19-A92D-E887A8FD67A1}" = Castle Link "{D4E54C39-AC87-4C48-B6E0-A073F21E9B8A}" = Microsoft S/MIME "{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX "{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver "{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor "{F04B60DD-0B8E-47A9-B96A-E668E2E8F69E}" = DriftBox Tools "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1886CD7-9F73-417A-92E9-7E0AB0F0E099}" = Pinnacle Studio 16 - Install Manager "{F522E59E-7168-4B4A-885E-1030009BEE56}" = DBsign Web Signer "{F8649F6A-0C91-43C3-9C38-9937CEBA7DF7}" = CnW "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center "{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® OpenCL CPU Runtime "{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder "{FE73C47E-0FF8-47A6-A903-FFA827A4B43D}" = Disk Unlocker "1Password_is1" = 1Password 1.0.9.327 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Photoshop 7.0" = Adobe Photoshop 7.0 "avast" = avast! Free Antivirus "Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility "Canon_IJ_Network_UTILITY" = Canon IJ Network Tool "Clone2Go DVD to PSP Converter_is1" = Clone2Go DVD to PSP Converter 1.9.7 "dBpoweramp Music Converter" = dBpoweramp Music Converter "Digital Photo Professional" = Canon Utilities Digital Photo Professional "ESET Online Scanner" = ESET Online Scanner v3 "FAHClient" = FAHClient "Foxit Reader" = Foxit Reader "GoPro CineForm Studio" = GoPro CineForm Studio 1.3.2 "HDtracks Downloader" = HDtracks Downloader "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance "InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300 "Mozilla Firefox 20.0.1 (x86 en-US)" = Mozilla Firefox 20.0.1 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "OCCT" = OCCT 4.0.0 "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010 "Picasa 3" = Picasa 3 "Picture Style Editor" = Canon Utilities Picture Style Editor "Steam App 39800" = Nation Red "VLC media player" = VLC media player 2.0.6 "Xvid_is1" = Xvid 1.1.3 final uninstall "Zero Assumption Recovery_is1" = Zero Assumption Recovery Version 8.3 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1138959340-716816467-326597263-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Akamai" = Akamai NetSession Interface "Dropbox" = Dropbox ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1138959340-716816467-326597263-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Akamai" = Akamai NetSession Interface "Dropbox" = Dropbox ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 5/15/2013 4:38:45 AM | Computer Name = Thor | Source = Microsoft-Windows-LoadPerf | ID = 3011 Description = Unloading the performance counter strings for service MSDTC Bridge 4.0.0.0 (MSDTC Bridge 4.0.0.0) failed. The first DWORD in the Data section contains the error code. Error - 5/15/2013 4:44:48 AM | Computer Name = Thor | Source = WinMgmt | ID = 10 Description = Error - 5/15/2013 4:50:41 AM | Computer Name = Thor | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error - 5/15/2013 4:50:41 AM | Computer Name = Thor | Source = Microsoft-Windows-LoadPerf | ID = 3011 Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error - 5/15/2013 5:09:38 AM | Computer Name = Thor | Source = WinMgmt | ID = 10 Description = Error - 5/15/2013 5:15:30 AM | Computer Name = Thor | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error - 5/15/2013 5:15:30 AM | Computer Name = Thor | Source = Microsoft-Windows-LoadPerf | ID = 3011 Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error - 5/15/2013 5:27:36 AM | Computer Name = Thor | Source = Windows Search Service | ID = 7040 Description = Error - 5/15/2013 5:27:37 AM | Computer Name = Thor | Source = Windows Search Service | ID = 7042 Description = Error - 5/15/2013 8:38:22 AM | Computer Name = Thor | Source = VSS | ID = 8194 Description = [ Media Center Events ] Error - 5/9/2013 8:51:54 PM | Computer Name = Thor | Source = MCUpdate | ID = 0 Description = 9:51:54 AM - Error connecting to the internet. 9:51:54 AM - Unable to contact server.. Error - 5/9/2013 8:52:07 PM | Computer Name = Thor | Source = MCUpdate | ID = 0 Description = 9:51:59 AM - Error connecting to the internet. 9:51:59 AM - Unable to contact server.. Error - 5/14/2013 5:26:02 PM | Computer Name = Thor | Source = MCUpdate | ID = 0 Description = 6:26:02 AM - Error connecting to the internet. 6:26:02 AM - Unable to contact server.. Error - 5/14/2013 5:26:24 PM | Computer Name = Thor | Source = MCUpdate | ID = 0 Description = 6:26:07 AM - Error connecting to the internet. 6:26:07 AM - Unable to contact server.. Error - 5/14/2013 6:26:29 PM | Computer Name = Thor | Source = MCUpdate | ID = 0 Description = 7:26:29 AM - Error connecting to the internet. 7:26:29 AM - Unable to contact server.. Error - 5/14/2013 6:26:47 PM | Computer Name = Thor | Source = MCUpdate | ID = 0 Description = 7:26:34 AM - Error connecting to the internet. 7:26:34 AM - Unable to contact server.. Error - 5/14/2013 7:26:53 PM | Computer Name = Thor | Source = MCUpdate | ID = 0 Description = 8:26:53 AM - Error connecting to the internet. 8:26:53 AM - Unable to contact server.. Error - 5/14/2013 7:27:08 PM | Computer Name = Thor | Source = MCUpdate | ID = 0 Description = 8:26:58 AM - Error connecting to the internet. 8:26:58 AM - Unable to contact server.. Error - 5/14/2013 8:27:13 PM | Computer Name = Thor | Source = MCUpdate | ID = 0 Description = 9:27:13 AM - Error connecting to the internet. 9:27:13 AM - Unable to contact server.. Error - 5/14/2013 8:27:30 PM | Computer Name = Thor | Source = MCUpdate | ID = 0 Description = 9:27:18 AM - Error connecting to the internet. 9:27:18 AM - Unable to contact server.. [ System Events ] Error - 5/11/2013 9:33:56 PM | Computer Name = Thor | Source = Service Control Manager | ID = 7000 Description = The Sentinel64 service failed to start due to the following error: %%20 Error - 5/12/2013 7:24:02 PM | Computer Name = Thor | Source = Service Control Manager | ID = 7009 Description = A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect. Error - 5/12/2013 7:24:02 PM | Computer Name = Thor | Source = Service Control Manager | ID = 7000 Description = The Steam Client Service service failed to start due to the following error: %%1053 Error - 5/12/2013 7:43:04 PM | Computer Name = Thor | Source = Service Control Manager | ID = 7000 Description = The Sentinel64 service failed to start due to the following error: %%20 Error - 5/13/2013 6:15:03 PM | Computer Name = Thor | Source = Service Control Manager | ID = 7000 Description = The Sentinel64 service failed to start due to the following error: %%20 Error - 5/14/2013 6:59:11 PM | Computer Name = Thor | Source = volsnap | ID = 393252 Description = The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. Error - 5/15/2013 4:44:47 AM | Computer Name = Thor | Source = Service Control Manager | ID = 7000 Description = The Sentinel64 service failed to start due to the following error: %%20 Error - 5/15/2013 5:09:34 AM | Computer Name = Thor | Source = EventLog | ID = 6008 Description = The previous system shutdown at 6:05:45 PM on ?5/?15/?2013 was unexpected. Error - 5/15/2013 5:09:35 AM | Computer Name = Thor | Source = Service Control Manager | ID = 7000 Description = The Sentinel64 service failed to start due to the following error: %%20 Error - 5/15/2013 5:34:19 AM | Computer Name = Thor | Source = volsnap | ID = 393252 Description = The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. < End of report >
- May 15, 2013
- 30 replies
Need help with constant IP-BLOCK & Process: svchost.exe

robinsons replied to robinsons's topic in Resolved Malware Removal Logs

OTL logfile created on: 5/15/2013 10:33:49 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dave\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.95 Gb Total Physical Memory | 3.26 Gb Available Physical Memory | 40.99% Memory free 15.89 Gb Paging File | 12.03 Gb Available in Paging File | 75.73% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 111.69 Gb Total Space | 12.10 Gb Free Space | 10.83% Space Free | Partition Type: NTFS Drive E: | 1863.01 Gb Total Space | 1591.78 Gb Free Space | 85.44% Space Free | Partition Type: NTFS Drive F: | 931.51 Gb Total Space | 298.84 Gb Free Space | 32.08% Space Free | Partition Type: NTFS Drive G: | 465.76 Gb Total Space | 413.75 Gb Free Space | 88.83% Space Free | Partition Type: NTFS Drive H: | 2794.39 Gb Total Space | 2558.51 Gb Free Space | 91.56% Space Free | Partition Type: NTFS Computer Name: THOR | User Name: Dave | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/05/15 22:32:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dave\Desktop\OTL.exe PRC - [2013/05/09 17:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2013/05/09 17:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2013/04/02 14:21:54 | 002,220,784 | ---- | M] (AgileBits) -- C:\Program Files (x86)\1Password\Agile1pAgent.exe PRC - [2013/04/02 14:21:46 | 000,768,752 | ---- | M] (AgileBits) -- C:\Program Files (x86)\1Password\Agile1pService.exe PRC - [2013/03/12 16:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\Dave\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2013/02/26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2013/02/19 08:28:08 | 014,800,896 | ---- | M] () -- C:\Program Files (x86)\FAHClient\FAHClient.exe PRC - [2013/01/26 07:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Dave\AppData\Local\Akamai\netsession_win.exe PRC - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012/12/18 23:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/04/11 16:00:04 | 002,040,136 | ---- | M] (Gainward Co. Ltd.) -- C:\Program Files (x86)\EXPERTool\TBPanel.exe PRC - [2012/03/01 22:03:12 | 001,376,896 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFile\WiFileTransfer.exe PRC - [2012/03/01 22:03:10 | 003,979,904 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFi GO! Server.exe PRC - [2012/03/01 20:12:40 | 000,658,048 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AsDLNAServerReal.exe PRC - [2012/02/29 06:02:52 | 001,154,176 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe PRC - [2012/02/22 14:59:18 | 001,493,120 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.25\AsusFanControlService.exe PRC - [2012/02/17 15:26:00 | 000,149,120 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe PRC - [2012/02/08 03:10:34 | 001,111,680 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe PRC - [2012/02/07 17:53:32 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe PRC - [2012/02/02 18:56:36 | 000,951,936 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe PRC - [2012/01/10 09:39:40 | 001,501,824 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe PRC - [2012/01/05 04:59:50 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2012/01/03 22:13:24 | 001,256,576 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe PRC - [2011/11/29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011/11/29 20:04:54 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe PRC - [2011/10/31 09:57:48 | 000,465,536 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe PRC - [2011/10/29 09:59:26 | 000,918,448 | ---- | M] () -- C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe PRC - [2011/09/08 21:29:12 | 001,112,704 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe PRC - [2011/05/27 11:07:36 | 000,160,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe PRC - [2010/11/26 21:50:04 | 002,931,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe PRC - [2010/11/25 16:12:56 | 000,252,544 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe PRC - [2010/08/23 09:11:28 | 000,206,240 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe PRC - [2010/05/10 11:04:16 | 000,465,536 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe PRC - [2009/07/09 16:10:24 | 000,681,256 | ---- | M] (CyberLink Corporation.) -- C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe PRC - [2009/06/03 20:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe ========== Modules (No Company Name) ========== MOD - [2013/05/15 17:38:39 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll MOD - [2013/05/15 17:38:28 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll MOD - [2013/05/15 17:38:26 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll MOD - [2013/02/19 08:28:08 | 014,800,896 | ---- | M] () -- C:\Program Files (x86)\FAHClient\FAHClient.exe MOD - [2013/02/16 14:13:05 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll MOD - [2013/01/14 21:54:22 | 000,487,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\7ffdaee3a54ffd1a5e3b008a5bde5ecf\IAStorUtil.ni.dll MOD - [2013/01/14 21:54:22 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\389a1832a3da11e1b409cd6ae60cb9fa\IAStorCommon.ni.dll MOD - [2013/01/14 20:24:13 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013/01/14 20:23:56 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013/01/14 20:23:46 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1a66b44c4780c039576eaf18f4cd8dc\System.Xml.ni.dll MOD - [2013/01/14 20:23:43 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013/01/14 20:23:40 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2012/11/21 12:20:16 | 000,376,832 | ---- | M] () -- C:\Program Files (x86)\1Password\js3215R.dll MOD - [2012/03/01 20:32:00 | 001,498,624 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\WiFiGO.dll MOD - [2012/02/24 18:57:56 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\MirrorOpSender.dll MOD - [2012/02/22 10:53:58 | 000,184,320 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\DLCapPP.dll MOD - [2012/02/15 10:25:02 | 000,712,704 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiMoveHelp.dll MOD - [2012/02/13 09:53:06 | 000,883,712 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll MOD - [2012/02/10 11:29:44 | 001,047,040 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll MOD - [2012/02/09 17:09:38 | 001,118,208 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\Network iControl.dll MOD - [2012/02/06 21:08:30 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFile\pngio.dll MOD - [2012/01/19 09:39:30 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\USB BIOS Flashback\PEInfo.dll MOD - [2012/01/18 22:39:26 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\IsSupported.dll MOD - [2012/01/12 16:44:02 | 000,475,136 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFiGO_HookKey.dll MOD - [2011/12/29 20:45:12 | 001,296,384 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll MOD - [2011/12/29 02:13:20 | 000,043,520 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll MOD - [2011/12/04 01:28:36 | 000,655,360 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\PhoneCtrlAPI.dll MOD - [2011/10/14 20:03:22 | 000,885,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/09/26 19:36:24 | 000,869,376 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\AI Charger+\AIChargerPlus.dll MOD - [2011/09/26 18:37:26 | 001,616,384 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll MOD - [2011/09/20 18:11:28 | 000,985,600 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll MOD - [2011/09/19 20:18:20 | 001,243,136 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll MOD - [2011/09/07 23:23:54 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll MOD - [2011/08/16 19:31:36 | 000,229,376 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\AudioProjection.dll MOD - [2011/08/09 14:52:50 | 000,425,984 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\awiscale.dll MOD - [2011/07/21 09:06:44 | 000,846,848 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll MOD - [2011/07/12 19:14:52 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll MOD - [2010/12/14 17:46:32 | 000,067,584 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\CoreAudioCap.dll MOD - [2010/10/05 08:22:50 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll MOD - [2010/10/05 08:22:50 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll MOD - [2010/09/23 11:51:36 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\USB BIOS Flashback\AsIdxParser.dll MOD - [2010/08/23 11:17:40 | 000,662,016 | R--- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMLib.dll MOD - [2010/02/25 14:01:30 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\USB BIOS Flashback\AsZip.dll MOD - [2009/08/12 20:15:52 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\pngio.dll MOD - [2009/06/03 20:59:14 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009/06/03 20:59:02 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2008/09/12 12:06:04 | 007,775,528 | ---- | M] () -- C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\Res.dll ========== Services (SafeList) ========== SRV:64bit: - [2013/05/09 17:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV:64bit: - [2012/01/23 23:30:22 | 000,233,328 | ---- | M] (DTS, Inc) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe -- (DTSAudioSvc) SRV:64bit: - [2011/09/28 04:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV:64bit: - [2011/08/15 17:38:50 | 000,178,344 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel® SRV:64bit: - [2009/07/14 10:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/07/14 10:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013/05/15 18:41:05 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/05/04 08:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013/04/13 22:45:53 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2013/04/02 14:21:46 | 000,768,752 | ---- | M] (AgileBits) [Auto | Running] -- C:\Program Files (x86)\1Password\Agile1pService.exe -- (Agile1Password) SRV - [2013/02/26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012/12/18 23:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/10/10 02:22:26 | 000,277,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012/04/26 15:03:36 | 000,135,584 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service) SRV - [2012/02/22 14:59:18 | 001,493,120 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.25\AsusFanControlService.exe -- (AsusFanControlService) SRV - [2012/02/17 15:26:00 | 000,149,120 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe -- (AsSysCtrlService) SRV - [2012/02/07 17:53:32 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012/02/02 18:56:36 | 000,951,936 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe -- (asHmComSvc) SRV - [2011/11/29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2011/10/29 09:59:26 | 000,918,448 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe -- (asComSvc) SRV - [2011/09/19 16:59:40 | 000,278,336 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService) SRV - [2011/08/07 21:40:00 | 003,804,120 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc) SRV - [2011/05/27 11:07:36 | 000,160,768 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe -- (ICCS) SRV - [2011/03/13 10:58:30 | 000,074,912 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc) SRV - [2010/12/02 11:34:52 | 000,258,688 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\Disk Unlocker\ASPFSVS64.exe -- (ASDiskUnlocker) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/11 06:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2005/02/09 12:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Auto | Stopped] -- C:\Windows\SysWOW64\drivers\Pclepci.sys -- (PCLEPCI) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013/05/09 17:59:07 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2013/05/09 17:59:07 | 000,378,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2013/05/09 17:59:07 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm) DRV:64bit: - [2013/05/09 17:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2013/05/09 17:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt) DRV:64bit: - [2013/05/09 17:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2013/05/09 17:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2013/05/09 17:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2013/03/28 12:12:04 | 001,605,760 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw89.sys -- (hcw89) DRV:64bit: - [2013/02/18 09:22:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012/10/10 02:22:28 | 005,343,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012/08/23 23:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012/08/23 23:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012/08/23 23:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012/08/06 16:02:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2012/03/01 15:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/01/06 10:44:12 | 000,049,760 | ---- | M] (Asmedia Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\asahci64.sys -- (asahci64) DRV:64bit: - [2012/01/05 04:58:50 | 000,786,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012/01/05 04:58:50 | 000,355,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012/01/05 04:58:50 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2011/12/29 08:57:26 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss) DRV:64bit: - [2011/12/06 04:23:08 | 000,331,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2011/11/29 19:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011/11/03 11:10:42 | 000,395,752 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci) DRV:64bit: - [2011/11/03 11:10:42 | 000,130,536 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3) DRV:64bit: - [2011/10/27 15:34:32 | 002,791,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011/09/02 15:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2011/09/02 15:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2011/08/12 19:13:36 | 000,032,360 | R--- | M] (NT Kernel Resources) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ndisrd.sys -- (ndisrd) DRV:64bit: - [2011/08/02 17:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl) DRV:64bit: - [2011/07/20 10:37:56 | 000,342,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) DRV:64bit: - [2011/03/13 10:58:44 | 000,280,224 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:64bit: - [2011/03/13 10:58:44 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:64bit: - [2011/03/13 10:58:44 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP) DRV:64bit: - [2011/03/13 10:58:44 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV:64bit: - [2011/03/13 10:58:42 | 000,298,656 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:64bit: - [2011/03/13 10:58:42 | 000,051,872 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU) DRV:64bit: - [2011/03/13 10:58:42 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort) DRV:64bit: - [2011/03/13 10:58:42 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS) DRV:64bit: - [2011/03/11 15:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 15:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/21 12:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010/11/21 12:23:48 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2010/11/21 12:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/11 01:11:52 | 000,141,384 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdserd.sys -- (sscdserd) DRV:64bit: - [2010/11/11 01:11:50 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm) DRV:64bit: - [2010/11/11 01:11:50 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) DRV:64bit: - [2010/11/11 01:11:50 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl) DRV:64bit: - [2010/09/21 11:29:36 | 000,043,136 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\VDiskBus64.sys -- (VDiskBus) DRV:64bit: - [2010/08/18 02:28:32 | 000,026,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ICCWDT.sys -- (ICCWDT) DRV:64bit: - [2010/08/10 18:29:15 | 000,120,920 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV:64bit: - [2010/05/05 16:38:26 | 000,014,592 | ---- | M] (ASUSTek Computer Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AiCharger.sys -- (AiCharger) DRV:64bit: - [2009/09/17 07:05:02 | 000,145,448 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\sentinel64.sys -- (Sentinel64) DRV:64bit: - [2009/09/15 13:59:30 | 000,042,088 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvoclk64.sys -- (nvoclk64) DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009/07/14 10:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 10:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 10:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/07 21:04:08 | 000,024,560 | ---- | M] (Cyberlink Co.,Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CLBStor.sys -- (CLBStor) DRV:64bit: - [2009/07/07 21:04:06 | 000,372,720 | ---- | M] (CyberLink Corporation.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\CLBUDF.sys -- (CLBUDF) DRV:64bit: - [2009/06/11 05:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/11 05:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/11 05:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/11 05:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2007/08/14 10:36:58 | 000,035,328 | ---- | M] (Belkin Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcgame.sys -- (bcgame) DRV:64bit: - [2005/09/23 22:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus) DRV - [2010/10/20 20:05:18 | 000,014,592 | ---- | M] (ASUSTek Computer Inc.) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\AiCharger.sys -- (AiCharger) DRV - [2010/09/16 20:56:06 | 000,016,512 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\ASUS\Disk Unlocker\ASFLTDrv64.sys -- (ASFLTDrv.sys) DRV - [2009/07/14 10:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2005/01/02 03:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1138959340-716816467-326597263-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://acsc.blackboard.com/webapps/login/ IE - HKU\S-1-5-21-1138959340-716816467-326597263-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKU\S-1-5-21-1138959340-716816467-326597263-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BB D2 92 6D EF 3B CD 01 [binary data] IE - HKU\S-1-5-21-1138959340-716816467-326597263-1000\..\SearchScopes,DefaultScope = {966A047C-5387-4F5F-BBA7-7104B9B61A4D} IE - HKU\S-1-5-21-1138959340-716816467-326597263-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1138959340-716816467-326597263-1000\..\SearchScopes\{966A047C-5387-4F5F-BBA7-7104B9B61A4D}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKU\S-1-5-21-1138959340-716816467-326597263-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1138959340-716816467-326597263-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local> IE - HKU\S-1-5-21-1138959340-716816467-326597263-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.my.af.mil/gcss-af/USAF/ep/globalTab.do?channelPageId=s6925EC1356510FB5E044080020E329A9 IE - HKU\S-1-5-21-1138959340-716816467-326597263-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1138959340-716816467-326597263-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKU\S-1-5-21-1138959340-716816467-326597263-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BB D2 92 6D EF 3B CD 01 [binary data] IE - HKU\S-1-5-21-1138959340-716816467-326597263-1012\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1138959340-716816467-326597263-1012\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1138959340-716816467-326597263-1012\..\SearchScopes\{966A047C-5387-4F5F-BBA7-7104B9B61A4D}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKU\S-1-5-21-1138959340-716816467-326597263-1012\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1138959340-716816467-326597263-1012\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local> ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..extensions.enabledAddons: %7Be968fc70-8f95-4ab9-9e79-304de2a71ee1%7D:0.7.3 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: ietab@ip.cn:1.98.20110322 FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.7 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: forcetls@sid.stamm:3.0.0 FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.608 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: F:\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/05/14 07:12:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/13 22:45:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/09 21:24:29 | 000,000,000 | ---D | M] [2011/11/21 21:54:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dave\AppData\Roaming\Mozilla\Extensions [2013/05/09 16:52:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\t63g7kua.default\extensions [2013/04/16 15:54:03 | 001,553,209 | ---- | M] () (No name found) -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\t63g7kua.default\extensions\onepassword@agilebits.com.xpi [2013/05/09 16:52:36 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\t63g7kua.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012/10/21 16:55:46 | 000,042,336 | ---- | M] () (No name found) -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\t63g7kua.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2013/02/23 15:17:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/10/22 19:32:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012/10/22 19:32:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012/11/02 20:33:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013/04/13 22:45:53 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011/11/23 18:20:16 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll [2012/09/07 21:00:14 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013/02/21 18:56:41 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2013/05/10 04:50:46 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2:64bit: - BHO: (avast! Ad Blocker) - {FFCB3198-32F3-4E8B-9539-4324694ED663} - C:\Program Files (x86)\AVAST Software\avast! Ad Blocker IE\Adblocker64.dll (AVAST Software) O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found. O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (1Password) - {CB1A24DA-7416-4921-A0CF-5AA1160AAE2A} - C:\Program Files (x86)\1Password\Agile1pIE.dll (AgileBits) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (avast! Ad Blocker) - {FFCB3198-32F3-4E8B-9539-4324694ED663} - C:\Program Files (x86)\AVAST Software\avast! Ad Blocker IE\Adblocker32.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKU\S-1-5-21-1138959340-716816467-326597263-1012\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg_DTS] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Agile1pAgent] C:\Program Files (x86)\1Password\Agile1pAgent.exe (AgileBits) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [ASUS ShellProcess Execute] C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [ASUS WiFi GO! FileTransfer Execute] C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFile\WiFileTransfer.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [iJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.) O4 - HKLM..\Run: [instantBurn] C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe (CyberLink Corporation.) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [spybotSnD] C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited) O4 - HKLM..\Run: [updateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [uSB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKU\S-1-5-21-1138959340-716816467-326597263-1000..\Run: [Akamai NetSession Interface] C:\Users\Dave\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKU\S-1-5-21-1138959340-716816467-326597263-1000..\Run: [TBPanel] C:\Program Files (x86)\EXPERTool\TBPanel.exe (Gainward Co. Ltd.) O4 - HKU\S-1-5-21-1138959340-716816467-326597263-1012..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found O4 - HKU\S-1-5-21-1138959340-716816467-326597263-1012..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1138959340-716816467-326597263-1012..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-21-1138959340-716816467-326597263-1012..\Run: [TBPanel] C:\Program Files (x86)\EXPERTool\TBPanel.exe (Gainward Co. Ltd.) O4 - HKU\S-1-5-21-1138959340-716816467-326597263-1012..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Dave\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1138959340-716816467-326597263-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1138959340-716816467-326597263-1012\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found O9 - Extra Button: 1Password - {00FAC6C9-C494-4AD8-B3C0-DE677AFDDBD8} - C:\Program Files (x86)\1Password\Agile1pIE.dll (AgileBits) O9 - Extra 'Tools' menuitem : 1Password Ctrl+\ - {00FAC6C9-C494-4AD8-B3C0-DE677AFDDBD8} - C:\Program Files (x86)\1Password\Agile1pIE.dll (AgileBits) O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{84CEE7B0-FFA9-4522-BDCD-EED95C22DDB9}: DhcpNameServer = 111.87.221.145 111.87.221.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC9273AD-01FF-40B7-9E87-FBF50B0F36B8}: DhcpNameServer = 192.168.0.20 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F3B12DFE-FF59-4668-BCE2-7F803D3F0D50}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\x-excid - No CLSID value found O18:64bit: - Protocol\Handler\x-owacid2 - No CLSID value found O18 - Protocol\Handler\x-excid {9D6CC632-1337-4a33-9214-2DA092E776F4} - C:\Windows\Downloaded Program Files\mimectl.dll (Microsoft Corporation) O18 - Protocol\Handler\x-owacid2 {5B290518-830E-4C57-A66B-E4F748900C27} - C:\Program Files (x86)\Microsoft\SMIME Client (2010)\mimectl.dll (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found O20 - Winlogon\Notify\LBTWlgn: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found O20 - Winlogon\Notify\ScCertProp: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011/12/11 21:33:06 | 000,000,107 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/05/15 22:32:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dave\Desktop\OTL.exe [2013/05/14 20:45:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2013/05/14 07:09:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVAST Software [2013/05/13 08:35:25 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2013/05/11 23:53:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013/05/11 23:53:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013/05/11 23:51:43 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013/05/11 08:35:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2013/05/10 19:37:59 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FAHClient [2013/05/10 04:50:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/05/10 04:48:56 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013/05/10 04:44:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013/05/10 04:44:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013/05/10 04:44:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013/05/10 04:44:47 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/05/10 04:44:42 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013/05/09 20:27:28 | 005,067,786 | R--- | C] (Swearware) -- C:\Users\Dave\Desktop\ComboFix.exe [2013/05/09 19:28:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013/05/09 07:43:51 | 000,000,000 | ---D | C] -- C:\Users\Dave\Desktop\RK_Quarantine [2013/05/09 07:32:34 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013/05/09 07:32:17 | 000,000,000 | ---D | C] -- C:\JRT [2013/05/09 07:23:41 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Dave\Desktop\JRT.exe [2013/05/08 21:54:06 | 000,000,000 | ---D | C] -- C:\Users\Dave\Desktop\rkill [2013/05/08 20:54:57 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Dave\Desktop\dds.scr [2013/05/02 20:40:46 | 000,000,000 | ---D | C] -- C:\Windows\pss [2013/04/22 10:15:02 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\Canon_Inc_IC [2013/04/22 10:10:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Canon [2013/04/21 19:07:29 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\CANON_INC [2013/04/21 18:29:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Canon_Inc_IC [2013/04/21 18:29:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities [2013/04/21 18:29:35 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\canon [2013/04/21 18:29:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Canon_Inc_IC ========== Files - Modified Within 30 Days ========== [2013/05/15 22:32:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dave\Desktop\OTL.exe [2013/05/15 22:11:02 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/05/15 21:39:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/05/15 18:29:52 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2013/05/15 18:16:53 | 000,000,000 | ---- | M] () -- C:\Windows\Path.idx [2013/05/15 18:16:42 | 000,020,480 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/05/15 18:16:42 | 000,020,480 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/05/15 18:15:33 | 003,131,248 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/05/15 18:15:33 | 000,957,346 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/05/15 18:15:33 | 000,006,410 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/05/15 18:11:50 | 001,048,576 | ---- | M] () -- C:\Windows\PE_Rom.dll [2013/05/15 18:11:27 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/05/15 18:09:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/05/15 18:09:16 | 2104,754,175 | -HS- | M] () -- C:\hiberfil.sys [2013/05/15 17:44:46 | 000,487,584 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/05/15 17:36:09 | 000,604,767 | ---- | M] () -- C:\Users\Dave\Desktop\kaspersky.csv [2013/05/10 20:26:43 | 000,000,285 | ---- | M] () -- C:\Users\Dave\AppData\Roaming\GPU MeterV2_Settings.ini [2013/05/10 19:37:59 | 000,002,061 | ---- | M] () -- C:\Users\Dave\Desktop\Folding@home.lnk [2013/05/10 04:50:46 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013/05/09 20:28:35 | 005,067,786 | R--- | M] (Swearware) -- C:\Users\Dave\Desktop\ComboFix.exe [2013/05/09 19:28:10 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013/05/09 17:59:07 | 001,025,808 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2013/05/09 17:59:07 | 000,378,432 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2013/05/09 17:59:07 | 000,189,936 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys [2013/05/09 17:59:07 | 000,072,016 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys [2013/05/09 17:59:07 | 000,065,336 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys [2013/05/09 17:59:07 | 000,064,288 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2013/05/09 17:59:06 | 000,080,816 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2013/05/09 17:59:06 | 000,033,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2013/05/09 17:58:37 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2013/05/09 17:58:11 | 000,287,840 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2013/05/09 07:24:48 | 000,791,040 | ---- | M] () -- C:\Users\Dave\Desktop\RogueKillerX64.exe [2013/05/09 07:24:12 | 000,628,743 | ---- | M] () -- C:\Users\Dave\Desktop\adwcleaner.exe [2013/05/09 07:23:44 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Dave\Desktop\JRT.exe [2013/05/08 20:55:07 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Dave\Desktop\dds.scr [2013/05/02 20:06:02 | 003,666,639 | ---- | M] () -- C:\Users\Dave\Desktop\Manual of DEVO-7.pdf [2013/04/22 10:10:30 | 000,001,132 | ---- | M] () -- C:\Users\Public\Desktop\Digital Photo Professional.lnk [2013/04/21 18:29:52 | 000,001,197 | ---- | M] () -- C:\Users\Public\Desktop\Picture Style Editor.lnk ========== Files Created - No Company Name ========== [2013/05/15 08:44:43 | 000,604,767 | ---- | C] () -- C:\Users\Dave\Desktop\kaspersky.csv [2013/05/10 19:37:59 | 000,002,061 | ---- | C] () -- C:\Users\Dave\Desktop\Folding@home.lnk [2013/05/10 04:44:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013/05/10 04:44:51 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013/05/10 04:44:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013/05/10 04:44:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013/05/10 04:44:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013/05/09 19:28:10 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013/05/09 07:24:46 | 000,791,040 | ---- | C] () -- C:\Users\Dave\Desktop\RogueKillerX64.exe [2013/05/09 07:24:08 | 000,628,743 | ---- | C] () -- C:\Users\Dave\Desktop\adwcleaner.exe [2013/05/02 20:06:01 | 003,666,639 | ---- | C] () -- C:\Users\Dave\Desktop\Manual of DEVO-7.pdf [2013/04/22 10:10:30 | 000,001,132 | ---- | C] () -- C:\Users\Public\Desktop\Digital Photo Professional.lnk [2013/04/21 18:29:52 | 000,001,197 | ---- | C] () -- C:\Users\Public\Desktop\Picture Style Editor.lnk [2013/02/06 18:33:00 | 000,006,007 | ---- | C] () -- C:\Windows\HCWPNP.INI [2013/01/27 20:51:26 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2013/01/10 15:35:11 | 000,000,076 | ---- | C] () -- C:\Windows\SysWow64\dtirc.dll [2013/01/07 18:22:45 | 000,000,806 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\Drives Meter_Settings.ini [2012/12/09 15:06:38 | 007,261,256 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe [2012/12/09 15:06:38 | 000,018,041 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat [2012/11/11 15:43:06 | 000,000,546 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\All CPU MeterV3_Settings.ini [2012/10/11 19:46:49 | 000,000,532 | ---- | C] () -- C:\Users\Dave\AppData\Local\CastleLinkProps.dat [2012/10/10 02:22:34 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012/10/10 02:22:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin [2012/10/10 02:22:20 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin [2012/09/10 21:44:48 | 000,006,204 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/07/30 08:11:16 | 000,000,285 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\GPU MeterV2_Settings.ini [2012/06/27 07:37:40 | 000,000,244 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\GPU Meter_Settings.ini [2012/06/10 09:05:07 | 000,765,952 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2012/06/10 09:05:07 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2012/05/15 07:51:49 | 000,000,017 | ---- | C] () -- C:\Users\Dave\AppData\Local\resmon.resmoncfg [2012/03/19 23:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2012/03/19 23:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012/03/19 23:31:16 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2012/02/15 07:42:50 | 000,006,144 | ---- | C] () -- C:\Users\Dave\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/02/14 22:25:10 | 000,000,877 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\Network Meter_Settings.ini [2012/02/11 02:53:41 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat [2012/01/25 21:11:38 | 000,000,247 | ---- | C] () -- C:\Users\Dave\.octave_hist [2011/11/26 21:28:48 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\NTIDIB4.dll [2011/11/21 19:58:51 | 000,000,412 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\All CPU Meter_Settings.ini [2011/11/21 13:46:56 | 004,715,184 | ---- | C] () -- C:\Windows\PE_File.dll [2011/11/20 20:08:08 | 001,048,576 | ---- | C] () -- C:\Windows\PE_Rom.dll [2011/11/20 19:09:16 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2011/11/20 19:09:11 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2011/11/20 18:56:49 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2011/11/20 18:56:43 | 000,045,290 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2011/08/11 11:06:32 | 000,007,282 | ---- | C] () -- C:\Windows\cadx2.ini ========== ZeroAccess Check ========== [2009/07/14 13:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 14:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 13:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 10:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 12:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 10:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012/02/24 18:05:26 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Agile Web Solutions [2012/04/03 17:02:39 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Arduino [2011/11/23 18:19:33 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Belkin [2013/04/22 10:11:21 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\canon [2013/04/22 10:15:02 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Canon_Inc_IC [2012/10/11 19:46:10 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Castle Creations [2012/03/13 23:33:39 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Clone2Go DVD to PSP Converter [2013/05/13 08:35:25 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012/03/09 10:35:55 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Delcam [2013/05/15 18:11:27 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Dropbox [2013/05/15 22:30:31 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\FAHClient [2011/12/18 07:11:09 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\FahMon [2012/04/28 15:16:40 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Folding@home-gpu [2011/11/24 23:10:50 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Folding@home-x86 [2011/11/25 08:37:44 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Foxit Software [2013/02/16 22:30:41 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\GoPro [2013/01/18 08:03:20 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\HDtracks Downloader [2013/01/10 15:34:56 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\J River [2012/07/28 20:28:45 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Leadertech [2012/02/13 07:30:19 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\MPEG Streamclip [2012/01/12 20:41:42 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Origin [2013/05/15 21:37:41 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\PeaZip [2012/03/09 10:34:14 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\PowerSHAPE [2011/11/23 19:13:18 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Sammsoft [2012/01/16 20:44:48 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Ubisoft [2012/04/02 21:20:46 | 000,000,000 | ---D | M] -- C:\Users\Rae\AppData\Roaming\Belkin ========== Purity Check ========== ========== Files - Unicode (All) ========== [2012/04/19 23:09:13 | 000,000,000 | ---D | M](C:\Windows\SysWow64\???h??) -- C:\Windows\SysWow64\ɬⶕh硎癸 [2012/04/19 23:09:13 | 000,000,000 | ---D | C](C:\Windows\SysWow64\???h??) -- C:\Windows\SysWow64\ɬⶕh硎癸 ========== Alternate Data Streams ========== @Alternate Data Stream - 173 bytes -> C:\ProgramData\Temp:B2304460 @Alternate Data Stream - 163 bytes -> C:\ProgramData\Temp:C895616B @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:054203E4 < End of report >
- May 15, 2013
- 30 replies
Need help with constant IP-BLOCK & Process: svchost.exe

robinsons replied to robinsons's topic in Resolved Malware Removal Logs

The file was more than 1 million lines, but no threats were found, though some files were not able to be scanned for the following reasons: Processing error File password protected Packed:WiseSFXDropper Packed:UPX Packed:Swf2Swc Packed:Py2Exe Packed:PkLite Packed:PecBundle Packed:PE_Patch.PECompact Packed:PE_Patch.luba Packed:PE_Patch Packed:PECompact Packed: PE-Crypt.BSP Packed: NeoLite Packed: Molebox Packed: MPRESS Packed: MIME.Broken Packed: JSPack Packed: InstallShield Packed: Html2Rtf Packed: Execryptor Packed: ExePack Packed: Exe2Com Packed: EOT Packed: Com2Exe Packed: Com100 Packed: Cexe Packed: Armadillo Packed: ASProtect Packed: ASPack
- May 15, 2013
- 30 replies
Need help with constant IP-BLOCK & Process: svchost.exe

robinsons replied to robinsons's topic in Resolved Malware Removal Logs

Avast is up-to-date, no viruses found. Had six sets of different IPs blocked today.
- May 14, 2013
- 30 replies
Need help with constant IP-BLOCK & Process: svchost.exe

robinsons replied to robinsons's topic in Resolved Malware Removal Logs

I've uninstalled some programs I don't use anymore. Avast also found a threat in a backup file that was moved to the virus chest. Here is my MWBT protection log from yesterday. 2013/05/12 00:02:36 +0900 THOR (null) MESSAGE Starting protection 2013/05/12 00:02:36 +0900 THOR (null) MESSAGE Protection started successfully 2013/05/12 00:02:36 +0900 THOR (null) MESSAGE Starting IP protection 2013/05/12 00:02:38 +0900 THOR (null) MESSAGE IP Protection started successfully 2013/05/12 00:13:33 +0900 THOR Dave IP-BLOCK 219.146.87.134 (Type: outgoing, Port: 56800, Process: svchost.exe) 2013/05/12 00:13:33 +0900 THOR Dave IP-BLOCK 219.146.87.134 (Type: incoming, Port: 56800, Process: svchost.exe) 2013/05/12 00:13:33 +0900 THOR Dave IP-BLOCK 219.146.87.134 (Type: outgoing, Port: 56800, Process: svchost.exe) 2013/05/12 00:13:41 +0900 THOR Dave IP-BLOCK 219.146.87.134 (Type: outgoing, Port: 56800, Process: svchost.exe) 2013/05/12 00:13:41 +0900 THOR Dave IP-BLOCK 219.146.87.134 (Type: outgoing, Port: 56800, Process: svchost.exe) 2013/05/12 00:13:41 +0900 THOR Dave IP-BLOCK 219.146.87.134 (Type: incoming, Port: 56800, Process: svchost.exe) 2013/05/12 00:13:41 +0900 THOR Dave IP-BLOCK 219.146.87.134 (Type: outgoing, Port: 56800, Process: svchost.exe) 2013/05/12 00:13:41 +0900 THOR Dave IP-BLOCK 219.146.87.134 (Type: incoming, Port: 56800, Process: svchost.exe) 2013/05/12 00:13:49 +0900 THOR Dave IP-BLOCK 219.146.87.134 (Type: outgoing, Port: 56800, Process: svchost.exe) 2013/05/12 00:13:49 +0900 THOR Dave IP-BLOCK 219.146.87.134 (Type: incoming, Port: 56800, Process: svchost.exe) 2013/05/12 08:22:28 +0900 THOR Dave MESSAGE Executing scheduled update: Daily 2013/05/12 08:22:44 +0900 THOR Dave MESSAGE Scheduled update executed successfully: database updated from version v2013.05.10.10 to version v2013.05.11.07 2013/05/12 08:22:44 +0900 THOR Dave MESSAGE Starting database refresh 2013/05/12 08:22:44 +0900 THOR Dave MESSAGE Stopping IP protection 2013/05/12 08:22:44 +0900 THOR Dave MESSAGE IP Protection stopped successfully 2013/05/12 08:22:47 +0900 THOR Dave MESSAGE Database refreshed successfully 2013/05/12 08:22:47 +0900 THOR Dave MESSAGE Starting IP protection 2013/05/12 08:22:48 +0900 THOR Dave MESSAGE IP Protection started successfully 2013/05/12 10:33:59 +0900 THOR (null) MESSAGE Starting protection 2013/05/12 10:33:59 +0900 THOR (null) MESSAGE Protection started successfully 2013/05/12 10:33:59 +0900 THOR (null) MESSAGE Starting IP protection 2013/05/12 10:34:00 +0900 THOR (null) MESSAGE IP Protection started successfully 2013/05/12 20:38:39 +0900 THOR Dave IP-BLOCK 222.69.8.19 (Type: outgoing, Port: 51682, Process: svchost.exe) 2013/05/12 20:38:47 +0900 THOR Dave IP-BLOCK 222.69.8.19 (Type: incoming, Port: 51682, Process: svchost.exe) 2013/05/12 20:38:47 +0900 THOR Dave IP-BLOCK 222.69.8.19 (Type: incoming, Port: 51682, Process: svchost.exe) 2013/05/12 20:38:47 +0900 THOR Dave IP-BLOCK 222.69.8.19 (Type: outgoing, Port: 51682, Process: svchost.exe) 2013/05/12 20:38:47 +0900 THOR Dave IP-BLOCK 222.69.8.19 (Type: incoming, Port: 51682, Process: svchost.exe) 2013/05/12 20:38:47 +0900 THOR Dave IP-BLOCK 222.69.8.19 (Type: incoming, Port: 51682, Process: svchost.exe) 2013/05/12 20:38:47 +0900 THOR Dave IP-BLOCK 222.69.8.19 (Type: outgoing, Port: 51682, Process: svchost.exe) This is a significant decrease in blocks.
- May 12, 2013
- 30 replies
Need help with constant IP-BLOCK & Process: svchost.exe

robinsons replied to robinsons's topic in Resolved Malware Removal Logs

Java update complete. I am still getting a IP block message but now it is from a different IP address. I had one day where no IPs were blocked (yesterday).
- May 11, 2013
- 30 replies
Need help with constant IP-BLOCK & Process: svchost.exe

robinsons replied to robinsons's topic in Resolved Malware Removal Logs

C:\Users\Dave\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\7b779d13-718c6472 a variant of Java/JShrink.A application cleaned by deleting - quarantined C:\Users\Dave\Downloads\cpu-z_1.59-setup-en.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined C:\Users\Dave\Downloads\DM-238.exe Win32/HotSpotShield application cleaned by deleting - quarantined C:\Users\Dave\Downloads\peazip-4.3.WINDOWS.exe Win32/OpenCandy application cleaned by deleting - quarantined
- May 11, 2013
- 30 replies
Need help with constant IP-BLOCK & Process: svchost.exe

robinsons replied to robinsons's topic in Resolved Malware Removal Logs

There was an error about a registry file or setting that would not allow me to run any .exe files. It turns out another reboot fixed those issues. Is there any thing else to do? From my files is it obvious what my problem was?
- May 10, 2013
- 30 replies
Need help with constant IP-BLOCK & Process: svchost.exe

robinsons replied to robinsons's topic in Resolved Malware Removal Logs

I followed your directions and now I cannot access any Microsoft products, IE or Firefox. A bit of a road bump, will I get those programs back? # AdwCleaner v2.300 - Logfile created 05/10/2013 at 04:36:35 # Updated 28/04/2013 by Xplode # Operating system : Windows 7 Professional Service Pack 1 (64 bits) # User : Dave - THOR # Boot Mode : Normal # Running from : C:\Users\Dave\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\t63g7kua.default\jetpack ***** [Registry] ***** Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.7601.17514 [OK] Registry is clean. -\\ Mozilla Firefox v20.0.1 (en-US) File : C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\t63g7kua.default\prefs.js [OK] File is clean. ************************* AdwCleaner[R1].txt - [1583 octets] - [09/05/2013 07:41:28] AdwCleaner[R2].txt - [1739 octets] - [09/05/2013 20:54:16] AdwCleaner[s1].txt - [312 octets] - [09/05/2013 20:54:31] AdwCleaner[s2].txt - [1747 octets] - [10/05/2013 04:36:35] ########## EOF - C:\AdwCleaner[s2].txt - [1807 octets] ########## ComboFix 13-05-08.02 - Dave 05/10/2013 4:45.1.8 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8138.6133 [GMT 9:00] Running from: c:\users\Dave\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Microsoft c:\program files (x86)\FAHClient\FAHControl.exe c:\users\Dave\AppData\Roaming\Microsoft\Windows\Templates\1028.msi c:\users\Dave\AppData\Roaming\Microsoft\Windows\Templates\1031.msi c:\users\Dave\AppData\Roaming\Microsoft\Windows\Templates\1033.msi c:\users\Dave\AppData\Roaming\Microsoft\Windows\Templates\1036.msi c:\users\Dave\AppData\Roaming\Microsoft\Windows\Templates\1041.msi c:\users\Dave\AppData\Roaming\Microsoft\Windows\Templates\2052.msi c:\windows\security\Database\tmp.edb c:\windows\SysWow64\local.txt c:\windows\SysWow64\Packet.dll c:\windows\SysWow64\pthreadVC.dll c:\windows\SysWow64\wpcap.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_NPF . . ((((((((((((((((((((((((( Files Created from 2013-04-09 to 2013-05-09 ))))))))))))))))))))))))))))))) . . 2013-05-09 19:48 . 2013-05-09 19:48 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-05-09 19:48 . 2013-05-09 19:48 -------- d-----w- c:\users\Rae\AppData\Local\temp 2013-05-09 19:48 . 2013-05-09 19:48 -------- d-----w- c:\users\Mcx1-THOR\AppData\Local\temp 2013-05-09 19:48 . 2013-05-09 19:48 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-05-08 22:32 . 2013-05-08 22:32 -------- d-----w- c:\windows\ERUNT 2013-05-08 22:32 . 2013-05-08 22:32 -------- d-----w- C:\JRT 2013-05-08 13:42 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{50B4059E-3435-4F46-B9B6-5CFB072D2B27}\mpengine.dll 2013-05-02 11:33 . 2013-05-02 11:33 -------- d-----w- c:\program files (x86)\Common Files\Java 2013-04-29 23:02 . 2013-04-29 23:02 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll 2013-04-29 23:02 . 2013-04-29 23:02 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2013-04-29 22:51 . 2013-04-29 22:51 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2013-04-24 02:11 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-22 01:15 . 2013-04-22 01:15 -------- d-----w- c:\users\Dave\AppData\Roaming\Canon_Inc_IC 2013-04-22 01:10 . 2013-04-22 01:10 -------- d-----w- c:\program files (x86)\Common Files\Canon 2013-04-21 10:07 . 2013-04-21 10:07 -------- d-----w- c:\users\Dave\AppData\Local\CANON_INC 2013-04-21 09:29 . 2013-04-22 01:11 -------- d-----w- c:\users\Dave\AppData\Roaming\canon 2013-04-21 09:29 . 2013-04-22 01:15 -------- d-----w- c:\programdata\Canon_Inc_IC 2013-04-13 13:45 . 2013-04-13 13:45 26520 ----a-w- c:\program files (x86)\Mozilla Firefox\plugin-hang-ui.exe 2013-04-10 01:38 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-05-09 19:38 . 2011-11-20 11:08 1048576 ----a-w- c:\windows\PE_Rom.dll 2013-05-01 17:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe 2013-04-13 13:50 . 2011-11-20 11:26 72702784 ----a-w- c:\windows\system32\MRT.exe 2013-04-13 13:30 . 2012-04-07 00:35 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-04-13 13:30 . 2011-11-23 10:10 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-04-04 05:50 . 2012-04-14 09:37 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-04-03 20:35 . 2013-03-10 12:26 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-04-02 14:09 . 2013-04-02 14:09 4550656 ----a-w- c:\windows\SysWow64\GPhotos.scr 2013-03-28 03:12 . 2013-03-28 03:12 1605760 ----a-w- c:\windows\system32\drivers\hcw89.sys 2013-03-28 03:12 . 2013-03-28 03:12 128512 ----a-w- c:\windows\system32\HcwPrx89.ax 2013-03-28 03:12 . 2013-03-28 03:12 110592 ----a-w- c:\windows\system32\hcwCP.ax 2013-03-10 12:26 . 2012-07-22 10:52 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2013-03-10 12:26 . 2012-04-13 23:17 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-03-06 23:33 . 2013-03-09 12:29 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2013-03-06 23:33 . 2013-03-09 12:29 178624 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-03-06 23:33 . 2012-03-10 00:30 70992 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2013-03-06 23:33 . 2011-11-23 10:42 68920 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2013-03-06 23:33 . 2011-11-23 10:42 377920 ----a-w- c:\windows\system32\drivers\aswSP.sys 2013-03-06 23:33 . 2011-11-23 10:42 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-03-06 23:33 . 2011-11-23 10:42 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-03-06 23:33 . 2011-11-23 10:42 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2013-03-06 23:32 . 2011-11-23 10:42 41664 ----a-w- c:\windows\avastSS.scr 2013-03-06 23:32 . 2011-11-23 10:42 287840 ----a-w- c:\windows\system32\aswBoot.exe 2013-02-25 15:32 . 2013-02-25 15:32 25256224 ----a-w- c:\windows\system32\nvcompiler.dll 2013-02-25 15:32 . 2013-02-25 15:32 2505144 ----a-w- c:\windows\SysWow64\nvapi.dll 2013-02-25 15:32 . 2013-02-25 15:32 15129960 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2013-02-25 15:32 . 2013-02-25 15:32 6262608 ----a-w- c:\windows\SysWow64\nvopencl.dll 2013-02-25 15:32 . 2012-05-16 03:24 2826040 ----a-w- c:\windows\system32\nvapi64.dll 2013-02-25 15:32 . 2013-02-25 15:32 18055184 ----a-w- c:\windows\system32\nvd3dumx.dll 2013-02-25 15:32 . 2013-02-25 15:32 1107440 ----a-w- c:\windows\system32\nvumdshimx.dll 2013-02-25 15:32 . 2012-07-02 12:43 1814304 ----a-w- c:\windows\system32\nvdispco64.dll 2013-02-25 15:32 . 2013-02-25 15:32 958120 ----a-w- c:\windows\SysWow64\nvumdshim.dll 2013-02-25 15:32 . 2013-02-25 15:32 2720544 ----a-w- c:\windows\SysWow64\nvcuvid.dll 2013-02-25 15:32 . 2013-02-25 15:32 26929440 ----a-w- c:\windows\system32\nvoglv64.dll 2013-02-25 15:32 . 2013-02-25 15:32 7932256 ----a-w- c:\windows\SysWow64\nvcuda.dll 2013-02-25 15:32 . 2013-02-25 15:32 2346784 ----a-w- c:\windows\system32\nvcuvenc.dll 2013-02-25 15:32 . 2013-02-25 15:32 245872 ----a-w- c:\windows\system32\nvinitx.dll 2013-02-25 15:32 . 2013-02-25 15:32 11036448 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2013-02-25 15:32 . 2012-10-10 12:23 1510176 ----a-w- c:\windows\system32\nvdispgenco64.dll 2013-02-25 15:32 . 2013-02-25 15:32 2904352 ----a-w- c:\windows\system32\nvcuvid.dll 2013-02-25 15:32 . 2013-02-25 15:32 20449056 ----a-w- c:\windows\SysWow64\nvoglv32.dll 2013-02-25 15:32 . 2013-02-25 15:32 15053264 ----a-w- c:\windows\system32\nvwgf2umx.dll 2013-02-25 15:32 . 2013-02-25 15:32 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll 2013-02-25 15:32 . 2013-02-25 15:32 7564040 ----a-w- c:\windows\system32\nvopencl.dll 2013-02-25 15:32 . 2013-02-25 15:32 1985824 ----a-w- c:\windows\SysWow64\nvcuvenc.dll 2013-02-25 15:32 . 2013-02-25 15:32 12641992 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2013-02-25 15:32 . 2013-02-25 15:32 9390760 ----a-w- c:\windows\system32\nvcuda.dll 2013-02-25 15:32 . 2013-02-25 15:32 201576 ----a-w- c:\windows\SysWow64\nvinit.dll 2013-02-18 00:22 . 2013-02-18 00:22 31080 ----a-w- c:\windows\system32\nvhdap64.dll 2013-02-18 00:22 . 2012-05-16 03:24 1472360 ----a-w- c:\windows\system32\nvhdagenco6420103.dll 2013-02-18 00:22 . 2013-02-18 00:22 189288 ----a-w- c:\windows\system32\drivers\nvhda64v.sys 2013-02-12 05:45 . 2013-03-12 23:48 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45 . 2013-03-12 23:48 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45 . 2013-03-12 23:48 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45 . 2013-03-12 23:48 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48 . 2013-03-12 23:48 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-02-12 04:48 . 2013-03-12 23:48 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-02-12 04:12 . 2013-03-12 23:48 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-02-09 01:54 . 2011-12-04 13:01 1593096 ----a-w- c:\windows\SysWow64\ChilkatCrypt2.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Dave\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Dave\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Dave\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] "Akamai NetSession Interface"="c:\users\Dave\AppData\Local\Akamai\netsession_win.exe" [2013-01-25 4480768] "TBPanel"="c:\program files (x86)\EXPERTool\TBPanel.exe" [2012-04-11 2040136] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632] "ASUS ShellProcess Execute"="c:\program files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe" [2010-11-25 252544] "InstantBurn"="c:\progra~2\CYBERL~1\INSTAN~1\Win2K\IBurn.exe" [2009-07-09 681256] "CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720] "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720] "IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-08-23 206240] "ASUS Ai Charger"="c:\program files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe" [2010-05-10 465536] "Agile1pAgent"="c:\program files (x86)\1Password\Agile1pAgent.exe" [2013-04-02 2220784] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-04 291608] "ASUS WiFi GO! FileTransfer Execute"="c:\program files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFile\WiFileTransfer.exe" [2012-03-01 1376896] "ASUS AiChargerPlus Execute"="c:\program files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe" [2011-10-31 465536] "SpybotSnD"="c:\program files (x86)\Spybot - Search & Destroy\SpybotSD.exe" [2009-01-26 5365592] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-24 421888] "iTunesHelper"="f:\itunes\iTunesHelper.exe" [2013-02-20 152392] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-11 253816] . c:\users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Dave\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336] FAHControl.lnk - c:\program files (x86)\FAHClient\FAHControl.exe [N/A] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk.disabled [2011-11-24 1361] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux9"=wdmaud.drv . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-29 13592] R2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys [2009-09-16 145448] R2 WSWNA3100;WSWNA3100;c:\program files (x86)\NETGEAR\WNA3100\WifiSvc.exe [2010-08-26 285152] R3 aswVmm;aswVmm; [x] R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-03-13 36000] R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2011-03-13 51872] R3 bcgame;Nostromo HID Device Minidriver;c:\windows\system32\drivers\bcgame.sys [2007-08-14 35328] R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [2011-04-19 1254464] R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-03-13 298656] R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-03-13 201376] R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-03-13 55456] R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-03-13 154272] R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-03-13 280224] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168] R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-04-26 135584] R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-05 331264] R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2011-05-10 11776] R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-08-02 22528] R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 S3XXx64;SCR3xx USB SmartCardReader64;c:\windows\system32\DRIVERS\S3XXx64.sys [2013-01-06 74112] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784] R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [2011-05-10 137728] S0 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [2010-05-05 14592] S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys [2012-01-06 49760] S0 aswRvrt;aswRvrt; [x] S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-04 16152] S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-19 25312] S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\DRIVERS\CLBStor.sys [2009-07-07 24560] S1 ndisrd;WinpkFilter LightWeight Filter;c:\windows\system32\DRIVERS\ndisrd.sys [2011-08-12 32360] S1 VDiskBus;ASUS Disk Unlocker;c:\windows\system32\DRIVERS\VDiskBus64.sys [2010-09-21 43136] S2 Agile1Password;1Password;c:\program files (x86)\1Password\Agile1pService.exe [2013-04-02 768752] S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [2011-10-29 918448] S2 ASDiskUnlocker;ASDiskUnlocker;c:\program files (x86)\ASUS\Disk Unlocker\ASPFSVS64.exe [2010-12-02 258688] S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [2012-02-02 951936] S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [2012-02-17 149120] S2 AsusFanControlService;AsusFanControlService;c:\program files (x86)\ASUS\AsusFanControlService\1.00.25\AsusFanControlService.exe [2012-02-22 1493120] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-03-06 80816] S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-13 74912] S2 CLBUDF;CyberLink InstantBurn UDF Filesystem; [x] S2 DTSAudioSvc;DTSAudioSvc;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [2012-01-23 233328] S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-08-15 178344] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512] S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-17 383264] S3 ALSysIO;ALSysIO;c:\users\Dave\AppData\Local\Temp\ALSysIO64.sys [x] S3 ASFLTDrv.sys;ASFLTDrv.sys;c:\program files (x86)\ASUS\Disk Unlocker\ASFLTDrv64.sys [2010-09-16 16512] S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-11-03 130536] S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-11-03 395752] S3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys [x] S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-03-13 28832] S3 hcw89;hcw89 service;c:\windows\system32\DRIVERS\hcw89.sys [2013-03-28 1605760] S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2011-05-27 160768] S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [2010-08-17 26136] S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-04 355096] S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-04 786200] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928] S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys [2009-09-15 42088] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - ALSYSIO *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2013-05-09 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 13:30] . 2013-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-12 10:40] . 2013-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-12 10:40] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2013-03-06 23:32 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Dave\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Dave\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Dave\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Dave\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-02-10 6463592] "RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-02-08 1158248] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-09 171040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-09 399392] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-09 441888] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = https://acsc.blackboard.com/webapps/login/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local;<local> IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.0.1 Handler: x-owacid2 - {5B290518-830E-4C57-A66B-E4F748900C27} - c:\program files (x86)\Microsoft\SMIME Client (2010)\mimectl.dll FF - ProfilePath - c:\users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\t63g7kua.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS REMOVED - - - - . Notify-igfxcui - (no file) Notify-LBTWlgn - (no file) Notify-ScCertProp - (no file) AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe AddRemove-{6304587B-3C05-4031-A8E7-7938CB9162E7}_is1 - c:\program files (x86)\meta-iPod AddRemove-HDtracks Download Manager - c:\windows\system32\javaws.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files\AVAST Software\Avast\AvastSvc.exe c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe c:\program files (x86)\ASUS\AI Suite II\AsRoutineController.exe c:\program files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe c:\program files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe c:\program files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe c:\program files (x86)\ASUS\AI Suite II\AI Suite II.exe c:\program files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe c:\program files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AsDLNAServerReal.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe . ************************************************************************** . Completion time: 2013-05-10 04:52:22 - machine was rebooted ComboFix-quarantined-files.txt 2013-05-09 19:52 . Pre-Run: 11,738,300,416 bytes free Post-Run: 11,853,549,568 bytes free . - - End Of File - - AC7CFD7A7869E5FC7CD6D85A1E362294
- May 10, 2013
- 30 replies
Need help with constant IP-BLOCK & Process: svchost.exe

robinsons replied to robinsons's topic in Resolved Malware Removal Logs

I am a paying customer, but I'll just keep this thread going ufn. Thanks for the help so far! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.9.4 (05.06.2013:1) OS: Windows 7 Professional x64 Ran by Dave on Thu 05/09/2013 at 7:32:34.80 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} ~~~ Files ~~~ Folders ~~~ FireFox Successfully deleted: [Folder] C:\Users\Dave\AppData\Roaming\mozilla\firefox\profiles\t63g7kua.default\jetpack Successfully deleted: [Folder] C:\Users\Dave\AppData\Roaming\mozilla\firefox\profiles\t63g7kua.default\extensions\LogMeInClient@logmein.com Emptied folder: C:\Users\Dave\AppData\Roaming\mozilla\firefox\profiles\t63g7kua.default\minidumps [6 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Thu 05/09/2013 at 7:35:18.78 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Database version: v2013.05.08.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Dave :: THOR [limited] Protection: Disabled 5/9/2013 7:38:44 AM mbam-log-2013-05-09 (07-38-44).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 283725 Time elapsed: 1 minute(s), 56 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) # AdwCleaner v2.300 - Logfile created 05/09/2013 at 07:41:28 # Updated 28/04/2013 by Xplode # Operating system : Windows 7 Professional Service Pack 1 (64 bits) # User : Dave - THOR # Boot Mode : Normal # Running from : C:\Users\Dave\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.7601.17514 [OK] Registry is clean. -\\ Mozilla Firefox v20.0.1 (en-US) File : C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\t63g7kua.default\prefs.js [OK] File is clean. ************************* AdwCleaner[R1].txt - [1456 octets] - [09/05/2013 07:41:28] ########## EOF - C:\AdwCleaner[R1].txt - [1516 octets] ########## RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Dave [Admin rights] Mode : Scan -- Date : 05/09/2013 07:45:22 | ARK || FAK || MBR | ¤¤¤ Bad processes : 1 ¤¤¤ [sUSP PATH] PCMeter.exe -- C:\Users\Dave\Desktop\New folder\PCMeter\PCMeter.exe [-] -> KILLED [TermProc] ¤¤¤ Registry Entries : 8 ¤¤¤ [TASK][sUSP PATH] Startup : C:\Users\Dave\Desktop\New folder\PCMeter\PCMeter.exe [-] -> FOUND [HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND [HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD20EZRX-00DC0B0 +++++ --- User --- [MBR] c925e5f77a80c8b7a9a1a454eeb1625a [bSP] 30f8c28b4d61e80e26818c9f39c9440c : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: ST3000DM001-9YN166 +++++ --- User --- [MBR] 0086f36f0b7bc8b257f89fc226376c3d [bSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 2097152 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive2: ST3500630AS +++++ --- User --- [MBR] b04a7e583cf5c66bc7ff6bcfbbddf6bf [bSP] 7033929a4ab9f89658159d4a4bae6ef2 : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476937 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive3: Hitachi HDS721010DLE630 ATA Device +++++ --- User --- [MBR] a6cddb7d2d619842b9fd61c3049b3501 [bSP] f6761f63bc01e21f70812bc6511cd6d2 : Empty MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive4: OCZ-AGILITY3 ATA Device +++++ --- User --- [MBR] a795403f8729e1983aff4b97a17242b1 [bSP] f971c915c1d165a3ebab9774034f616f : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 114371 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_05092013_02d0745.txt >> RKreport[1]_S_05092013_02d0745.txt DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.21.2 Run by Dave at 7:48:28 on 2013-05-09 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8138.5716 [GMT 9:00] . AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\1Password\Agile1pService.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe C:\Program Files (x86)\ASUS\Disk Unlocker\ASPFSVS64.exe C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.25\AsusFanControlService.exe C:\Program Files (x86)\Bluetooth Suite\adminservice.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe C:\Windows\system32\IProsetMonitor.exe C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\WUDFHost.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskhost.exe C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Users\Dave\AppData\Local\Akamai\netsession_win.exe C:\Program Files (x86)\EXPERTool\TBPanel.exe C:\Users\Dave\AppData\Local\Akamai\netsession_win.exe C:\Users\Dave\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\FAHClient\FAHControl.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe C:\Program Files (x86)\1Password\Agile1pAgent.exe C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFile\WiFileTransfer.exe C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe F:\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFi GO! Server.exe C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AsDLNAServerReal.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Windows\SysWOW64\ctfmon.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Windows\explorer.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Windows\SysWOW64\notepad.exe C:\Windows\notepad.exe C:\Windows\system32\NOTEPAD.EXE C:\Users\Dave\Desktop\RogueKillerX64.exe C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\notepad.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\splwow64.exe C:\Windows\system32\PrintIsolationHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxps://acsc.blackboard.com/webapps/login/ mWinlogon: Userinit = userinit.exe, BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - <orphaned> BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: 1Password: {CB1A24DA-7416-4921-A0CF-5AA1160AAE2A} - C:\Program Files (x86)\1Password\Agile1pIE.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [Akamai NetSession Interface] "C:\Users\Dave\AppData\Local\Akamai\netsession_win.exe" uRun: [TBPanel] "C:\Program Files (x86)\EXPERTool\TBPanel.exe" /A mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe mRun: [ASUS ShellProcess Execute] C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe mRun: [instantBurn] C:\PROGRA~2\CYBERL~1\INSTAN~1\Win2K\IBurn.exe mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" mRun: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe mRun: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe mRun: [Agile1pAgent] C:\Program Files (x86)\1Password\Agile1pAgent.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" mRun: [ASUS WiFi GO! FileTransfer Execute] C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFile\WiFileTransfer.exe mRun: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe mRun: [spybotSnD] "C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "F:\iTunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" StartupFolder: C:\Users\Dave\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Dave\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\Users\Dave\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FAHCON~1.LNK - C:\Program Files (x86)\FAHClient\FAHControl.exe StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk.disabled mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: {00FAC6C9-C494-4AD8-B3C0-DE677AFDDBD8} - {5D7B119E-062F-476B-A5E7-797FAF554BA2} - C:\Program Files (x86)\1Password\Agile1pIE.dll IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . . INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . TCP: NameServer = 192.168.0.1 TCP: Interfaces\{84CEE7B0-FFA9-4522-BDCD-EED95C22DDB9} : DHCPNameServer = 111.87.221.145 111.87.221.129 TCP: Interfaces\{AC9273AD-01FF-40B7-9E87-FBF50B0F36B8} : DHCPNameServer = 192.168.0.20 TCP: Interfaces\{AC9273AD-01FF-40B7-9E87-FBF50B0F36B8}\A4050286F6473707F647 : DHCPNameServer = 192.168.3.1 TCP: Interfaces\{AC9273AD-01FF-40B7-9E87-FBF50B0F36B8}\A40502D4F62696C656 : DHCPNameServer = 192.168.3.1 TCP: Interfaces\{AC9273AD-01FF-40B7-9E87-FBF50B0F36B8}\A40502D4F626C656 : DHCPNameServer = 192.168.3.1 TCP: Interfaces\{AE1AE075-3456-4F0A-BE1F-640B58CFDB46} : DHCPNameServer = 192.168.3.1 TCP: Interfaces\{F3B12DFE-FF59-4668-BCE2-7F803D3F0D50} : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{F3B12DFE-FF59-4668-BCE2-7F803D3F0D50}\44D2C496E6B60205279667164756 : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{F3B12DFE-FF59-4668-BCE2-7F803D3F0D50}\A405 : DHCPNameServer = 192.168.0.20 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: x-excid - {9D6CC632-1337-4a33-9214-2DA092E776F4} - C:\Windows\Downloaded Program Files\mimectl.dll Handler: x-owacid2 - {5B290518-830E-4C57-A66B-E4F748900C27} - C:\Program Files (x86)\Microsoft\SMIME Client (2010)\mimectl.dll Notify: igfxcui - <no file> Notify: LBTWlgn - <no file> Notify: ScCertProp - <no file> SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - <orphaned> x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s x64-Run: [RtHDVBg_DTS] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /DTSU2P x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe . INFO: x64-HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: x-excid - {9D6CC632-1337-4a33-9214-2DA092E776F4} - <orphaned> x64-Handler: x-owacid2 - {5B290518-830E-4C57-A66B-E4F748900C27} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll x64-SSODL: WebCheck - <orphaned> Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\t63g7kua.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Gradkell Systems, Inc\DBsign Data Security Suite\Common\Lib\npDbsGscInfo.dll FF - plugin: C:\Program Files (x86)\Gradkell Systems, Inc\DBsign Data Security Suite\Common\Lib\npDBsignWeb.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll FF - plugin: F:\iTunes\Mozilla Plugins\npitunes.dll . ============= SERVICES / DRIVERS =============== . R0 AiCharger;ASUS Charger Driver;C:\Windows\System32\drivers\AiCharger.sys [2011-11-26 14592] R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2012-1-6 49760] R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-9 65336] R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-7-2 16152] R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\System32\drivers\SCMNdisP.sys [2011-11-21 25312] R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-11-23 1025808] R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-11-23 377920] R1 CLBStor;InstantBurn Storage Helper Driver;C:\Windows\System32\drivers\CLBStor.sys [2011-11-20 24560] R1 ndisrd;WinpkFilter LightWeight Filter;C:\Windows\System32\drivers\ndisrd.sys [2012-7-2 32360] R1 VDiskBus;ASUS Disk Unlocker;C:\Windows\System32\drivers\VDiskBus64.sys [2010-9-21 43136] R2 Agile1Password;1Password;C:\Program Files (x86)\1Password\Agile1pService.exe [2011-12-4 768752] R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [2012-5-7 918448] R2 ASDiskUnlocker;ASDiskUnlocker;C:\Program Files (x86)\ASUS\Disk Unlocker\ASPFSVS64.exe [2010-12-2 258688] R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [2012-2-2 951936] R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [2012-7-2 149120] R2 AsusFanControlService;AsusFanControlService;C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.25\AsusFanControlService.exe [2012-7-2 1493120] R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-11-23 33400] R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-11-23 80816] R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-3-13 74912] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-3-9 45248] R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;C:\Windows\System32\drivers\CLBUDF.sys [2011-11-20 372720] R2 DTSAudioSvc;DTSAudioSvc;C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [2012-7-2 233328] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-20 13592] R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-7-2 178344] R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-4-18 1153368] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264] R2 WSWNA3100;WSWNA3100;C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [2011-11-21 285152] R3 ASFLTDrv.sys;ASFLTDrv.sys;C:\Program Files (x86)\ASUS\Disk Unlocker\ASFLTDrv64.sys [2010-9-16 16512] R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-3 130536] R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-3 395752] R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-3-13 28832] R3 hcw89;hcw89 service;C:\Windows\System32\drivers\hcw89.sys [2013-3-28 1605760] R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2012-7-2 160768] R3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);C:\Windows\System32\drivers\ICCWDT.sys [2010-8-18 26136] R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-7-2 355096] R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-7-2 786200] R3 nvoclk64;NVIDIA Enthusiasts Platform KDM;C:\Windows\System32\drivers\nvoclk64.sys [2009-9-15 42088] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-11 418376] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-11 701512] S2 Sentinel64;Sentinel64;C:\Windows\System32\drivers\sentinel64.sys [2012-3-9 145448] S3 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-9 178624] S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-3-13 36000] S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\System32\drivers\AthDfu.sys [2011-3-13 51872] S3 bcgame;Nostromo HID Device Minidriver;C:\Windows\System32\drivers\bcgame.sys [2011-11-23 35328] S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\System32\drivers\bcmwlhigh664.sys [2011-4-19 1254464] S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-3-13 298656] S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-3-13 201376] S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-3-13 55456] S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-3-13 154272] S3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-3-13 280224] S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168] S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-5-14 135584] S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-7-5 331264] S3 massfilter;Mass Storage Filter Driver;C:\Windows\System32\drivers\massfilter.sys [2012-1-8 11776] S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-4-14 25928] S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2011-8-2 22528] S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-24 19456] S3 S3XXx64;SCR3xx USB SmartCardReader64;C:\Windows\System32\drivers\S3XXx64.sys [2013-1-7 74112] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-24 57856] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-10-24 30208] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784] S3 ZTEusbnet;ZTE USB-NDIS miniport;C:\Windows\System32\drivers\ZTEusbnet.sys [2012-1-8 137728] . =============== Created Last 30 ================ . 2013-05-08 22:32:34 -------- d-----w- C:\Windows\ERUNT 2013-05-08 22:32:17 -------- d-----w- C:\JRT 2013-05-08 13:42:12 9317456 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{50B4059E-3435-4F46-B9B6-5CFB072D2B27}\mpengine.dll 2013-05-02 11:40:46 -------- d-----w- C:\Windows\pss 2013-04-29 23:02:30 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll 2013-04-29 23:02:11 2876528 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2013-04-29 22:51:55 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2013-04-24 02:11:25 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2013-04-22 01:15:02 -------- d-----w- C:\Users\Dave\AppData\Roaming\Canon_Inc_IC 2013-04-22 01:10:09 -------- d-----w- C:\Program Files (x86)\Common Files\Canon 2013-04-21 10:07:29 -------- d-----w- C:\Users\Dave\AppData\Local\CANON_INC 2013-04-21 09:29:52 -------- d-----w- C:\Program Files (x86)\Common Files\Canon_Inc_IC 2013-04-21 09:29:26 -------- d-----w- C:\ProgramData\Canon_Inc_IC 2013-04-13 13:45:53 26520 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugin-hang-ui.exe 2013-04-10 01:38:07 3153408 ----a-w- C:\Windows\System32\win32k.sys . ==================== Find3M ==================== . 2013-05-08 22:30:23 1048576 ----a-w- C:\Windows\PE_Rom.dll 2013-05-01 17:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe 2013-04-13 13:30:31 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-04-13 13:30:31 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-04-04 05:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-04-03 20:35:05 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-04-02 14:09:52 4550656 ----a-w- C:\Windows\SysWow64\GPhotos.scr 2013-03-28 03:12:04 1605760 ----a-w- C:\Windows\System32\drivers\hcw89.sys 2013-03-28 03:12:04 128512 ----a-w- C:\Windows\System32\HcwPrx89.ax 2013-03-28 03:12:04 110592 ----a-w- C:\Windows\System32\hcwCP.ax 2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll 2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll 2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe 2013-03-10 12:26:33 861088 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll 2013-03-10 12:26:33 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-03-06 23:33:21 70992 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys 2013-03-06 23:33:21 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys 2013-03-06 23:33:21 178624 ----a-w- C:\Windows\System32\drivers\aswVmm.sys 2013-03-06 23:33:21 1025808 ----a-w- C:\Windows\System32\drivers\aswSnx.sys 2013-03-06 23:33:20 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys 2013-03-06 23:32:51 41664 ----a-w- C:\Windows\avastSS.scr 2013-03-02 05:56:00 1188864 ----a-w- C:\Windows\System32\wininet.dll 2013-03-02 04:58:26 981504 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-03-02 03:57:05 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2013-03-02 03:22:06 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-02-18 00:22:18 31080 ----a-w- C:\Windows\System32\nvhdap64.dll 2013-02-18 00:22:18 1472360 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll 2013-02-18 00:22:16 189288 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys 2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll 2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll 2013-02-12 04:12:05 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys 2013-02-09 01:54:56 1593096 ----a-w- C:\Windows\SysWow64\ChilkatCrypt2.dll . ============= FINISH: 7:48:38.35 ===============
- May 8, 2013
- 30 replies

Sign In

robinsons

Posts

Joined

Last visited

Reputation

Need help with constant IP-BLOCK & Process: svchost.exe

Need help with constant IP-BLOCK & Process: svchost.exe

Need help with constant IP-BLOCK & Process: svchost.exe

Need help with constant IP-BLOCK & Process: svchost.exe

Need help with constant IP-BLOCK & Process: svchost.exe

Need help with constant IP-BLOCK & Process: svchost.exe

Need help with constant IP-BLOCK & Process: svchost.exe

Need help with constant IP-BLOCK & Process: svchost.exe

Need help with constant IP-BLOCK & Process: svchost.exe

Need help with constant IP-BLOCK & Process: svchost.exe

Need help with constant IP-BLOCK & Process: svchost.exe

Need help with constant IP-BLOCK & Process: svchost.exe

Need help with constant IP-BLOCK & Process: svchost.exe

Need help with constant IP-BLOCK & Process: svchost.exe

Need help with constant IP-BLOCK & Process: svchost.exe

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information